Privacy Policy

Buz AI ("we", "us", or "our") provides AI automation tools and services for startups and small to mid-size businesses. Our registered address and data controller contact details are listed in the Contact section below.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it. It applies to our website at getbuzai.com, our web application, any free resources or tools we offer, and any communications between you and us.

We collect data in three ways: information you give us directly, information collected automatically, and information from third parties.

We do not collect special category data (health, biometric, financial account details, or similar). We do not knowingly collect data from individuals under 16 years of age.

We use your data only for the purposes listed below. Each purpose is tied to a lawful basis under GDPR:

• Providing our service — processing your audit results, delivering requested resources, operating the platform. Lawful basis: Contract performance.
• Communications — sending transactional emails (confirmations, results, account updates). Lawful basis: Contract performance.
• Marketing emails — newsletters, product updates, and educational content. Lawful basis: Consent (you can withdraw at any time by clicking Unsubscribe).
• Analytics & product improvement — understanding how the site and app are used to make them better. Lawful basis: Legitimate interests.
• Security & fraud prevention — monitoring for abuse and protecting user accounts. Lawful basis: Legitimate interests.
• Legal compliance — retaining records as required by applicable law. Lawful basis: Legal obligation.

We do not use your data for automated decision-making that produces significant legal or similarly significant effects.

We do not sell, rent, or trade your personal data. We share it only with the third-party processors required to run our service, all of whom are bound by Data Processing Agreements:

• Hosting & deployment — Netlify (site and API hosting)
• Email delivery — transactional and marketing email providers
• CRM & pipeline — customer relationship management tools
• Analytics — privacy-focused usage analytics
• Calendar & scheduling — booking tools for discovery calls
• AI processing — where AI models process user inputs to generate audit results or automation recommendations

We may also disclose data to comply with a legal obligation, court order, or to protect the rights and safety of Buz AI, our users, or the public.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Active customer accounts — for the duration of the relationship, plus 12 months after account closure
• Lead and marketing records — up to 24 months from last meaningful interaction, or until you unsubscribe
• Audit and form submissions — 12 months unless you have an active account
• Technical and server logs — 90 days
• Legal and financial records — as required by applicable law (typically 7 years)

When data is no longer required, we securely delete or anonymise it.

Under GDPR and applicable data protection law, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your data where there is no lawful reason to retain it
• Restriction — ask us to pause processing of your data in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests, including profiling for direct marketing
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at the address in the Contact section. We will respond within 30 days. There is no fee for most requests.

You also have the right to lodge a complaint with your national supervisory authority. In Ireland, this is the Data Protection Commission at dataprotection.ie.

We use a small number of cookies and similar technologies on our site:

We do not use advertising cookies or third-party tracking pixels. You can manage or disable non-essential cookies through your browser settings at any time. Note that disabling cookies may affect certain features of the site.

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These include:

• HTTPS encryption in transit across all services
• Access controls limiting data access to authorised personnel only
• Regular review of third-party processor security standards
• Incident response procedures for potential data breaches

No transmission over the internet is completely secure. While we do our best to protect your data, we cannot guarantee absolute security. If you suspect a security incident involving your data, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email.

We encourage you to review this page periodically. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy, want to exercise your rights, or wish to make a complaint, contact us at: