Legal

Privacy Policy

Last updated: June 9, 2026 · Effective Date: June 9, 2026

1. Introduction

BizAt ("Company," "we," "our," or "us") is committed to protecting the privacy of individuals who interact with our platform. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you access or use our website, platform, APIs, and related services (collectively, the "Services").

BizAt is a product of Technovicinity Limited, a company duly registered under the laws of Bangladesh (Registration No: [Number]), with its registered office at [Address], Bangladesh.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our Services immediately.

2. Scope and Applicability

This Privacy Policy applies to:

  • All visitors to our website at bizat.ai and all associated subdomains
  • Registered merchants who create accounts on our platform
  • End customers who interact with chatbots powered by our Services on merchant pages
  • All individuals whose personal data we process in the course of providing our Services

This policy does not apply to third-party websites, applications, or services that may be linked to or integrated with our platform. We encourage you to review the privacy policies of those third parties.

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Full name, email address, business name, workspace URL, password, and profile preferences when you register an account.
  • Payment Information: Billing address, payment method details, and transaction history. Payment card numbers are processed exclusively by our PCI-compliant payment processor and are never stored on our servers.
  • Communications: Content of messages you send to us, including customer support inquiries, feedback, and survey responses.
  • Marketing Preferences: Your preferences for receiving marketing communications and newsletters.

3.2 Information Collected Through Third-Party Integrations

When you connect third-party services to BizAt (such as Facebook, Instagram, WhatsApp, Shopify, WooCommerce, etc.), we may access and collect information from those platforms as authorized by you, including:

  • Page information, posts, comments, and messages from connected social media accounts
  • Product catalogs, inventory data, and order information from connected e-commerce platforms
  • Customer interaction data from messaging platforms
  • Authentication tokens and permissions granted through OAuth

3.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, time spent, and navigation patterns within our platform.
  • Device Information: IP address, browser type, operating system, device identifiers, and mobile network information.
  • Log Data: Server logs, error reports, and performance metrics.
  • Cookies and Similar Technologies: Session cookies, preference cookies, and analytics cookies as described in our Cookie Policy.

3.4 Information About End Customers

When end customers interact with chatbots powered by BizAt on our merchants' pages, we process the following on behalf of our merchants:

  • Message content and conversation history
  • Public profile information (name, profile picture) from the messaging platform
  • Contact information voluntarily shared during conversations (email, phone number)
  • Order preferences and product interests expressed during chat

4. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI-powered chatbot, analytics, and automation services.
  • AI Processing: To process customer conversations through our natural language models for automated responses, intent detection, and sentiment analysis.
  • Analytics and Insights: To generate business analytics, performance reports, and actionable insights for our merchants.
  • Account Management: To manage user accounts, process payments, and communicate service updates.
  • Product Development: To analyze usage patterns and improve our platform features, algorithms, and user experience.
  • Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activities.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
  • Marketing: To send promotional communications about our products and services (with your consent where required by law).

5. Legal Basis for Processing

For individuals in the European Economic Area (EEA), United Kingdom, and other jurisdictions requiring a legal basis, we process personal data under the following grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you (providing the Services).
  • Legitimate Interests: Processing for our legitimate business interests, including improving our Services, ensuring security, and preventing fraud.
  • Consent: Processing based on your explicit consent, which you may withdraw at any time.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data in the following circumstances:

  • Service Providers: With trusted third-party vendors who perform services on our behalf, including cloud hosting (Render, Supabase), AI processing (OpenAI), analytics, and customer support. These providers are contractually bound to protect your data.
  • Payment Processors: With PCI-compliant payment processors to handle billing transactions securely.
  • Legal Requirements: When required by law, subpoena, court order, or other legal process, or to protect our rights, property, or safety.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets.
  • With Your Consent: With your explicit consent or at your direction.

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you for any lawful purpose.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Specific retention periods are:

  • Account Data: Retained while your account is active and for 90 days after deletion.
  • Conversation Data: Retained for the duration of the merchant's account plus 30 days.
  • Payment Records: Retained for 7 years as required by tax and accounting regulations.
  • Server Logs: Retained for 90 days for security and diagnostic purposes.

8. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence. Our servers are located in the United States and Singapore. When we transfer data across borders, we implement appropriate safeguards in compliance with applicable data protection laws, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules where implemented

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data we hold.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request limitation on how we process your data.
  • Portability: Request transfer of your data to another service provider.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Withdraw previously given consent at any time.

To exercise these rights, contact us at [email protected]. We will respond within 30 calendar days. You also have the right to lodge a complaint with your local data protection authority.

10. Security

We implement and maintain industry-standard technical and organizational security measures designed to protect your data, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Multi-factor authentication for administrative access
  • Regular security audits and penetration testing
  • Role-based access controls and least-privilege principles
  • Continuous monitoring and incident response procedures

11. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform. Your continued use of the Services after such modifications constitutes acceptance of the updated policy.

13. Contact Information

For questions, concerns, or to exercise your data rights:

BizAt — A Product of Technovicinity Limited

Email: [email protected]

Website: bizat.ai