Project BOBO – Quark — Privacy Policy
**Effective Date:** March 12, 2026
**Last Updated:** March 12, 2026
## 1. Introduction
Project BOBO (“we,” “us,” “our”) is a local-first, multi-agent business operations platform. This Privacy Policy describes how we collect, use, store, and protect personal information when you interact with our services, including our SMS-based messaging features powered by Twilio.
By sending an SMS message to our designated phone number or being added as a contact by an authorized operator, you acknowledge and agree to the practices described in this policy.
## 2. Information We Collect
### 2.1 Phone Numbers
We collect and store mobile phone numbers in E.164 international format (e.g., +1XXXXXXXXXX) for the purpose of operating our SMS-based services. Phone numbers are provided to us by authorized operators who add contacts to our system.
### 2.2 SMS Message Content
When you send an SMS message to our service, we receive and process the full text content of your message. Messages may be classified as ideas, conversational exchanges, or system commands depending on your role and intent.
### 2.3 Contact Metadata
We store the following information associated with your contact record:
– **Display name** — A human-readable name assigned by the operator.
– **Role** — Your assigned role (e.g., contributor, operator).
– **Interaction timestamps** — The date and time of your most recent inbound and outbound messages.
– **Interaction count** — A running count of messages exchanged.
– **Status** — Your current contact status (active, muted, or revoked).
### 2.4 Message Identifiers
We receive Twilio-assigned message identifiers (Message SIDs) for each inbound and outbound SMS for delivery tracking and troubleshooting purposes.
### 2.5 Creator Attribution
If your message is classified as an idea, we store attribution information linking the idea to your contact record, including your display name and the source channel (SMS).
## 3. How We Use Your Information
We use the information we collect to:
– **Deliver SMS services** — Send and receive messages between you and the platform.
– **Capture and attribute ideas** — Record ideas submitted via SMS and attribute them to the appropriate contributor.
– **Manage contacts** — Maintain an allowlist of authorized SMS participants.
– **Ensure security** — Validate inbound messages, enforce rate limits, and prevent unauthorized access.
– **Improve operations** — Track interaction patterns to maintain service quality.
We do **not** use your information for:
– Advertising or marketing to third parties.
– Selling or renting personal data.
– Behavioral profiling or targeted advertising.
– Telemetry, analytics, or data export to external services beyond what is described in this policy.
## 4. Messaging Consent and Opt-Out
### 4.1 Consent
You are added to our SMS service by an authorized operator. Before receiving messages, you will receive an invitation message explaining the service. Your continued interaction with the service constitutes consent to receive SMS messages from us.
### 4.2 Opt-Out
You may opt out of receiving SMS messages at any time by:
– Replying **STOP** to any message from our service.
– Contacting the operator who added you and requesting removal.
Upon opt-out, your contact status will be updated and no further messages will be sent to your number. Your existing contact record may be retained in a revoked state for compliance and abuse-prevention purposes.
### 4.3 Message Frequency
Message frequency varies based on your interactions with the system. We do not send unsolicited bulk messages. Standard message and data rates from your wireless carrier may apply.
## 5. Information Sharing and Third Parties
### 5.1 Twilio
We use [Twilio](https://www.twilio.com) as our SMS communications provider. When you send or receive messages through our service, Twilio processes:
– Your phone number (sender and recipient).
– The content of each SMS message.
– Message delivery metadata (timestamps, delivery status).
Twilio’s handling of your data is governed by [Twilio’s Privacy Policy](https://www.twilio.com/legal/privacy).
### 5.2 No Other Third-Party Sharing
We do **not** share, sell, rent, or disclose your personal information to any other third parties. Our system is designed with a local-first architecture that keeps data within our own infrastructure.
## 6. Data Storage and Security
### 6.1 Storage
Your personal information is stored in a MongoDB database hosted on our own infrastructure. We maintain a local-first architecture, meaning your data is not replicated to external cloud services beyond what is operationally necessary (i.e., Twilio for message delivery).
### 6.2 Security Measures
We implement the following security measures to protect your information:
– **Twilio request signature validation** — All inbound webhooks are cryptographically verified using HMAC-SHA1 to prevent spoofing.
– **Allowlist enforcement** — Only pre-approved phone numbers can interact with the system.
– **Rate limiting** — Inbound messages are rate-limited per phone number to prevent abuse.
– **HTTPS encryption** — All communications between our service and Twilio are encrypted in transit.
– **Access controls** — Administrative access to contact data and system configuration is restricted to authorized operators.
### 6.3 Data Retention
We retain your contact information and message data for as long as your contact record is active or as needed for legitimate operational purposes. Revoked contacts are retained in a deactivated state to prevent re-abuse and maintain system integrity.
If you wish to have your data permanently deleted, please contact us using the information in Section 9.
## 7. Children’s Privacy
Our SMS service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.
## 8. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this document. Continued use of our SMS service after changes constitutes acceptance of the updated policy.
## 9. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or need to request data deletion, please contact us:
– **Email:** mcduffs@duffion.com
– **SMS:** Reply to any message from our service with your request.
## 10. California Residents (CCPA)
If you are a California resident, you have the right to:
– **Know** what personal information we collect and how it is used.
– **Delete** your personal information, subject to certain exceptions.
– **Opt out** of the sale of personal information (we do not sell personal information).
– **Non-discrimination** for exercising your privacy rights.
To exercise these rights, contact us using the information in Section 9.
## 11. SMS-Specific Disclosures
– **Program Name:** Project BOBO SMS Service
– **Message and Data Rates:** Standard message and data rates may apply. Contact your wireless carrier for details.
– **Supported Carriers:** Our service works with all major U.S. wireless carriers that support standard SMS messaging.
– **Help:** Reply **HELP** to any message from our service for assistance.
– **Stop:** Reply **STOP** to any message from our service to opt out.
![[D]uffion Logo](https://i0.wp.com/duffion.com/wp-content/uploads/2021/11/image.png?fit=300%2C238&ssl=1)