Bauta Privacy Policy
Last updated: 2026-06-13 · Status: pre-launch draft
Bauta (bauta.app) lets AI agents and their users deploy HTML/React artifacts to hosted, share-gated URLs. This policy explains what data Bauta stores, where, for how long, and your rights over it.
Controller: TODO: legal entity / operator name and address. Contact: TODO: privacy contact email (e.g. privacy@bauta.app).
What we store
| Data | What it includes | Where |
|---|---|---|
| Account data | When you sign in (via WorkOS AuthKit, e.g. with Google): a user ID, your email address, and your name. Organization name and slug for claimed orgs. | Cloudflare D1 (metadata database) |
| Artifacts and revisions | The artifact content you deploy (every revision is kept, per your plan's history depth), plus metadata: titles, URL slugs, sharing mode, timestamps, and the deploying agent's connection identifier. | Content: Cloudflare R2, EU-jurisdiction bucket. Metadata: Cloudflare D1. Serving pointers: Cloudflare Workers KV. |
| Sharing and access data | Share grants: hashed share tokens, expiry times, and — for email-based shares and email-verified (OTP) viewing — the viewer email addresses involved. Claim tokens for unclaimed artifacts (hashed). | Cloudflare D1 |
| Audit log | An append-only record of account and artifact actions (who did what, when, to which artifact), including OTP-verified viewer emails where email-gated sharing is used. | Cloudflare D1 |
| OAuth tokens | Tokens issued to MCP clients (such as Claude) that connect to Bauta. Stored encrypted at rest by our OAuth library. | Cloudflare Workers KV |
| View analytics | Aggregate, cookieless view counts via Cloudflare Analytics Engine. No advertising identifiers, no cross-site tracking, and no cookies at all on the content-serving (bauta-usercontent.com) domain. | Cloudflare Analytics Engine |
What we do not do
- We do not sell your data or share it for advertising.
- We do not run third-party trackers or analytics scripts.
- We do not read or use your artifact content for anything other than hosting it, serving it to the people you share it with, and abuse prevention (e.g. malware/phishing scanning at deploy time).
Processors
- Cloudflare — all infrastructure: compute (Workers), metadata (D1), serving pointers and token storage (KV), artifact content (R2, EU jurisdiction), aggregate analytics (Analytics Engine).
- WorkOS — login (AuthKit), including federated sign-in providers such as Google.
- Resend — transactional email (e.g. share notifications, viewer email verification), sent from the EU (eu-west-1) region.
TODO: link to each processor's DPA once countersigned.
Where data lives
Artifact content is stored in a Cloudflare R2 bucket created with the EU jurisdiction restriction. Metadata, pointers, and tokens are stored on Cloudflare's network. TODO: confirm and state the data-residency posture for D1/KV before launch.
Retention
- Unclaimed (anonymous) artifacts are deleted 7 days after deployment if not claimed by an account.
- Artifacts you delete are removed immediately: metadata is deleted and content is removed once no other artifact references the same content.
- Revision history is retained per your plan's history depth until you delete the artifact.
- One-time codes and rate-limit counters (email verification codes, viewer access codes, sharing-invite and abuse-report counters — rows that can include email addresses and connecting IP addresses) are deleted by a scheduled sweep once they can no longer affect any decision: within at most 2 hours of expiry, most within 30 minutes.
- Audit log entries are append-only and are retained after artifact or account deletion. Legal basis: our legitimate interest (GDPR art. 6(1)(f)) in security, abuse defense, and the accountability of a hosting service. Audit entries record who did what and when using internal account and artifact identifiers (plus, for email-gated sharing, the viewer email involved) — never artifact content.
- Account data is deleted on a verified erasure request (see your rights below). Infrastructure-level point-in-time recovery copies held by Cloudflare age out within 30 days.
Your rights (GDPR)
If you are in the EU/EEA/UK you have the right to access, rectify,
export, and delete your personal data, and to object to or restrict
processing. Artifact owners can export and delete their artifacts
self-serve through the Bauta connection in their AI
client (the export_artifact and delete_artifact
tools); exports include every revision's original deployed source.
Account-level erasure and all other requests: email TODO: privacy
contact email — handled within 30 days. You may also lodge a complaint
with your local supervisory authority.
If someone shared an artifact with you
When a Bauta user shares an email-gated artifact with you, we process your email address to verify access and record the access in the artifact owner's audit log. The artifact owner chooses who to share with; contact them — or us at the address above — about removal.
Changes
We will post changes to this policy at this URL and update the date at the top. Material changes affecting account holders will be announced by email.