New: Governed workflows with a human gate

Privacy Policy

1. Introduction

This Privacy Policy describes how BiVelio Inc ("we," "us," or "our"), a corporation incorporated in Delaware (United States) and operator of the BiVelio platform, collects, uses, discloses, and protects your personal information when you use our platform and services (the "Service"). BiVelio Inc owns the associated trademark, patents and intellectual property.

By accessing or using BiVelio, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide Directly

Account InformationFull name, email address, organization name, and password when you create an account.

Profile InformationJob title, phone number, and other details you add to your profile.

Payment InformationBilling address and payment method details processed through our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.

CommunicationsInformation you provide when contacting our support team, submitting feedback, or participating in surveys.

User ContentData, documents, workflows, agent configurations, and any other content you create, upload, or process through the Service.

3.2 Information Collected Automatically

Usage DataPages visited, features used, actions taken, time spent on the Service, and interaction patterns.

Device InformationBrowser type and version, operating system, device type, screen resolution, and unique device identifiers.

Log DataIP address, access times, referring URLs, and error logs.

Cookies and Similar TechnologiesWe use essential cookies for authentication and session management, and analytics cookies to improve our Service. See Section 9 for details.

3.3 Information from Third-Party Integrations

When you connect third-party services (e.g., Google, Meta, WhatsApp, Telegram, HubSpot, Stripe), we may receive information from those services in accordance with their privacy policies and the permissions you grant. This may include:

OAuth tokens and authorization credentials

Contact lists and customer data from CRM integrations

Messaging history from connected channels

Calendar events and scheduling data

4. How We Use Your Information

We use the information we collect for the following purposes:

Service DeliveryTo provide, maintain, and improve the BiVelio platform, including AI agent management, workflow automation, and multi-channel communication.

Account ManagementTo create and manage your account, authenticate your identity, and provide customer support.

CommunicationTo send service-related notifications, security alerts, and updates. Marketing communications are sent only with your consent.

Analytics and ImprovementTo analyze usage patterns, diagnose technical issues, and develop new features.

SecurityTo detect, prevent, and address fraud, abuse, security risks, and technical issues.

Legal ComplianceTo comply with applicable laws, regulations, legal processes, or governmental requests.

AI ProcessingTo power AI-driven features such as intelligent agents, smart attachments, data classification, and automated workflows. Your data processed by AI models is not used to train third-party models.

5. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds:

Contract PerformanceProcessing necessary to deliver the Service you have subscribed to.

Legitimate InterestsProcessing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.

ConsentWhere you have given explicit consent, such as for marketing communications or optional analytics cookies.

Legal ObligationProcessing necessary to comply with our legal obligations.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

Affiliated EntitiesWe do not share your data with affiliated entities: BiVelio Inc is the sole controller.

Service ProvidersThird-party vendors who assist in delivering the Service (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to protect your data and use it only as directed.

Third-Party IntegrationsWhen you explicitly connect third-party services, data is shared as necessary to enable the integration.

Legal RequirementsWhen required by law, regulation, legal process, or governmental request.

Business TransfersIn connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

With Your ConsentIn any other case where you have given explicit consent.

7. International Data Transfers

As a global service operated by BiVelio Inc (Delaware, U.S.), your data may be transferred to, stored, and processed in jurisdictions outside your country of residence. When we transfer data internationally, we implement appropriate safeguards including:

Standard Contractual Clauses (SCCs) approved by the European Commission

Data Processing Agreements with all sub-processors

Encryption in transit and at rest

Assessment of the data protection laws in recipient countries

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:

Account DataRetained while your account is active and for 30 days after deletion request.

Usage LogsRetained for up to 12 months for analytics and security purposes.

Audit LogsRetained for up to 7 years to meet regulatory compliance requirements.

Backup DataRetained for up to 90 days after deletion from active systems.

9. Cookies and Tracking Technologies

We use the following types of cookies:

Strictly Necessary CookiesRequired for authentication, session management, and security. These cannot be disabled.

Functional CookiesRemember your preferences and settings to enhance your experience.

Analytics CookiesHelp us understand how the Service is used to improve performance and features. These are only set with your consent.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10. Data Security

We implement industry-standard security measures to protect your personal data, including:

TLS 1.3 encryption for all data in transit

AES-256 encryption for data at rest

Role-based access controls (RBAC) and Row-Level Security (RLS)

Regular security audits and penetration testing

SOC 2 Type II compliant infrastructure

Multi-factor authentication support

Automated threat detection and monitoring

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

AccessRequest a copy of the personal data we hold about you.

RectificationRequest correction of inaccurate or incomplete data.

ErasureRequest deletion of your personal data ("right to be forgotten").

RestrictionRequest restriction of processing of your data.

PortabilityRequest a copy of your data in a structured, machine-readable format.

ObjectionObject to processing based on legitimate interests or for direct marketing.

Withdraw ConsentWhere processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at privacy@bivelio.com. We will respond within 30 days of receiving your request.

12. Children's Privacy

BiVelio is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

16. Supervisory Authority

If you are located in the EEA and believe that our processing of your personal data infringes applicable law, you have the right to lodge a complaint with your local data protection supervisory authority.