Privacy Policy

At BPMN AI, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our BPMN diagram generation and collaboration platform.

BPMN AI is operated by Adisa Technologies FZE, registered in Sharjah Publishing City Free Zone, United Arab Emirates. For privacy inquiries, contact us at support@bpmnai.com.

Please read this Privacy Policy carefully. By accessing or using BPMN AI, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Register for an account
• Subscribe to our services
• Request customer support
• Sign up for our newsletter

The personal information we collect may include:

• Name
• Email address
• Password (stored in an encrypted format)
• Profile information
• Billing information

2.2 Diagram Content and Usage Data

We collect the content of the BPMN diagrams you create, edit, and store on our platform. We also collect usage data such as:

• Features you use
• Actions you take
• Time spent on the platform
• Interactions with other users

2.3 Technical Information

Our servers automatically collect certain information when you use BPMN AI, including:

• IP address
• Browser type
• Operating system
• Device information
• Access dates and times
• Pages visited
• Referring website addresses

2.4 Cookies and Similar Technologies

We use the following types of cookies and similar technologies:

• Strictly Necessary Cookies: Required for authentication, security, and core platform functionality. These cannot be disabled.
• Analytics Cookies: We use Vercel Analytics and PostHog to understand how visitors use the platform (page views, feature usage, performance). This data helps us improve the Service.

We do not currently use advertising, retargeting, or third-party marketing cookies. You may manage cookie preferences through your browser settings.

We may use the information we collect for various purposes, including to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send administrative information, such as updates, security alerts, and support messages
• Respond to your comments, questions, and requests
• Develop new products, services, features, and functionality
• Monitor and analyze trends, usage, and activities in connection with our services
• Detect, prevent, and address technical issues, fraud, and illegal activities
• Personalize your experience on our platform

We process your personal data on the following legal bases:

• Contractual necessity: Account registration, service delivery, billing, and customer support — these are required to provide the Service to you.
• Legitimate interest: Product analytics, usage trends, fraud detection, and security — we balance these against your privacy rights.
• Consent: Marketing emails and product update newsletters — you may unsubscribe at any time via the link in any email.
• Legal obligation: Tax and billing record retention as required by applicable law.

Your diagram content and process data are used solely to generate and deliver your BPMN diagrams. To provide this functionality, your input is sent to our AI providers (currently OpenAI and Anthropic) for processing.

We do not currently use your content to train, fine-tune, or improve our own AI models. If we decide to do so in the future, we will update this policy and obtain your explicit consent before using any identifiable content for that purpose.

Our AI providers have their own data handling policies. We use their APIs in a manner that excludes customer data from their model training programs where such options are available.

We may share your information in the following situations:

• With Your Consent: We may disclose your information when you have given us permission to do so.
• With Service Providers: We may share your information with third-party vendors, consultants, and other service providers who need access to your information to perform services on our behalf.
• For Collaboration: When you choose to share diagrams or collaborate with other users, your name, profile information, and shared content will be visible to those users.
• For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
• Business Transfers: We may share or transfer your information in connection with a merger, acquisition, reorganization, or sale of assets.

We use the following third-party services to operate the platform:

• Vercel (San Francisco, US) — Website hosting and content delivery
• Supabase (San Francisco, US) — Database, authentication, and file storage
• Stripe (UAE) — Payment processing and subscription billing
• OpenAI (San Francisco, US) — AI-powered diagram generation
• Anthropic (San Francisco, US) — AI-powered diagram generation
• PostHog (US) — Product analytics

Each provider processes data on our behalf under their standard data processing terms.

We implement appropriate technical and organizational measures to protect the security of your personal information. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure.

We retain different categories of data for different periods:

• Account and profile data: Retained while your account is active. If you close your account, we will delete your personal data within 90 days, except as noted below.
• Diagram content: Retained while your account is active. Deleted within 90 days of account closure unless you request earlier deletion by emailing support@bpmnai.com.
• Billing and transaction records: Retained for 7 years after the transaction date to comply with tax and accounting obligations.
• Analytics and usage data: Retained in identifiable form for up to 24 months, then anonymized or deleted.
• Marketing preferences: Retained until you unsubscribe or withdraw consent.
• Technical logs: Retained for up to 90 days for security and debugging purposes.

Depending on your location, you may have certain rights regarding your personal information, including:

• The right to access your personal information
• The right to rectify inaccurate personal information
• The right to delete your personal information
• The right to restrict processing of your personal information
• The right to data portability
• The right to object to processing of your personal information
• The right to withdraw consent

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

To provide the Service, your data is processed in the following locations:

• United Arab Emirates: Payment processing (Stripe)
• United States: Cloud hosting (Vercel), database and authentication (Supabase), AI processing (OpenAI, Anthropic), and product analytics (PostHog)

We select service providers who maintain appropriate security standards. Where your data is transferred outside your country of residence, we rely on the data protection terms provided by our service providers and, where applicable, your consent to use the Service.

If you are located in the United Arab Emirates, your personal data is subject to Federal Decree-Law No. 45 of 2021 (the Personal Data Protection Law). You have the right to access your personal data, request correction of inaccurate data, request deletion of your data, and object to certain types of processing. To exercise these rights, contact support@bpmnai.com. We will respond within 30 days.

If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion of your personal information, and opt out of the sale of personal information. We do not sell your personal information. To exercise these rights, contact support@bpmnai.com.

In the event of a personal data breach that we believe poses a risk to your rights, we will notify affected users by email as soon as reasonably practicable and no later than 72 hours after becoming aware of the breach.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top.

If you have any questions about this Privacy Policy, please contact us at support@bpmnai.com.