Banavo.AI ("we", "us", "our") provides AI-powered SaaS tools that help e-commerce businesses automate sales, marketing, and operational workflows. This Privacy Policy explains how we collect, use, disclose, and protect information relating to individuals who use our services or whose personal data is processed by our customers on the Banavo.AI platform (the "Platform").

1. Scope

This Policy applies to personal data processed by Banavo.AI as a processor or controller. When acting as a processor, we process personal data only on the documented instructions of our customers ("Customers") and under the Data Processing Addendum (DPA).

2. Types of Information We Collect

Account Information: name, email, company, billing details.

Business & Uploaded Data: files, databases, and API-linked data that may include end-customer PII (names, emails, phones, addresses, purchase histories).

Usage & Technical Data: IP addresses, device and browser info, log files, session metadata.

Derived Data & Embeddings: semantic representations and contextual embeddings generated from Customer data to enable persistent business semantics and improve response accuracy.

3. How We Use Data

We use data to:

Provide and operate the Platform and services.

Generate AI outputs, recommendations, and analytics.

Improve and tune models, including reducing hallucinations, by leveraging aggregated and/or pseudonymized learnings.

Detect and prevent fraud, maintain security and integrity.

Comply with legal obligations and respond to lawful requests.

4. Legal Bases for Processing (EU/EEA)

For data subjects in the EU/EEA, Banavo.AI relies on Customer instructions, contractual necessity, legitimate interests (platform security, fraud prevention, product improvement), and, where applicable, consent for certain features.

5. Third-Party Processors & LLM Providers

To produce AI outputs, we transmit content to third-party AI providers (e.g., OpenAI, Anthropic, Google, AWS). These Sub-Processors act under contract and technical safeguards. We do not authorize Sub-Processors to use Customer data to train their public models unless explicitly agreed in writing.

6. Data Sharing

We may disclose data to:

Authorized service providers and Sub-Processors (hosting, analytics, AI providers).

Legal or governmental authorities where required by law.

Potential buyers in the event of a merger or sale (with confidentiality safeguards).

7. Data Retention & Deletion

We retain Customer data while the account is active and thereafter only as necessary to provide services, meet legal obligations, or as agreed with the Customer. Upon termination, Customer may request deletion; Banavo.AI will delete or return Personal Data within 30 days unless retention is required by law.

8. Security

We maintain reasonable technical and organizational measures including encryption in transit and at rest, access controls, monitoring, and periodic security testing. Despite reasonable measures, no system is perfectly secure.

9. International Transfers

Personal Data may be transferred to and processed in the United States and other countries. For transfers from the EU/EEA/UK, we implement safeguards such as Standard Contractual Clauses (SCCs) and, where applicable, the UK Addendum.

10. Data Subject Rights

Where applicable, individuals may exercise rights including access, rectification, erasure, restriction, portability, and objection. Requests should be directed to legal@banavo.ai. We will respond within applicable legal timeframes.

11. Children's Data

The Platform is not intended for individuals under 18. We do not knowingly collect Personal Data from minors.

12. Changes to This Policy

We may update this Policy. We will post the revised Policy with a new "Last Updated" date. Continued use after changes indicates acceptance.

13. Contact

Questions or requests: legal@banavo.aiz