A clearer privacy policy for how BuniAI handles data today

This Privacy Policy describes how BuniAI Ltd (collectively, BuniAI, we, us, and our) collects, uses, stores, shares, and otherwise processes personal information when you use our website, software platform, hosted services, and related support channels.

BuniAI helps teams design, test, deploy, and manage chatbot, automation, and USSD workflows. Because the service involves hosted applications, integrations, analytics, and AI-assisted features, we need to process information in order to provide the platform.

Depending on how you use BuniAI, we may collect the following categories of information:

• Account and contact information: such as your name, email address, phone number, organization details, and billing contact details.
• Customer content: such as workflow definitions, prompts, messages, chatbot content, uploaded materials, user responses, and project configuration data.
• Integration credentials and tokens: such as API keys, access tokens, refresh tokens, and other secrets you provide when connecting external services.
• Usage and device information: such as IP address, browser type, device characteristics, operating system, session data, feature usage, page views, performance information, and error telemetry.
• Billing and transaction information: such as subscription status, invoice information, and payment-related records processed through our payment provider.
• Support and communications data: such as messages you send to us, support tickets, meeting requests, and feedback.

We collect information in three main ways:

• Directly from you when you register, configure a workspace, connect an integration, contact support, or submit content into the platform.
• Automatically when you use the website or application, including through logs, essential cookies, analytics tools you consent to, and technical monitoring.
• From connected services when you authorize integrations and request data to be read from or written to third-party systems.

We use personal information to:

• provide, operate, maintain, and secure BuniAI;
• create and manage accounts, teams, plans, and billing relationships;
• process workflow execution, integrations, and user-configured automations;
• support AI-assisted features and provider requests initiated through the product;
• respond to support requests, product feedback, and operational communications;
• understand product performance and improve reliability and usability;
• detect abuse, investigate incidents, and enforce our Terms;
• comply with legal obligations and defend our legal rights.

BuniAI supports optional integrations with third-party tools such as CRM, support, messaging, spreadsheet, calendar, automation, payment, and database services. When you connect those services, we process the credentials and tokens needed to execute the workflows you configure.

• Credentials and tokens are stored in encrypted form and are used only by authorized service processes that need them to run the integration.
• Data may flow out to connected services or into BuniAI depending on the workflow you design.
• You control which integrations are enabled and what information your workflows send or retrieve.

BuniAI also offers AI-assisted features that may send prompts, workflow context, or other relevant inputs to third-party AI providers selected within the product. Those providers process data only to deliver the requested feature or response.

We use strictly necessary cookies and similar technologies to operate the site and keep sessions secure. These cannot be disabled through our banner because the service relies on them.

We also use analytics tooling, including TryHet, to understand feature usage, navigation patterns, product performance, and selected session replay data for usability analysis.

• Analytics and replay tooling are loaded only after you grant consent through our cookie consent banner.
• Sensitive screens and fields are blocked or masked using product-level rules designed to reduce capture of secrets, passwords, and similar data.
• If you decline analytics cookies, those analytics scripts are not loaded.

We may share information in the following circumstances:

• Service providers that help us deliver hosting, infrastructure, analytics, authentication, communications, payment processing, AI features, and customer support.
• Connected third-party services when you configure integrations or send data through workflows you control.
• Legal and security reasons when disclosure is reasonably necessary to comply with law, protect rights, investigate abuse, or respond to valid requests.
• Corporate transactions such as a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality measures.

We do not sell your personal information in the ordinary sense of exchanging it for money.

We keep information for as long as necessary to provide the service, maintain security, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account and organization records are generally kept while the account remains active.
• Workflow data, configuration, and integration settings are retained while needed to provide the service to your workspace.
• Credentials are retained until you disconnect the integration, replace the secret, or delete the relevant account or workspace, subject to limited backup retention.
• Logs, security records, and analytics data may be retained for shorter or longer periods depending on operational necessity and legal requirements.

We use administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction.

• Encryption in transit is used for data moving through supported network channels.
• Sensitive credentials are stored in encrypted form.
• Access to systems and data is limited to authorized processes and personnel.
• We monitor platform reliability and investigate suspected misuse or security events.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Because BuniAI uses third-party infrastructure and service providers, your information may be processed in countries other than your own. Where required, we use appropriate safeguards for such transfers.

Depending on your jurisdiction, you may have rights to access, correct, delete, export, or restrict certain uses of your personal information, or to object to specific processing.

To exercise a request, contact admin@buni.ai. We may need to verify your identity before completing the request.

BuniAI is not intended for children under 18, and we do not knowingly collect personal information from children through the platform.

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. When we do, we will update the effective date on this page.

Questions about this notice or our privacy practices can be sent to admin@buni.ai.