GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Last updated: February 2, 2025

Our Commitment to GDPR Compliance

Buba AI is committed to protecting the privacy and personal data of all our users, especially those in the European Union (EU) and European Economic Area (EEA). We comply with the General Data Protection Regulation (GDPR) and respect your rights under this regulation.

This page explains your specific rights under GDPR and how we fulfill our obligations to protect your personal data.

Data Controller Information

Data Controller: Buba AI

Contact Email: privacy@bubaai.com

Data Protection Officer: dpo@bubaai.com

For any questions about how we process your personal data or to exercise your GDPR rights, please contact us using the information above.

Your Rights Under GDPR

As a user in the EU/EEA, you have the following rights regarding your personal data:

1. Right to Access

You have the right to access your personal data and receive information about how we process it.

What you can do:

  • View all your personal information in your account settings
  • Access your complete conversation history
  • Request a copy of all data we hold about you
  • Receive information about how we use your data

How to exercise: Log into your account and go to Settings → Privacy → Download My Data, or contact us at privacy@bubaai.com

2. Right to Rectification

You have the right to correct inaccurate or incomplete personal data.

What you can do:

  • Update your name, email, and profile information
  • Correct any inaccurate data in your account
  • Add missing information to your profile

How to exercise: Go to Settings → Profile to update your information, or contact us for assistance

3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances.

What you can do:

  • Delete individual conversations
  • Delete your entire account and all associated data
  • Request removal of specific personal information

How to exercise: Go to Settings → Privacy → Delete Account, or contact us at privacy@bubaai.com

Note: We may retain certain data if required by law (e.g., transaction records for tax purposes) or to establish, exercise, or defend legal claims.

4. Right to Restriction of Processing

You have the right to request that we limit how we use your personal data in certain situations.

When this applies:

  • You contest the accuracy of your personal data
  • Processing is unlawful but you don't want data deleted
  • We no longer need the data but you need it for legal claims
  • You've objected to processing and verification is pending

How to exercise: Contact us at privacy@bubaai.com with your request and reason

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

What you can do:

  • Download your data in JSON or CSV format
  • Transfer your data to another service provider
  • Receive a complete export of your conversations and profile

How to exercise: Go to Settings → Privacy → Export My Data, or contact us at privacy@bubaai.com

6. Right to Object

You have the right to object to certain types of processing of your personal data.

What you can object to:

  • Processing based on legitimate interests
  • Direct marketing communications
  • Profiling for marketing purposes
  • Processing for scientific or historical research

How to exercise: Go to Settings → Privacy → Communication Preferences, or contact us at privacy@bubaai.com

7. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Our practice:

  • We use AI to provide coaching advice, but this is advisory only
  • No automated decisions are made that legally bind you
  • You always have control over how you use our advice
  • Human review is available upon request

How to exercise: Contact us at privacy@bubaai.com if you have concerns about automated processing

8. Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time.

What you can do:

  • Opt out of marketing emails
  • Disable voice recording features
  • Revoke permissions for data processing
  • Close your account

How to exercise: Go to Settings → Privacy, or contact us at privacy@bubaai.com

Legal Basis for Processing Your Data

Under GDPR, we must have a legal basis to process your personal data. We process your data based on:

Contract Performance

We process your data to provide our coaching service, which is necessary for performing our contract with you.

Examples: Account creation, providing coaching sessions, processing payments

Consent

We process certain data based on your explicit consent, which you can withdraw at any time.

Examples: Marketing communications, voice recordings, optional features

Legitimate Interests

We process data for our legitimate business interests, provided these don't override your rights and interests.

Examples: Fraud prevention, service improvement, security monitoring

Legal Obligation

We process data when required by law or to comply with legal obligations.

Examples: Tax records, responding to legal requests, regulatory compliance

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Binding Corporate Rules for intra-group transfers
  • Certification mechanisms and codes of conduct

We work only with service providers who commit to GDPR-compliant data protection standards.

Data Retention Periods

We retain your personal data only for as long as necessary for the purposes outlined in our Privacy Policy:

Data TypeRetention Period
Account informationUntil account deletion
Conversation historyUntil deletion by user or account closure
Transaction records7 years (legal requirement)
Usage logs90 days
Marketing consentUntil consent withdrawn

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

  • Encryption in transit and at rest
  • Secure authentication protocols
  • Regular security audits
  • Intrusion detection systems
  • Secure data centers

Organizational Measures

  • Access controls and permissions
  • Staff training on data protection
  • Data protection impact assessments
  • Incident response procedures
  • Vendor security requirements

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware
  • We will notify affected users without undue delay if the breach poses a high risk
  • Notifications will include the nature of the breach, likely consequences, and measures taken
  • We will document all breaches and our response actions

How to Exercise Your Rights

To exercise any of your GDPR rights:

Step 1: Submit Your Request

Contact us via:

  • Email: privacy@bubaai.com or dpo@bubaai.com
  • Account Settings: Settings → Privacy → Data Rights

Please include your full name, email address, and specific request details.

Step 2: Identity Verification

To protect your privacy, we may ask you to verify your identity before processing your request. This may involve confirming account details or answering security questions.

Step 3: Response Timeline

We will respond to your request:

  • Within 1 month of receiving your request
  • Extended to 2 months for complex requests (with notification)
  • Free of charge for the first request
  • We may charge a reasonable fee for excessive or repetitive requests

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority.

EU Supervisory Authorities

You can contact your local data protection authority in your EU member state. Find your local authority at:

European Data Protection Board - Member Authorities

We encourage you to contact us first so we can address your concerns directly, but you have the right to lodge a complaint at any time.

Children's Personal Data

Our service is not directed at children under 16 years of age (or the applicable age of digital consent in your country). We do not knowingly collect personal data from children.

If you believe we have collected data from a child, please contact us immediately at privacy@bubaai.com so we can delete it.

Updates to This GDPR Policy

We may update this GDPR policy to reflect changes in our practices or legal requirements. When we make significant changes:

  • We'll update the "Last updated" date
  • We'll notify you via email
  • We'll post a notice in your account dashboard
  • We'll give you at least 30 days notice before changes take effect

Contact Our Data Protection Officer

For any questions about GDPR compliance or to exercise your rights:

Data Protection Officer: dpo@bubaai.com

Privacy Team: privacy@bubaai.com

General Support: support@bubaai.com

We aim to respond to all GDPR-related inquiries within 48 hours.

Related Policies

For more information about how we handle your data:

Privacy Policy

Comprehensive information about our data practices

Terms of Service

Terms and conditions for using Buba AI