Privacy Policy

1. Introduction

Baboluv B.V. ("we", "us", "our") is responsible for processing personal data as described in this privacy policy. This policy applies to all services we offer via bugalou.com, including WhatsApp Business integration, Instagram Business messaging, contact management, and automation tools.

2. Types of Personal Data We Collect

We collect the following categories of personal data:

  • Account Information: Name, email address, phone number, company name
  • Payment Information: Processed by Stripe (we do not store credit card details)
  • WhatsApp Business Account: WABA ID, phone ID, phone number, verified name
  • Instagram Business Account: Instagram username, account ID, profile picture, Instagram messages (DMs)
  • Contact Information: Phone numbers, names, Instagram usernames, and tags of your contacts
  • Message Data: WhatsApp and Instagram messages sent/received via our platform
  • Automation Data: Configuration of automation rules and triggers
  • Chatbot Settings: Training data and configuration for AI chatbot
  • Log Data: IP address, browser type, pages visited, timestamp

3. Legal Basis for Data Processing

We process personal data based on:

  • Contractual Obligation: Delivery of our services
  • Legitimate Interest: Service improvement, fraud prevention
  • Legal Obligation: Tax and accounting records
  • Consent: Marketing communications (only with your explicit consent)

4. Purpose of Data Processing

We use personal data for:

  • Delivery and management of our WhatsApp and Instagram integration services
  • Receiving, storing, and sending Instagram Direct Messages on behalf of your business
  • Managing customer conversations via WhatsApp and Instagram in one platform
  • Processing payments and invoicing
  • Support and customer service
  • Improvement and optimization of our platform
  • Compliance with legal requirements
  • Detection and prevention of fraud and abuse
  • Analysis of service usage (anonymized)

5. Data Sharing with Third Parties

We share personal data with the following service providers:

  • Meta Platforms (WhatsApp & Instagram): WhatsApp Business Account and Instagram Business Account data (required for service delivery)
  • Stripe: Payment processing (PCI DSS compliant)
  • Neon (PostgreSQL): Database hosting (EU-based)
  • Vercel: Website hosting (US-based, Privacy Shield compliant)
  • OpenAI: AI chatbot processing (only training data you provide)

Instagram Data Usage: When you connect your Instagram Business account to Bugalou, we access and process your Instagram Direct Messages to provide customer service management. This includes retrieving incoming messages, displaying them in our platform, and sending responses on your behalf. Instagram data is used solely to provide our CRM services and is never shared with third parties or used for purposes beyond facilitating your customer communication.

We do not share data with external marketers or advertisers without your consent.

6. Data Retention

We store personal data for:

  • Active accounts: Duration of subscription + 30 days after cancellation
  • Billing information: 7 years (legal obligation)
  • Message history: 1 year or until account deletion
  • Log data: 90 days

7. Your Rights (GDPR)

You have the following rights:

  • Right of Access: Copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: "Right to be forgotten"
  • Right to Restriction: Limit processing
  • Right to Data Portability: Your data in machine-readable format
  • Right to Object: Automated decision-making

Send requests to: privacy@bugalou.nl

8. Data Security

We implement the following security measures:

  • 256-bit SSL/TLS encryption for data transmission
  • End-to-end encryption for sensitive data
  • Access controls and authentication (2FA available)
  • Regular security audits and updates
  • GDPR-compliant database hosting

9. International Data Transfers

Some of our service providers (e.g., Vercel, OpenAI) are located outside the EU. We execute these transfers based on Standard Contractual Clauses (SCCs) and Privacy Shield agreements.

10. Cookies and Tracking

We use essential cookies for session management and security verification. You can disable optional tracking cookies in your browser settings.

11. Data Protection Officer Contact

For questions or complaints, you can contact:

Baboluv B.V.

Email: privacy@bugalou.nl

Website: https://bugalou.com

12. Changes to This Policy

We may modify this privacy policy at any time. Changes become effective 30 days after publication. Continued use of our services means acceptance of changes.

Last updated: December 2024

Also read our Terms & Conditions

Privacy Policy - How We Protect Your Data | Bugalou