Buzz Privacy Policy
Effective Date: April 16, 2026 · Last Updated: April 16, 2026
Buzz ("we," "us," or "our") is a smart building access application that automatically detects deliveries and grants building entry to delivery drivers and trusted visitors. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the Buzz mobile application and associated services.
By using Buzz, you agree to the practices described in this policy. If you do not agree, please do not use the app.
1. Information We Collect
1.1 Account Information
When you create a Buzz account, we collect your name, email address, and authentication credentials (managed through Firebase Authentication). We also store your building address and access system configuration.
1.2 Email Data (Gmail and Outlook)
If you connect your email account, Buzz reads incoming emails to detect delivery notifications from supported platforms (DoorDash, Uber Eats, Instacart, Grubhub, GoPuff, Walmart Spark, Amazon, UPS, FedEx, USPS). Specifically:
- What we read: Subject lines and body text of emails from delivery platform sender addresses only. We do not read emails from other senders.
- What we store: Extracted delivery metadata only (platform name, estimated arrival time, order status). We do not store the full email body, attachments, or any email content beyond what is needed to detect a delivery.
- What we delete: Raw email content is processed in real time and discarded immediately after extraction. Only structured delivery event records are persisted.
- OAuth tokens: Your Gmail or Outlook OAuth refresh tokens are stored encrypted in Firestore and are used solely to maintain the email monitoring connection. You can revoke access at any time from your email provider's security settings or from within the Buzz app.
1.3 Doorbell Camera Snapshots (Computer Vision)
When your doorbell rings, Buzz captures a snapshot from your doorbell camera and analyzes it using computer vision to determine whether the visitor is a delivery driver or a recognized trusted visitor. Specifically:
- What we capture: A single JPEG snapshot per doorbell ring, taken from your DoorBird (or compatible) doorbell camera over your local network.
- What we analyze: The snapshot is sent to OpenAI's vision API (gpt-4o-mini) for analysis. The model evaluates the image for delivery-related signals (uniform, vehicle, package) and, if you have trusted visitors with reference photos, compares the person's appearance against your stored reference images.
- What we store: Snapshots are stored in Firebase Cloud Storage under your user account. Each snapshot is associated with a ring decision record that includes the CV analysis results (confidence scores, detected signals, reasoning), the policy decision (auto-unlock, verify, or ignore), and your subsequent feedback.
- Retention: Snapshots and ring decision records are retained indefinitely for your delivery history and to improve the accuracy of your personal detection model. You can request deletion at any time (see Section 7).
1.4 Trusted Visitor Reference Photos (Facial Comparison)
If you use the Trusted Visitors feature, you may upload reference photos of people you want Buzz to recognize at your door (e.g., nanny, housekeeper, dog walker). Specifically:
- What we store: Reference photos are stored in Firebase Cloud Storage under your user account at a path specific to each visitor profile. Maximum 5 photos per visitor.
- How they are used: When your doorbell rings, reference photos for your enabled trusted visitors are sent alongside the doorbell snapshot to OpenAI's vision API for facial comparison. The model compares the person at the door against your reference photos and reports a match confidence score.
- No biometric templates: Buzz does not compute, store, or retain any biometric templates, face embeddings, facial geometry maps, or other biometric identifiers. All facial comparison is performed at inference time by the vision model using raw images. No derived biometric data is ever created or stored.
- Your control: You can delete any reference photo or entire visitor profile at any time from the Guests tab. Deletion immediately removes the images from our storage servers. Deleted photos are never sent to the vision API again.
1.5 Device and Usage Data
We collect standard device information including device type, operating system version, app version, push notification tokens (Expo Push), and local network status (whether your phone is on the same Wi-Fi network as your doorbell). We collect usage events such as delivery detections, ring decisions, and unlock actions to maintain your delivery history and improve the service.
1.6 Access System Credentials
If you connect a smart lock or access control system (DoorBird, ButterflyMX, or Seam-compatible locks), we store the credentials necessary to operate the lock. DoorBird credentials (IP address, username, password) are stored in Firestore under your user document. For Seam-integrated locks, we use Seam's Connect Webview and do not store your lock vendor credentials directly.
2. How We Use Your Information
| Purpose | Data Used |
|---|
| Detect incoming deliveries | Email content (delivery platforms only) |
| Identify delivery drivers at the door | Doorbell snapshots, CV analysis |
| Recognize trusted visitors | Reference photos, doorbell snapshots |
| Auto-unlock your door | CV decision, access system credentials |
| Send you notifications | Push tokens, delivery/ring events |
| Show delivery history | Ring decisions, snapshots, timestamps |
| Improve detection accuracy | Ring decisions, user feedback, training data |
| Account management | Name, email, building info |
3. Third-Party Services
Buzz uses the following third-party services to provide its functionality:
- Firebase (Google Cloud): Authentication, Firestore database, Cloud Storage, Cloud Functions, and push notifications. Data is stored in Google Cloud's US data centers. Firebase Privacy
- OpenAI: Vision API (gpt-4o-mini) for doorbell snapshot analysis and facial comparison. Doorbell snapshots and reference photos are sent to OpenAI's API for inference only. Per OpenAI's API data usage policy, data sent through the API is not used to train OpenAI's models. OpenAI API Data Usage
- Microsoft Graph (Outlook): If you connect an Outlook account, we use Microsoft Graph API to monitor delivery notification emails. Microsoft Privacy
- Google Gmail API: If you connect a Gmail account, we use the Gmail API to monitor delivery notification emails.
- Expo: Push notification delivery service. Expo Privacy
- Seam: Smart lock integration for compatible devices. Seam Privacy
We do not sell your personal data to any third party. We do not use your data for advertising purposes.
4. Data Storage and Security
- All data is stored in Firebase (Google Cloud) with encryption at rest and in transit.
- Email OAuth tokens are stored in Firestore subcollections with security rules that restrict access to the owning user only.
- Doorbell snapshots are stored in Firebase Cloud Storage with per-user path-based security rules.
- DoorBird credentials are stored in Firestore under the user's document with owner-only access rules.
- All API communication uses HTTPS/TLS encryption.
- The iOS Notification Service Extension communicates with your DoorBird over your local network only.
5. Biometric Data and State Law Compliance
The Trusted Visitors feature performs facial comparison using a third-party AI vision model. While Buzz does not create or store biometric templates, face embeddings, or facial geometry data, we recognize that some state laws (including the Illinois Biometric Information Privacy Act) may apply to facial comparison technology.
Accordingly:
- Before you can add reference photos for a trusted visitor, Buzz presents a clear consent dialog explaining how facial comparison works, what data is stored, how it is used, and how to delete it.
- Reference photos are used solely for the purpose of identifying trusted visitors at your door when the doorbell rings.
- Reference photos are never shared with other users, never used for any purpose other than doorbell verification, and never used to train AI models.
- You may withdraw your consent and delete all reference photos at any time by removing the trusted visitor profile from the Guests tab.
- Upon deletion, reference photos are immediately removed from Firebase Cloud Storage and are no longer sent to the vision API.
6. Data Retention
| Data Type | Retention Period |
|---|
| Account information | Until account deletion |
| Email OAuth tokens | Until disconnected or account deletion |
| Delivery event records | Indefinite (user's delivery history) |
| Ring decision records | Indefinite (user's ring history) |
| Doorbell snapshots | Indefinite (deletable on request) |
| Trusted visitor reference photos | Until visitor profile deleted |
| Trusted visitor profiles | Until deleted by user |
| Push notification tokens | Until device unregistered |
| Access system credentials | Until disconnected or account deletion |
7. Your Rights and Choices
All Users
- Access: You can view all data Buzz holds about you through the app (Activity tab for ring history, Guests tab for visitor profiles, Settings for account info).
- Deletion: You can delete individual ring records, trusted visitor profiles (including all reference photos), and delivery records through the app. To delete your entire account and all associated data, contact us at the email below.
- Disconnect email: You can disconnect your Gmail or Outlook account at any time from Settings, which revokes our access and deletes stored tokens.
- Disable trusted visitors: You can disable individual trusted visitors (stops face matching) or delete them entirely (removes all reference photos).
California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information (we do not sell personal information). To exercise these rights, contact us at the email below.
European Residents (GDPR)
If you are in the European Economic Area, you have additional rights including the right to access, rectification, erasure, data portability, and the right to object to processing. Our legal basis for processing is your consent (for email monitoring and facial comparison) and legitimate interest (for core service delivery). To exercise these rights, contact us at the email below.
8. Children's Privacy
Buzz is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a minor, we will promptly delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app and updating the "Last Updated" date above. Your continued use of Buzz after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a concern, please contact us:
Email: privacy@buzzedin.app
Website: buzzedin.app