Privacy Policy

1. Introduction

Welcome to BuddyAI! This Privacy Policy explains how we collect, use, and protect your personal data. Our policy complies with both the California Consumer Privacy Act (CCPA) for US users and the General Data Protection Regulation (GDPR) for EU users.

2. Who We Are

BuddyAI is an AI-powered shopping assistant that provides personalized product recommendations. If you have any questions about your data, please contact us at:

Email: privacy@buddyai.app

3. What Data We Collect

We collect the following types of personal data:

• Basic Information: Name, email, account details
• Sensitive Data (with explicit opt-in consent):
  • Health-related preferences
  • Ethnicity information
  • Lifestyle & fashion preferences
  • Religious beliefs (for personalized recommendations)
  • Location data (if enabled)
• AI Chatbot Interactions: Messages sent to our AI assistant
• Device & Usage Data: IP address, app usage analytics

4. How We Use Your Data

We use your data for:

• Providing AI-driven personalized product recommendations
• User authentication & account management (via Supabase)
• Improving AI chatbot interactions & features
• Ensuring security & fraud prevention
• Analytics to enhance app performance

We DO NOT sell your personal data or use it for targeted advertising.

5. Legal Basis for Processing (GDPR)

Under GDPR (Article 6), we process your data based on:

• Your Consent – Required for sensitive data (health, ethnicity, etc.)
• Contractual Necessity – Providing our services (user accounts, recommendations)
• Legitimate Interests – Security, fraud prevention, and analytics

6. Your Privacy Rights

For EU Residents (GDPR)

Under GDPR (Articles 15-22), you have the right to:

• Access your data – Request a copy of your personal data
• Export your data – Download your stored data
• Correct your data – Update inaccurate or incomplete information
• Delete your data ("Right to Be Forgotten") – Request account deletion
• Withdraw consent – Stop processing of sensitive data
• Restrict processing – Limit how we use your data
• Object to processing – Especially for analytics or automated AI decisions

For California Residents (CCPA)

Under the CCPA, California residents have the right to:

• Know what personal data we collect and how we use it
• Access your personal data
• Request deletion of your data
• Opt-out of data sharing (we do not sell your data)
• Correct inaccurate personal data

To exercise any of these rights, please email us at privacy@buddyai.app

7. How We Obtain User Consent

• Users agree to data collection by accepting our Privacy Policy at sign-up
• For sensitive data, we use a clear opt-in checkbox.
• Users can change preferences or withdraw consent in the app settings anytime

8. Data Retention Policy

We store your data indefinitely, unless:

• You request deletion
• Applicable law requires us to delete it when no longer necessary

9. Third-Party Data Sharing

We DO NOT sell data but share some data with:

• Supabase – Authentication and user management
• Analytics Providers – To improve app functionality (non-personalized data only)

To opt out of analytics-based data sharing, email us at privacy@buddyai.app

10. International Data Transfers

If data is transferred outside the EU, we ensure:

• Standard Contractual Clauses (SCCs)
• Data encryption & security measures

11. Security Measures

We protect your data using:

• End-to-end encryption (for sensitive data)
• Secure authentication (OAuth via Google/Apple)
• Regular security audits

12. Changes to This Policy

If we update this policy, we'll notify you via:

• Email or App Notification

13. Contact Us

For privacy questions, contact:

Email: privacy@buddyai.app