Data we collect, and why.

When you run a scan, we collect the business name, website, category, location signals you provide, crawl results, generated prompts, provider responses, citations, scores, reports, and delivery events.

We use this to create the report, produce Fix Pack recommendations, support retests, diagnose provider failures, and show audit evidence.

For signed-in users, we store account identity, workspace membership, notification preferences, billing state, API keys, audit events, and support-relevant settings.

Credentials and integration secrets are stored using the app's credential-encryption path and are not rendered back into the UI.

For Act profiles, we store customer-approved business facts, services or products, booking or checkout links, action-rail state, agent read events, booking or purchase intents, and evidence needed to attribute completed actions.

Write rails remain scoped per profile. Caboo does not claim an agent completed a booking or purchase unless a real backend rail and attribution evidence exist.

Public demo data, browser-observed answer captures, and operational logs follow bounded retention windows. Customer retention cleanup is controlled by production configuration and reviewed before broad customer rollout.

You can request deletion or export by contacting [email protected].

Caboo uses infrastructure and API providers to run the service, including hosting, database, email, billing, object storage, and AI provider APIs. Provider outputs may differ from consumer app experiences.

Billing is handled by Stripe. Transactional email is handled by Resend.

Questions, deletion requests, and privacy concerns go to [email protected].

Last updated May 29, 2026.