Privacy Policy

1. Data Collection

We collect the following types of information when you use Bi369 AI:

• Account information: Name, email address, company name, and password when you register for an account
• Business data: Information you enter into the platform, including contacts, invoices, projects, employee records, and other business data
• Usage data: How you interact with the Service, including features used, pages visited, and actions taken
• Device data: Browser type, operating system, IP address, and device identifiers
• Payment data: Billing address and payment method details (processed securely by our payment provider; we do not store full card numbers)

2. Data Usage

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities in connection with the Service
• Personalize and improve your experience with the Service
• Train and improve our AI features (using anonymized, aggregated data only — never your identifiable business data)

3. Data Sharing

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

• Service providers: With third-party vendors who assist in providing the Service (hosting, payment processing, email delivery), bound by confidentiality agreements
• Legal requirements: When required by law, subpoena, or government request
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to you
• With your consent: When you explicitly authorize sharing

4. Cookies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how you use the Service. Essential cookies are required for the Service to function. Analytics cookies help us understand usage patterns and improve the Service.

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

5. Security Measures

We implement industry-standard security measures to protect your data:

• 256-bit TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-tenant isolation with row-level security
• Regular security audits and penetration testing
• SOC 2 Type II compliance (in progress)
• Automated backups with point-in-time recovery
• Two-factor authentication available for all accounts

6. Your Rights

GDPR (European Economic Area)

If you are in the EEA, you have the right to:

• Access, correct, or delete your personal data
• Object to or restrict processing of your data
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

CCPA (California)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by businesses and their service providers
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your CCPA rights

7. Data Retention

We retain your data for as long as your account is active. After account deletion, we retain your data for 30 days to allow for recovery. After 30 days, your data is permanently deleted from our production systems. Backups containing your data may persist for up to 90 days before being overwritten.

8. International Data Transfers

Your data may be transferred to and maintained on servers located outside of your country. We ensure appropriate safeguards are in place, including Standard Contractual Clauses, to protect your data in accordance with this Privacy Policy.

9. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Material changes will be communicated via email or a prominent notice on the Service.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@bi369.com.