Privacy Policy
Last Updated: March 26, 2026
Bishop AI, LLC ("Bishop," "we," "us," or "our") is committed to protecting the privacy and security of the data entrusted to us by financial advisory firms. This Privacy Policy describes how we collect, use, store, and protect information when you use the Bishop AI platform (the "Service"). As a platform built specifically for financial advisors, we understand that you handle sensitive client information subject to strict regulatory requirements, and we have designed our data practices accordingly.
1. Data We Collect
1.1 Account Information
When you register for the Service, we collect:
- Name, email address, and phone number of the account holder and authorized users.
- Firm name, address, and business contact information.
- CRM platform and integration credentials (encrypted and stored separately from other data).
- Billing information (processed and stored exclusively by Stripe; we do not store credit card numbers).
1.2 Meeting Audio and Transcriptions
- Audio recordings are captured locally on your device or transmitted via encrypted connection to our transcription pipeline.
- Audio is processed by our transcription service provider (Deepgram) in real-time or near-real-time.
- Audio files are permanently deleted within 24 hours of successful transcription. We do not retain raw audio recordings beyond this processing window.
- Transcription text is retained as part of your meeting records and is subject to the data retention periods described in Section 7.
1.3 Meeting Notes and Client Data
Through your use of the Service, we process and store:
- AI-generated meeting notes, summaries, action items, and follow-up drafts.
- Client names, financial information, personal details, and other data extracted from meeting transcripts.
- Client prep sheets and historical meeting data.
- Data synchronized from your CRM, calendar, and email systems as authorized by your integrations.
1.4 Usage Analytics
We collect anonymized and aggregated usage data to improve the Service, including:
- Feature usage frequency and patterns (which features you use and how often).
- Meeting count and duration statistics (aggregated, not individual content).
- Error logs and performance metrics.
- Device type, browser type, and operating system (for compatibility and support).
Usage analytics are stripped of client-identifying information and are never linked to specific client records or meeting content.
2. How We Use Your Data
We use your data exclusively for the following purposes:
- Service Delivery: To provide meeting transcription, AI-generated notes, client prep sheets, follow-up automation, and all other features of the Service.
- Service Improvement: To improve the accuracy of AI models, transcription quality, and feature functionality using anonymized and aggregated data only.
- Technical Support: To diagnose and resolve technical issues when you contact our support team.
- Account Administration: To manage your subscription, process payments, and communicate service-related information.
- Security: To detect, prevent, and respond to security threats, fraud, and unauthorized access.
We do not sell, rent, lease, or trade your data to any third party. Period.
3. Per-Firm Data Isolation
Bishop enforces strict multi-tenant data isolation:
- All data is logically and architecturally isolated at the firm level. Each firm's data is stored in a separate, access-controlled partition.
- No firm can access, view, query, or inadvertently receive another firm's data.
- AI models do not train on or have persistent access to any individual firm's data. Each AI request is processed in an isolated context.
- Administrative access to firm data is restricted to authorized Bishop personnel operating under strict access controls, logging, and audit requirements.
- All cross-firm data access by Bishop staff requires documented justification and is logged for audit purposes.
4. Third-Party Processors
We use a limited number of industry-leading, SOC 2 certified service providers for AI processing, speech-to-text transcription, payment processing, and database infrastructure. Each provider has been selected for their security practices, compliance certifications, and data handling policies.
Key commitments from our processing partners:
- AI processing operates on a zero data retention API tier. Your data is not stored after processing and is never used for model training.
- Audio transcription is processed in real-time and not retained after transcription is complete. Our transcription provider is HIPAA-eligible and SOC 2 Type II certified.
- Payment processing is PCI DSS Level 1 compliant. Bishop never stores credit card numbers.
- All data at rest is encrypted (AES-256) and all data in transit uses TLS 1.3.
We do not share your data with any third party beyond our core processing partners, and we do not permit any processor to use your data for purposes other than providing their specific service to Bishop. A full list of sub-processors is available upon request by contacting privacy@bishopforadvisors.com.
5. We Do Not Sell Your Data
To be unambiguous:
- We do not sell personal information or client data.
- We do not share data with advertisers, data brokers, or marketing companies.
- We do not monetize your data in any way other than providing you the Service you pay for.
- We do not use your firm's data to train AI models that serve other customers.
- We do not create data profiles for sale or distribution.
6. GLBA, Regulation S-P, and Financial Data Compliance
Bishop is designed with awareness of the data protection obligations applicable to financial advisors:
- Gramm-Leach-Bliley Act (GLBA): We maintain administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of nonpublic personal information ("NPI") consistent with the requirements of GLBA and FTC Safeguards Rule.
- SEC Regulation S-P: Our data handling practices are designed to support your compliance with Regulation S-P requirements regarding the protection of customer records and information.
- State Privacy Laws: We monitor and adapt to evolving state privacy legislation, including the Texas Data Privacy and Security Act and similar laws in other states.
- You remain responsible for your own information security program and regulatory compliance obligations. Bishop is a tool that supports but does not replace your firm's privacy and data protection responsibilities.
7. Data Retention Periods
| Data Type | Retention Period |
|---|---|
| Raw audio recordings | Deleted within 24 hours of successful transcription |
| Meeting transcripts and notes | Retained for the duration of your subscription, plus 30 days after account termination for data export |
| Client data and records | Retained for the duration of your subscription, plus 30 days after account termination for data export |
| Account information | Retained for the duration of your subscription, plus 90 days after account termination |
| Billing records | 7 years (as required for tax and accounting purposes) |
| Usage analytics (anonymized) | Retained indefinitely in aggregated, de-identified form |
| System logs and error logs | 90 days |
After the applicable retention period, data is permanently and irreversibly deleted from all systems, including backups, within 30 days.
8. Data Security
We implement comprehensive security measures to protect your data:
- Encryption at Rest: All stored data is encrypted using AES-256 encryption.
- Encryption in Transit: All data transmitted between your devices and our servers uses TLS 1.3 encryption.
- Access Controls: Role-based access control (RBAC) with least-privilege principles for all internal access.
- Authentication: Multi-factor authentication available for all accounts and required for administrative access.
- Monitoring: Continuous security monitoring, intrusion detection, and automated alerting.
- Penetration Testing: Regular third-party security assessments and penetration testing.
- Employee Training: All Bishop personnel with data access complete security awareness training and are bound by confidentiality agreements.
9. Right to Deletion
You have the right to request deletion of your data at any time:
- Specific Records: You may delete individual meeting records, client data, or other content through the Service interface at any time.
- Full Account Deletion: You may request complete deletion of all your data by contacting us at privacy@bishopforadvisors.com.
- Upon receiving a deletion request, we will permanently delete all specified data from primary systems within thirty (30) days and from backup systems within sixty (60) days.
- We will provide written confirmation when deletion is complete.
- Certain data may be retained as required by law (e.g., billing records for tax purposes) and will be disclosed in our response to your deletion request.
10. Data Export
You may export your data at any time through the Service in standard formats (JSON, CSV, PDF). Upon account termination, you have thirty (30) days to export all data before it is scheduled for deletion.
11. Breach Notification
In the event of a data breach affecting your firm's data:
- We will notify you within 72 hours of becoming aware of the breach.
- Notification will be sent via email to the primary account contact and, if the situation warrants, by phone.
- Notification will include: the nature and scope of the breach, the types of data involved, steps we are taking to contain and remediate the breach, and recommended actions for your firm.
- We will cooperate fully with your firm's incident response procedures and regulatory notification obligations.
- We will provide ongoing updates as our investigation progresses.
- We maintain cyber liability insurance to support breach response and remediation.
12. Cookies and Tracking
The Bishop platform uses:
- Essential cookies required for authentication and session management.
- Analytics cookies (anonymized) to understand feature usage and improve the Service.
We do not use advertising cookies, third-party tracking pixels, or cross-site tracking. We do not sell cookie data or share it with advertisers.
13. Children's Privacy
The Service is designed for use by financial advisory professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least thirty (30) days before they take effect. The "Last Updated" date at the top of this page indicates the most recent revision. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
15. Contact Information
For questions, concerns, or requests related to this Privacy Policy or your data, please contact us:
Bishop AI, LLC
Privacy Officer
Email: privacy@bishopforadvisors.com
Website: bishopforadvisors.com
We will respond to all privacy-related inquiries within ten (10) business days.