Privacy Policy - Bibike Staging

1. Introduction

Bibike ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise resource planning (ERP) software and services.

2. Information We Collect

We collect information that you provide directly to us:

Account Information: Name, email address, phone number, business name, and password when you create an account.
Business Data: Product information, inventory data, sales records, customer information, supplier details, and financial records you enter into the system.
Payment Information: Billing address and payment method details for subscription services.
Communications: Messages you send to us for support or feedback.

We automatically collect:

Usage Data: Pages visited, features used, and actions taken within the application.
Device Information: Browser type, operating system, IP address, and device identifiers.
Log Data: Access times, error logs, and system activity for security and troubleshooting.

2.5 Artificial Intelligence & Third-Party Processors

Bibike includes optional AI-powered features such as a chat assistant, smart inventory suggestions, automated categorization, OCR receipt scanning, and natural language report generation. This section explains what data is involved when you use these features.

Data we collect from AI interactions:

AI Conversations: Your messages and AI responses, including the context of the page you are viewing when you send a query.
AI Audit Logs: Records of each AI interaction including input summaries, output summaries, model used, confidence scores, and processing costs.
AI Feedback: Corrections or ratings you provide on AI outputs, used to improve suggestion quality over time.

Data sent to third-party AI providers:

To generate AI responses, your queries and relevant business context are transmitted to one or more of the following providers:

Anthropic (Claude) — Privacy Policy
OpenAI (GPT) — Privacy Policy
Google (Gemini) — Privacy Policy
Groq — Privacy Policy
OpenRouter — Privacy Policy

What business data is included in AI requests:

Depending on the feature you use, AI requests may include your text query, product names, sales figures, inventory levels, customer data referenced in your query, and recent transaction context. We apply automated PII detection and redaction before transmission where possible, but some business context is inherently required to produce useful AI responses.

Purpose:

AI features are used to provide business insights, inventory reorder suggestions, automated data categorization, report generation, and general business assistance. Each provider processes your data solely to return a response and does not use your data to train their models under our API agreements.

Bring Your Own Key (BYOK):

If you are on a Professional or Enterprise plan and use your own API key, your data is sent directly from Bibike to your chosen AI provider under your own agreement with that provider. Bibike's data processing agreements with AI providers do not apply to BYOK usage. You are responsible for reviewing and complying with your provider's data handling terms.

Your right to disable AI:

AI features are opt-in and can be disabled at any time through your organization's Settings. Disabling AI stops all data transmission to AI providers. No data is sent to AI providers for passive use of the ERP (inventory, sales, accounting, etc.).

3. How We Use Your Information

We use the collected information to:

Provide, maintain, and improve our services
Process transactions and send related information
Send technical notices, updates, and security alerts
Respond to your comments, questions, and support requests
Monitor and analyze usage patterns to improve user experience
Detect, investigate, and prevent fraudulent or unauthorized activities
Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

AI Providers: To power AI features, we send business context and your queries to one or more of the following providers:
- Anthropic (Claude) — Privacy Policy
- OpenAI (GPT) — Privacy Policy
- Google (Gemini) — Privacy Policy
- Groq — Privacy Policy
- OpenRouter — Privacy Policy
These providers process your data to generate AI responses and do not use your data to train their models under our API agreements. Professional and Enterprise customers using their own API keys (BYOK) send data directly to their chosen provider under their own agreement.
Payment Processors: Paypack (Rwanda), and in the future Stripe, Flutterwave, and other regional processors for subscription billing.
Hosting & Infrastructure: Our servers are hosted by Namecheap. Data is stored on servers located in the United States.
Email Services: Transactional emails are sent via our configured SMTP provider.
Analytics: Google Analytics 4 for website usage analytics (subject to your cookie consent).
Legal Requirements: When required by law or to protect our rights, safety, or property.
Business Transfers: In connection with a merger, acquisition, or sale of assets.
With Your Consent: When you explicitly authorize us to share information.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS/SSL), secure password hashing, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. We may retain certain information as required by law or for legitimate business purposes (e.g., financial records for 7 years per accounting regulations).

7. Your Rights

Depending on your location, you may have the right to:

Access: Request a copy of your personal data.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your personal data (subject to legal retention requirements).
Portability: Receive your data in a structured, machine-readable format.
Object: Object to certain processing activities.
Withdraw Consent: Withdraw previously given consent at any time.

To exercise these rights, contact us at privacy@bibike.app.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States (where our AI providers and hosting infrastructure are located). We ensure appropriate safeguards are in place, including contractual data processing agreements with our providers. For users in Rwanda, transfers are conducted in accordance with the Data Protection Law (2021). For users in the EU/EEA, we rely on Standard Contractual Clauses (SCCs) where applicable.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Cookies

We use the following types of cookies:

Essential Cookies: Session cookies required for authentication and security (always active).
Analytics Cookies: Google Analytics 4 cookies to understand how visitors use our website. These are only set after you provide consent via our cookie banner.

You can manage your cookie preferences at any time through the cookie settings link in our website footer.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Fivorana Ltd (trading as Bibike)

Kigali, Rwanda

Email: privacy@bibike.app

Website: https://bibike.app