Privacy Policy

1. Introduction

Welcome to Busel ("we," "our," or "us"). We are committed to protecting your personal data and your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our analytics dashboard service at busel.ai.

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and applies to all users of our service, regardless of location.

2. Data Controller

The data controller responsible for your personal data is:

Busel
Location: Netherlands, European Union
Email: hello@busel.ai
Website: https://busel.ai

3. What Data We Collect

3.1 Account Information

Email address - Used for authentication and service communications
Google account data - When signing in with Google OAuth2 (our primary authentication method), we receive your email and profile information from Google
Password - If using email/password authentication, stored securely using bcrypt hashing (we never store plain text passwords)
Account creation date - For service administration

3.2 Project Information

Project name and description - To organize your analytics data
Website URL - To analyze your landing page and provide insights
Project settings and preferences - To customize your experience

3.3 Integration Data

When you connect third-party services, we collect and process:

Google Analytics data - Page views, sessions, user metrics, traffic sources
Google Search Console data - Search queries, impressions, clicks, positions
Stripe data - Revenue, transactions, customer counts, subscriptions (via API keys you provide)
PostHog data - Analytics events, user sessions (via API keys you provide)
Slack data - Webhook URLs for notifications
Reddit data - API credentials for social analytics

3.4 Usage Data

Log data - IP addresses, browser type, access times, pages viewed
Cookies - Session management, authentication, preferences (see Cookie Policy below)
Error reports - Technical information about errors (via Sentry) to improve service quality

3.5 Payment Information

Stripe payment data - We use Stripe for payment processing. We do not store your credit card details on our servers. Stripe processes and stores payment information securely.
Billing information - Subscription status, billing history

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Contract Performance - To provide our analytics dashboard service as agreed in our Terms of Service
Consent - For analytics cookies and marketing communications (you can withdraw consent at any time)
Legitimate Interest - To improve our service, prevent fraud, and ensure security
Legal Obligation - To comply with applicable laws and regulations

5. How We Use Your Data

We use your personal data for the following purposes:

Service Provision - To create and manage your account, display analytics dashboards, and provide insights
Integration Management - To connect to third-party services and fetch analytics data on your behalf
Communications - To send service notifications, updates, and respond to your inquiries
Service Improvement - To analyze usage patterns, fix bugs, and develop new features
Security - To detect and prevent fraud, unauthorized access, and security incidents
Legal Compliance - To comply with legal obligations and enforce our Terms of Service

6. Data Sharing and Third Parties

We share your data with the following third parties:

6.1 Service Providers

Stripe - Payment processing (GDPR compliant, DPA in place)
Google Cloud Platform - Data storage and hosting (GDPR compliant)
Sentry - Error tracking and monitoring (GDPR compliant)
Resend - Email delivery service (GDPR compliant)

6.2 AI Service Providers

We use AI services to generate insights, recommendations, and power our chat feature. Your analytics data may be processed by:

OpenAI - GPT models for generating insights and chat responses
Anthropic - Claude models for analysis and recommendations
Google - Gemini models for data analysis

These providers process data to generate responses but do not retain your data for training purposes under our agreements.

6.3 Analytics Services You Connect

When you connect third-party analytics services (Google Analytics, PostHog, etc.), we access and process data from these services on your behalf. These services have their own privacy policies.

6.4 Legal Requirements

We may disclose your data if required by law, court order, or government regulation.

We do not sell your personal data to third parties.

7. Data Retention

Account data - Retained while your account is active and for 30 days after deletion request
Analytics data - Retained for the duration of your subscription
Billing records - Retained for 7 years for tax and legal compliance
Log data - Retained for 90 days for security and debugging purposes

8. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access - Request a copy of all personal data we hold about you
Right to Rectification - Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten") - Request deletion of your data
Right to Data Portability - Receive your data in a machine-readable format
Right to Restrict Processing - Limit how we use your data
Right to Object - Object to processing based on legitimate interests
Right to Withdraw Consent - Withdraw consent for marketing or analytics cookies
Right to Lodge a Complaint - File a complaint with your local data protection authority

To exercise any of these rights, please contact us at hello@busel.ai or use the account settings in your dashboard.

Quick Actions

Export your data: Go to Settings → Privacy → Download My Data
Delete your account: Go to Settings → Privacy → Delete Account

9. Cookie Policy

We use cookies and similar tracking technologies. You can manage your cookie preferences using our cookie consent banner.

9.1 Essential Cookies

JSESSIONID - Session management (required for authentication)
XSRF-TOKEN - CSRF protection (required for security)

9.2 Analytics Cookies (Optional)

Sentry - Error tracking to improve service quality

You can block or delete cookies through your browser settings, but this may affect service functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Using service providers that are GDPR compliant and have appropriate safeguards

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption - All data transmitted over HTTPS/TLS
Password Security - Passwords hashed using bcrypt
Access Controls - Limited access to personal data on a need-to-know basis
Regular Security Audits - Monitoring for vulnerabilities and threats
Secure Infrastructure - Hosted on secure cloud infrastructure

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will delete it immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending you an email notification for material changes

14. Contact Us

If you have questions about this Privacy Policy or want to exercise your GDPR rights, please contact us:

Email: hello@busel.ai
Subject: Privacy Request / GDPR Rights
Response Time: We will respond within 30 days as required by GDPR

15. Supervisory Authority

If you are in the European Union and have concerns about our data practices, you have the right to lodge a complaint with your local supervisory authority. As Busel is based in the Netherlands, the lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).