Privacy Policy

Last updated: 2026-04-22 — Confidential Beta

1. Who we are

Bluestem Systems LLC (“Bluestem,” “we,” “our,” “us”), a limited liability company organized under the laws of Oklahoma, operates the Bluestem Systems web platform and related services (the “Service”). You can reach us at [email protected].

2. What we collect

2.1 Account data

Email address (collected via our authentication provider, WorkOS)
Display name (optional, provided during signup)
Business name and mailing address (collected during your first Stripe Checkout so we can list them on your receipts)
Session identifiers (random tokens, not linked to any external account)
Account status (invite-only, pilot-active, paying, etc.)

2.2 Customer content

When you upload a well-log image, we store:

The original image file (stored on our server for as long as your account is active)
Our processing outputs: OCR results, candidate API matches, depth- registered TIFFs, LAS/XML/NLGX/BCK exports, and extracted header metadata
Annotations you verify (marking a track or match as correct) so that your subsequent uploads benefit from what the system has learned

2.3 Billing ledger

Every chargeable action (header extraction, API match reveal or confirm, depth-registration download) writes a row to our billing ledger recording: artifact type, credits charged, US-dollar-equivalent, and timestamp. We do not store payment-card data ourselves; Stripe handles all payment processing.

2.4 Technical logs

We record standard server-side logs: IP addresses (rotated out within 30 days), request timestamps, route paths, HTTP status codes, and error stack traces. These are used to diagnose issues and defend the Service, not merchandised or sold.

3. How we use this data

To provide the Service. We process your uploads, compute matches, and generate exports in response to your explicit requests.
To charge credits. The ledger drives your credit balance so we can honor what you purchased.
To improve internal models (opt-out available). Verified annotations become part of our training corpus for OCR, matching, ranking, and depth-registration models. See the training opt-out section below.
To communicate with you. Transactional emails (Stripe receipts, account-related notices from WorkOS) are sent by our subprocessors on our behalf. We do not send marketing email.
To comply with law. We may use data to respond to valid legal process, enforce our Terms, or investigate fraud.

4. Training opt-out

By default, your verified annotations contribute to improving Bluestem’s internal models. You may opt out at any time by flipping the toggle at /settings in your account, or by emailing [email protected].

What opt-out does. Going forward from the moment you opt out, new verified annotations from your account are not saved to our training corpus. Our code enforces this at two points: merge_verified_track (which skips save entirely) and build_dataset_from_corrections (which filters out opted-out users when building the ranker training dataset).

What opt-out does not do. Models already trained on annotations from before you opted out are not rolled back. Your production uploads and exports continue to work unchanged. Aggregated, de-identified statistics (aggregate match accuracy, event counts, performance benchmarks) may still be computed and reported regardless of opt-out status, provided they cannot reasonably be used to identify you or your content.

5. Who sees your data

Your Content is not shared with other customers. Within Bluestem, only authorized personnel (currently just the founder) can access production data, and only for the purposes of providing support or investigating issues.

We rely on the following subprocessors to operate the Service:

Subprocessor	Purpose	Data shared
Anthropic	AI model inference (OCR, field extraction)	Your uploaded images + derived text
WorkOS	Authentication (hosted login)	Email, display name
Stripe	Payment processing	Email, business name, card details (handled by Stripe, not us)
Cloudflare	DNS, edge proxy, Turnstile CAPTCHA	IP address, request metadata
Sentry	Error tracking	Error stack traces, account identifier (scrubbed of secrets)
Backblaze	Off-site backup storage	Encrypted snapshots of production data

6. How we protect your data

All traffic to and from the Service is encrypted with TLS.
Your uploaded images and derived outputs are stored server-side and are not exposed to other customers. Our tenant-isolation layer enforces this at the database query level on every request.
Authentication tokens are stored as random 64-character hex strings and rotated on every successful login to prevent session fixation.
Off-site backups are encrypted server-side at the Backblaze B2 storage layer.
We do not store payment-card numbers; all payment processing is handled by Stripe, a PCI-DSS Level 1 provider.

7. How long we keep your data

Your Content remains in our production systems for as long as your account is active. You may request deletion of your content at any time by emailing [email protected]. We effect deletion from production systems within 30 days of receiving a valid request. Deletion from off-site backups occurs in the ordinary course of backup rotation, typically within 30 days of the last production write.

The billing ledger (credits, debits, credit purchases) is retained for at least seven years for tax and audit purposes, as required by US federal and Oklahoma state law, even after account deletion.

8. Your choices

Access and correction. You can view your account balance, pilot status, business details, and opt-out preference at /settings. To correct other data, email us.
Deletion. Email [email protected] requesting deletion. We’ll confirm within 30 days.
Training opt-out. Toggle at /settings (takes effect immediately).
Export. Your processed artifacts are downloadable through the Service. Email us if you need a bulk export.

9. Cookies and trackers

We use one first-party cookie (bluestem_session) to keep you signed in. We do not use third-party analytics, advertising trackers, or social-media pixels. Cloudflare Turnstile may set a short-lived cookie during signup to verify you’re not a bot; the cookie is Cloudflare’s, not ours, and is governed by their privacy policy.

10. Children

The Service is not directed to individuals under 18 and we do not knowingly collect information from such individuals.

11. International users

The Service is operated from the United States and is intended for use by US-based customers. If you access the Service from outside the US, your data may be transferred to, stored, and processed in the US. By using the Service you consent to that transfer.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide at least 30 days’ notice via email to the address on file and a notice in the Service. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

Questions about this policy or your data can be sent to [email protected]. For data-subject requests (access, deletion, opt-out confirmation), please put “Privacy” in the subject line so we route it correctly.