Legal · Updated May 13, 2026

Privacy Policy

Dip is a small, US-based company building an AI agent that helps you lower recurring bills. This policy describes what we collect, what we never collect, where it lives, and what you can do about it. Plain language; no boilerplate.

What we collect

  • Email. Either via Sign in with Apple or an email magic link on Android / web. We use it to authenticate you and to send transactional messages (call summaries, approvals, receipts).
  • Bill metadata you enter or upload. Provider name, your current rate, the service address (when needed — trash, internet, electric). Nothing more than what we need to negotiate.
  • Voice recordings of calls Dip places on your behalf. Our calling partner Vapi retains recordings for 90 days and then deletes them. We keep the resulting transcript on our side so you have a record of what was agreed to.
  • Plaid transaction data. Only if you opt in to bank linking. We use it to spot bills and rate changes. We never write to your bank, and we never sell or share the data.
  • Subscription state via Stripe. Plan, period dates, customer id. We do not store your card number; Stripe does.

What we don't collect

  • Your phone number — Dip doesn't call you back.
  • Your full legal name, unless you explicitly share it on a call (some providers ask).
  • Cross-app or cross-site tracking. We don't use ad SDKs.
  • Advertising identifiers (IDFA / AAID).
  • Contacts, photos, calendars, location.

Where it lives

  • Supabase (Postgres). Encrypted at rest. Hosted in the US.
  • Vapi. Call recordings + live audio. 90-day retention, then deletion.
  • Stripe. Subscription state. No card details stored by us.
  • Anthropic (Claude). LLM inference for the agent. Per Anthropic's API policy, your data is not used to train their models.

AI disclosure

When asked on a call, Dip identifies as an AI calling on your behalf. We do not secretly impersonate humans. We comply with two-party consent jurisdictions (California, Florida, Illinois, Massachusetts, Maryland, Nevada, New Hampshire, Pennsylvania, Washington) by announcing recording at the start of every call and by identifying as an AI on request.

Your rights

  • Delete your account. Email us. All data is purged within 30 days, including call recordings and transcripts on our side.
  • Export your data. Email us. We'll send a machine-readable archive within 30 days.
  • California residents: You have CCPA rights to know, delete, and opt out of sale (we don't sell).
  • GDPR / EU: Dip is currently US-only. If we expand, we'll update this section before accepting EU signups.

Contact

Privacy questions, deletion requests, exports — all go to privacy@dip.bot. A real person reads that inbox.

Changes to this policy

If we make a meaningful change (new data type, new vendor, new retention window), we'll notify you by email and update the “Updated” date at the top of this page. Cosmetic edits don't bump the date.