Privacy Policy — Bizbuddy

Plain Language Summary

Quick Read

✓We collect your business details at signup and your customers' order data when they order through WhatsApp on your platform. Website visitors are tracked via Google Analytics and Meta Pixel for marketing.
✓We absolutely do not sell, rent, or trade any data to anyone.
✓Your business and order data is stored on our secure servers. Our website uses Google, Meta, and Vercel infrastructure based in the USA and we are transparent about this.
✓Order data is kept for 2 years. Account data is kept for 5 years after you leave for legal and tax reasons. Voice messages are deleted the moment they are processed.
✓You can ask us to show, fix, or delete your data at any time by emailing info@bizbuddyco.com. We respond within 30 days.

We NEVER sell your data.

We do not sell, rent, trade, or otherwise transfer any personal data to third parties for their own commercial use. This is absolute and unconditional.

Personal Data: Any information that identifies or can be used to identify a natural person, directly or indirectly, as defined under Section 2 of the PDPA 2023.

Platform: The Bizbuddy SaaS application, website, APIs, WhatsApp automation interface, AI order processing engine, delivery integrations, POS interface, and all associated services accessible via bizbuddyco.com.

Data Controller: Bizbuddy, the entity that determines the purpose and means of processing Personal Data collected through the Platform and website.

AI Engine: The automated natural language and voice processing system embedded in the Platform that interprets, processes, and routes food orders placed by Consumers.

WhatsApp Channel: The Meta WhatsApp Business API integration through which Consumers interact with a Client's AI-powered ordering system via the Platform.

From Restaurant Clients (B2B)

Data Category	Examples	Legal Basis
Business Identity	Business name, address, NTN/STRN	Contractual necessity
Account Credentials	Email, hashed password, session tokens	Contractual necessity
Contact Data	Owner name, phone, WhatsApp number	Contractual necessity
Menu and Operational Data	Menu items, pricing, categories, hours	Contractual necessity
Device and Technical Data	IP address, browser, OS via Analytics	Consent

From End Consumers (Via WhatsApp)

Order data, WhatsApp phone number, delivery address, conversation text, and voice message content (converted to text only; raw audio is deleted immediately after processing). Bizbuddy acts as a Data Processor for consumer data. The Restaurant Client is the Data Controller.

From Website Visitors (Automatically)

IP address, browser type, pages visited, session duration, referral source via Google Analytics and Meta Pixel. This data is transferred to Google LLC and Meta Platforms Inc. servers in the USA.

For Restaurant Clients

Create, manage, and maintain your Platform account and Subscription
Deliver AI-powered WhatsApp order automation and all subscribed features
Process payments, generate invoices, and maintain billing records
Send essential service communications, security alerts, and policy changes
Comply with legal and tax obligations under Pakistani law
Outbound messages to consumers outside the 24-hour WhatsApp conversation window are sent only through Meta-approved message templates, in full compliance with Meta's WhatsApp Business Platform policies.

We expressly do NOT

Sell, rent, trade, or transfer any personal data to third parties for commercial use
Use consumer order data for marketing, advertising, or profiling
Train our AI Engine on identifiable personal data without explicit consent
Share data with government authorities except where required by lawful order

Service Provider	Role	Location
Meta (WhatsApp Business API)	Message delivery infrastructure	USA
Meta Pixel	Advertising and analytics	USA
Google Analytics (Google LLC)	Website analytics	USA
Vercel Inc.	Platform and POS hosting	USA
Thermal Printer API	Receipt generation	Local device only

We implement the following security measures:

Encryption of all data in transit using TLS/SSL protocols
Encryption of stored data at rest using AES-256 or equivalent
Role-based access controls ensuring only authorized personnel access specific data
Regular security assessments and vulnerability monitoring
Automated backup systems and disaster recovery protocols
Formal incident response procedures in compliance with PDPA 2023 breach notification requirements

Data Category	Retention Period
Client Account Data	Active Subscription plus 5 years
Consumer Order Data	2 years from order date
Payment and Invoice Records	6 years (FBR compliance)
Website Server Logs	90 days
Voice Messages (raw audio)	Deleted immediately after AI processing

Right of Access

Request a copy of all personal data we hold about you.

Right to Correction

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data, subject to legal retention obligations.

Right to Withdraw Consent

Withdraw consent for analytics or advertising processing at any time.

How to Exercise Your Rights

Email info@bizbuddyco.com. We acknowledge within 5 business days and respond substantively within 30 days.

This Privacy Policy is governed by the laws of the Islamic Republic of Pakistan, including the PDPA 2023 and PECA 2016. Any disputes shall be subject to the exclusive jurisdiction of the courts of Karachi, Sindh, Pakistan.

Email:info@bizbuddyco.com

City:Karachi, Sindh, Pakistan