Privacy & data policy
Transparency in how we handle your personal data and AI features
Privacy policy - introduction
BBos ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.
- We are committed to transparency in our data practices
- This policy complies with GDPR, CCPA, and other privacy regulations
- Your privacy rights are protected under applicable data protection laws
- We implement privacy by design principles in all our services
Personal data we collect
We may collect, use, store and transfer different kinds of personal data about you when you use our services.
- Identity data: Name, username, organization name, job title
- Contact data: Email address, telephone numbers, billing address
- Technical data: IP address, browser type, device information, operating system
- Usage data: Information about how you use our website and services
- Profile data: Your preferences, feedback, survey responses, and account settings
- Financial data: Payment card details, billing information (processed securely by third parties)
- Marketing data: Your preferences for receiving communications from us
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To provide and maintain our service functionality
- To process payments and manage your account
- To notify you about changes to our service or terms
- To provide customer support and respond to inquiries
- To gather analysis or valuable information to improve our service
- To monitor the usage of our service and detect technical issues
- To send you marketing communications (with your consent)
- To comply with legal obligations and protect our rights
Your legal rights and choices
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- Right to access: Request copies of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Request limiting our use of your data
- Right to data portability: Request transfer of your data to another service
- Right to object: Object to our use of your personal data for certain purposes
- Right to withdraw consent: You can withdraw consent at any time
Data security and protection
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way.
- All data is encrypted in transit using TLS/SSL protocols
- Personal data is encrypted at rest using industry-standard encryption
- Access to data is strictly limited to authorized personnel only
- Regular security audits and vulnerability assessments are conducted
- Multi-factor authentication is required for administrative access
- We maintain incident response procedures for any security breaches
Data retention periods
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for.
- Account data: Retained while your account is active, deleted 90 days after account closure
- Payment data: Retained for 7 years for tax and accounting purposes
- Analytics data: Retained for 26 months maximum
- Marketing data: Retained until you unsubscribe or object
- Legal compliance data: Retained as required by applicable laws
- Backup data: Automatically purged according to our backup retention schedule
Third-party services and data sharing
We use trusted third-party services to provide our platform. Your data may be shared with these providers under strict privacy controls.
- Firebase (Google): Authentication, database, and hosting services
- Google Analytics: Website analytics (only with your consent)
- Payment processors: Secure payment processing (we do not store payment details)
- Cloud storage providers: Secure data storage and backup
- Email service providers: For sending transactional and marketing emails
- No personal data is sold to third parties under any circumstances
International data transfers
Your personal data may be transferred to and processed in countries other than your own.
- We ensure adequate protection through appropriate safeguards
- Transfers comply with applicable data protection laws
- We use Standard Contractual Clauses where required
- Cloud providers maintain certifications for international data protection
- You have the right to request information about international transfers
Privacy contact information
If you have any questions about this privacy policy or wish to exercise your rights, please contact us.
- Email: support@bbos.ai
- Subject line: Privacy policy inquiry
- Response time: We will respond within 30 days
- For urgent matters, please include "Urgent" in the subject line
- You may also contact us through our general support channels
AI features overview
BBos uses artificial intelligence to enhance your business operations through various AI-powered features. This section explains how we handle your data when you use these features.
- Document data extractor: AI-powered data extraction from bank statements and documents
- Ducky AI Assistant: Intelligent chatbot for business assistance and support
- Embedded chatbots: Custom AI chatbots for customer engagement and lead generation
- Resume analysis: AI-powered resume screening and candidate matching tools
AI data collection and processing
When you use our AI features, we may collect and process certain data to provide these services effectively.
- Document content and metadata when using the Document Extractor
- Chat conversations and messages when interacting with AI assistants
- User inputs, questions, and commands provided to AI features
- Technical data such as usage patterns and feature interactions
- Contact information when voluntarily provided through chatbot interactions
How we use your AI data
Your data is used solely to provide and improve our services. We are committed to responsible AI data usage.
- Process your requests and provide accurate responses
- Improve the accuracy and performance of our models
- Provide personalized assistance based on your business context
- Generate insights and analytics from your interactions
- Ensure the security and proper functioning of AI features
AI data sharing and third parties
We work with trusted AI service providers to deliver our features. Your data may be shared with these providers under strict privacy controls.
- OpenAI for GPT-based AI processing - Check out OpenAI Terms and Conditions
- Mistral AI for OCR processing - Check out Mistral AI Terms and Conditions
- Cloud storage providers for secure data storage and processing
- Analytics providers for usage insights (anonymized data only)
- No data is sold to third parties
AI user consent and control
By using our AI features, you acknowledge and consent to the data processing described in this policy. You maintain control over your data.
- Explicit consent is required before using AI features that process sensitive data
- You can disable AI features at any time through your account settings
- You can request deletion of your AI interaction data
- Clear notifications are provided when AI features are active
AI data security and retention
We implement robust security measures to protect your AI data and follow responsible data retention practices.
- All data is encrypted in transit and at rest
- Access to data is strictly limited to authorized personnel
- Regular security audits and vulnerability assessments
- Conversation data is retained until 90 days after account deletion
- Document processing data is deleted after extraction unless saved by user
Your AI rights and choices
You have several rights regarding your AI data and how it's processed by our systems.
- Right to access: Request copies of your interaction data
- Right to erasure: Request deletion of your data
- Right to portability: Export your AI data in a structured format
- Right to object: Opt out of AI data processing for specific purposes by disabling features for your organization
Policy updates and changes
This privacy and data usage policy may be updated periodically to reflect changes in our features or legal requirements.
- Users will be notified of significant policy changes via email
- Continued use of features constitutes acceptance of policy updates
- Previous versions of this policy are available upon request
- Major changes will include a transition period for user adaptation
Questions about privacy or data usage?
We're here to help you understand how your data is handled and your privacy rights