Privacy Policy

Effective date: June 28, 2026

bsuite AI ("we," "us," or "our") operates the bsuite AI platform at bsuiteai.com(the "Service"). This Privacy Policy explains how we collect, use, share, and protect information when you use our Service, including our integrations with Meta platforms (Instagram, Facebook Messenger, and WhatsApp).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address (via Clerk authentication or Google OAuth)
• Workspace name and settings
• Billing information (processed and stored by Stripe; we do not store full payment card details)

1.2 Meta Platform Data

When you connect your Instagram Business or Creator account, Facebook Page, or WhatsApp Business account to the Service, we access and process the following data through official Meta APIs:

• Messages: The content of incoming and outgoing direct messages (Instagram DMs, Messenger messages, and WhatsApp messages) to enable AI-powered reply generation and conversation management
• Sender information: Usernames, profile identifiers, and sender IDs associated with conversations
• Page and account information: Connected account usernames, account IDs, and page tokens required for API access
• Conversation metadata: Timestamps, read status, and message delivery status

1.3 AI Interaction Data

We collect data related to AI-generated replies, including:

• AI instructions you configure for your workspace
• AI-generated reply drafts and their approval, edit, or rejection status
• Token usage for AI processing

1.4 Usage Data

We automatically collect:

• Log data (IP addresses, browser type, pages visited)
• Feature usage and interaction patterns
• Performance and error data

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Read incoming messages, generate AI-powered replies, and send approved responses through Meta's APIs
• Manage conversations: Display messages in your unified inbox, track conversation state, and maintain conversation history
• Improve AI quality: Use your AI instructions and approval patterns to refine reply generation for your workspace
• Process billing: Track token usage and manage subscriptions
• Communicate with you: Send service notifications, usage alerts, and product updates
• Maintain security: Detect and prevent fraud, abuse, and unauthorized access
• Comply with legal obligations: Meet regulatory and legal requirements

3. How We Share Your Information

We do not sell your personal data. We share information only in these circumstances:

• Meta Platforms: We send replies back through Meta's Messaging APIs to the same channel the conversation originated on. This is required to provide the Service.
• Anthropic (Claude AI): Message content and your AI instructions are sent to Anthropic's API to generate reply suggestions. Anthropic processes this data under their data usage policies. We do not send personal account information to Anthropic beyond what is necessary for reply generation.
• Service providers: We use third-party services for authentication (Clerk), billing (Stripe), hosting (AWS), and email delivery. These providers access data only as necessary to perform their services and are bound by contractual obligations to protect your data.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is subject to a different privacy policy.

4. Meta Platform Data Usage

Our use of data received from Meta platforms complies with the Meta Platform Terms and Meta Developer Policies. Specifically:

• We only request the minimum permissions necessary to provide the Service
• We do not use Meta platform data for advertising, marketing to third parties, or building user profiles for purposes unrelated to the Service
• We do not sell, license, or otherwise transfer Meta platform data to third parties except as required to provide the Service
• Message data is used solely for the purpose of generating AI replies, managing conversations, and providing analytics to the connected account owner
• We comply with Meta's messaging rate limits and platform policies

5. Data Retention

We retain your data as follows:

• Conversation history: Retained based on your subscription plan (30 days for Free, 90 days for Starter, 1 year for Pro). After this period, message content is permanently deleted.
• Account information: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
• AI reply records: Retained alongside conversation history per your plan limits.
• Billing records: Retained as required by applicable tax and financial regulations.
• Aggregated analytics: De-identified, aggregated data may be retained indefinitely for service improvement.

6. Data Security

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted using TLS 1.2 or higher
• Meta access tokens are encrypted at rest using AES-256 and stored in AWS Secrets Manager
• Multi-tenant architecture ensures strict data isolation between workspaces
• Access to production systems is restricted and logged
• We conduct regular security reviews

7. Your Rights

You have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data. We will process deletion requests within 30 days, subject to legal retention requirements.
• Portability: Request your data in a machine-readable format (CSV export of conversations)
• Disconnect: Disconnect your Meta accounts from the Service at any time through your dashboard settings. Upon disconnection, we stop receiving new messages and revoke API access.
• Objection: Object to certain processing of your data

To exercise any of these rights, contact us at privacy@bsuiteai.com.

8. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Service you requested
• Legitimate interests: Service improvement, security, and fraud prevention
• Consent: Where required, such as for marketing communications
• Legal obligation: Where processing is required by law

You may withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

10. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Analytics cookies, if used, are anonymized and can be disabled in your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. For significant changes, we will also notify you via email.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@bsuiteai.com
• General inquiries: info@bsuiteai.com