Privacy Policy

Bazztech Solutions
Nairobi, Kenya
Email: privacy@bazztech.co.ke

• Account Data: Name, email address, company name, job title, phone number provided during registration.
• Payment Data: Billing address and payment method details (processed by Stripe or M-Pesa; we do not store raw card data).
• Usage Data: Log files, IP address, browser type, pages visited, and interaction events (via Vercel Analytics).
• Client Operational Data: Data you connect to our pipelines (e.g., inventory records, invoices, CRM contacts) solely for processing agreed automation workflows.
• Communication Data: Emails, WhatsApp messages, and support tickets you send to us.

• To provide, operate, and improve our Services
• To process payments and send invoices
• To communicate updates, security notices, and service changes
• To monitor performance, detect fraud, and ensure platform security
• To comply with legal obligations under Kenyan law and GDPR
• To send marketing communications (only with your explicit consent; opt-out available at any time)

• Contract: Processing necessary to deliver the Services you have contracted for.
• Legitimate Interests: Security monitoring, fraud prevention, and product improvement.
• Consent: Marketing emails and analytics cookies. You may withdraw consent at any time.
• Legal Obligation: Tax records, audit trails, and regulatory compliance.

Where we use third-party Large Language Models (e.g., OpenAI GPT-4o) to process your operational data:

• We operate under zero-retention agreements — your prompts and completions are not used to train third-party models.
• For regulated industries, we offer self-hosted LLM deployment on your own VPC, meaning data never leaves your environment.
• Embeddings stored in vector databases (e.g., Pinecone) are stored in your assigned namespace only and are never shared across tenants.

We do not sell your personal data. We may share data with:

• Service Providers: Stripe (payments), Pinecone (vector storage), Google Cloud (hosting), n8n (workflow orchestration) — bound by Data Processing Agreements.
• Legal Authorities: Where required by law, court order, or to protect the rights of BazzAI or its users.

We retain personal data for as long as your account is active or as needed to provide Services. Upon termination:

• Account data is deleted within 90 days of account closure.
• Operational pipeline data is purged within 30 days upon written request.
• Financial records are retained for 7 years per Kenyan tax law requirements.

Under GDPR and Kenya DPA 2019, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Restriction — request we limit processing while a dispute is resolved

To exercise any of these rights, email privacy@bazztech.co.ke. We will respond within 72 hours.

We implement industry-standard security controls including AES-256 encryption at rest, TLS 1.3 in transit, multi-tenant environment isolation, and regular penetration testing. See our Security Page for full details.

We use Vercel Analytics to collect anonymous usage data. No cookies are used for advertising or cross-site tracking. You may opt out of analytics tracking by enabling "Do Not Track" in your browser.

If your data is transferred outside Kenya or the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent) in accordance with GDPR Article 46 and Kenya DPA Section 25.

We may update this Privacy Policy. Material changes will be communicated by email or in-platform notice at least 14 days before taking effect. Continued use of our Services constitutes acceptance.

For privacy questions: privacy@bazztech.co.ke

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (Kenya) at odpc.go.ke, or your local EU supervisory authority.