Privacy Policy

1.1

This Privacy Policy applies to all personal data processed by the bookuvai platform ("Platform"), accessible at bookuvai.com and related domains.

1.2

bookuvai is the data controller responsible for your personal data. We are committed to protecting your privacy in compliance with the Digital Personal Data Protection Act 2023 (India), the General Data Protection Regulation (EU), and other applicable data protection laws.

1.3

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2.1

Account Data: Name, email address, phone number, and password (stored as a bcrypt hash with 12 salt rounds — we never store plaintext passwords).

2.2

Order Data: Project requirements, scope documents, change requests, milestone progress, and deliverable metadata.

2.3

Communication Data: Governed chat transcripts, support ticket contents, and AI PM interaction logs. All communications are template-based and state-locked.

2.4

Payment Data: Transaction records, invoice details, and billing history. Payment credentials (card numbers, CVVs) are processed exclusively by Razorpay (PCI-DSS compliant, for India) and Paddle (PCI-DSS compliant, Merchant of Record for international transactions) — we do not store sensitive payment data at any time.

2.5

Usage Data: Login timestamps, session duration, feature interactions, and page views for platform improvement.

2.6

Technical Data: IP address, browser type and version, device information, and operating system for security and compatibility purposes.

2.7

Consultation Data: AI consultation transcripts, generated project estimates, requirement extractions, and quotation details from your free consultation sessions.

3.1

To provide and operate the Platform, including account management, order processing, and project execution by AI agents.

3.2

To process payments, generate invoices, manage the Hours Ledger, and handle refund requests through Razorpay (India) and Paddle (international).

3.3

To facilitate governed communication between the Customer and AI PM through state-locked chat interfaces.

3.4

To maintain the immutable audit trail as required by Platform Law L7 ("Everything Is Logged") — this is a core governance obligation, not optional data collection.

3.5

To improve platform operations, AI agent performance, and service quality through aggregated, anonymized analytics.

3.6

To comply with legal obligations including tax reporting, regulatory compliance, and law enforcement requests.

3.7

To send transactional communications: order status updates, payment confirmations, delivery notifications, and security alerts. These are not marketing and cannot be opted out of.

4.1

Contract Performance: Processing necessary to fulfill your orders, manage your account, and deliver the services you have commissioned.

4.2

Legitimate Interests: Platform security, fraud prevention, service improvement, and business analytics, balanced against your privacy rights.

4.3

Legal Obligations: Maintaining the immutable audit trail (7-year retention), tax records, and regulatory compliance documentation.

4.4

Consent: Where required for optional services such as marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5.1

Automated purge operations run daily at 03:00 UTC. Purge operations are themselves logged in the audit trail for compliance verification.

5.2

Inactive accounts (no login for 2 years) are flagged for data anonymization. The Customer is notified 30 days before anonymization begins.

6.1

Tenant Isolation: Customer data is isolated between tenants at the database level. No Customer can access another Customer's data.

6.2

Encryption in Transit: All data transmitted to and from the Platform is encrypted using TLS 1.3 with forward secrecy.

6.3

Encryption at Rest: Data stored on our servers is encrypted using AES-256-GCM with per-tenant encryption keys.

6.4

Authentication: RS256 JWT tokens with 15-minute access token expiry and 7-day refresh token expiry. Multi-factor authentication via OTP (6-digit code, 10-minute expiry) is available.

6.5

Container Security: AI agent execution containers are wiped after each job. No persistent state is retained between agent executions.

6.6

Infrastructure Isolation: GPU nodes used for AI processing have no direct customer data access. All data flows through authenticated API layers.

7.1

AI agents process your project data solely for the purpose of fulfilling your Order. Data is accessed only within the context of your active order and frozen scope.

7.2

We do NOT train AI models on your proprietary data without your explicit, informed consent. Your project data is not used to improve general AI capabilities.

7.3

Consultation data belongs to the Customer. You may request export or deletion of consultation transcripts at any time.

7.4

AI agents operate under strict scope constraints and cannot access data outside the current Order context. Cross-order data access is technically impossible by design.

7.5

All AI-generated outputs (code, tests, documentation) are logged to the immutable audit trail for traceability and accountability.

8.1

Right of Access: Request a copy of all personal data we hold about you. We will respond within 30 days.

8.2

Right to Rectification: Request correction of inaccurate or incomplete personal data.

8.3

Right to Erasure: Request deletion of your personal data (Right to be Forgotten). Subject to legal retention requirements — we cannot delete immutable audit trail entries required by law, but we can restrict access to them.

8.4

Right to Data Portability: Receive your personal data in a structured, machine-readable format (JSON/CSV export).

8.5

Right to Restrict Processing: Request that we limit how your data is processed while a dispute or verification is pending.

8.6

Right to Object: Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.

8.7

To exercise any of these rights, contact privacy@bookuvai.com with your registered email address and a description of your request. We will acknowledge receipt within 48 hours and fulfill the request within 30 days.

8.8

Exception: Immutable audit trail entries cannot be deleted due to legal obligations (Platform Law L7, tax compliance, regulatory requirements). However, access to such records can be restricted upon request.

9.1

India (DPDP Act 2023): bookuvai acts as a Data Fiduciary under the Digital Personal Data Protection Act 2023. We process data based on valid consent or legitimate uses as defined under the Act. A Grievance Officer is appointed and reachable at grievance@bookuvai.com.

9.2

European Union (GDPR): Where we process data of EU residents, we comply with the General Data Protection Regulation. Cross-border data transfers are protected by Standard Contractual Clauses (SCCs). You have the right to lodge a complaint with your local Data Protection Authority.

9.3

United States (CCPA/CPRA): California residents have the right to know, delete, and opt out of the sale of personal information. We do not sell personal data. For requests: privacy@bookuvai.com.

9.4

United Kingdom (UK GDPR): UK residents are afforded the same protections as under the EU GDPR. A UK representative can be contacted at privacy@bookuvai.com.

9.5

Singapore (PDPA): We comply with the Personal Data Protection Act regarding purpose limitation, consent, and notification obligations for Singapore residents.

10.1

Razorpay: Payment processing for Indian customers (PCI-DSS Level 1 compliant). Receives transaction details for payment authorization, capture, and refund processing.

10.2

Paddle: Payment processing and Merchant of Record for international customers (PCI-DSS compliant). Handles payment authorization, tax calculation, invoicing, and refund processing for non-Indian transactions.

10.3

Anthropic (Claude AI): AI model provider for project execution, consultation, and code generation. Project data is sent to Anthropic's API for processing. Anthropic does not train on API inputs.

10.4

AWS / MinIO: Cloud infrastructure and object storage for artifacts, deliverables, and file uploads. Data is stored in encrypted S3-compatible buckets.

10.5

Twilio: SMS and WhatsApp messaging for OTP verification and transactional notifications.

10.6

SMTP Provider: Email delivery for transactional notifications (order updates, payment confirmations, security alerts).

10.7

We do not sell, rent, or trade personal data to any third party for advertising or marketing purposes.

11.1

Essential Cookies: The Platform uses essential cookies for session management and authentication. These are strictly necessary for the Platform to function and cannot be disabled.

11.2

Analytics Cookies: With your consent, we use Google Analytics 4 (GA4) and Meta Pixel to understand how visitors interact with the Platform and to measure the effectiveness of our outreach. These cookies are only activated after you accept cookies via our consent banner. You may reject or withdraw consent at any time by clearing your browser cookies.

11.3

We do not use behavioral targeting technologies, nor do we sell or share tracking data with third parties for advertising purposes.

11.4

Error Monitoring: We may use Sentry for error tracking to improve platform stability. Error reports may include technical data (browser, OS, stack traces) but do not include personal data.

11.5

Performance Metrics: Internal Prometheus metrics are collected for system health monitoring. These are aggregated infrastructure metrics and do not contain personal data.

12.1

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email at least 30 days before they take effect.

12.2

The "Last updated" date at the top of this page indicates when the policy was most recently revised.

13.1

For privacy-related inquiries, data subject requests, or complaints:

13.2

We will acknowledge all privacy requests within 48 hours and respond substantively within 30 days, in compliance with applicable data protection regulations.