Privacy Policy

Last updated: January 11, 2025

1. Introduction

Welcome to Bantum, an AI-powered business analyst service operated by Excality ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at https://bantum-ba.web.app ("Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).

2. Data Controller

Excality is the data controller responsible for your personal information. For privacy-related inquiries, please contact us at:

3. Information We Collect

3.1 Personal Information You Provide

When you use Bantum, we collect the following information:

  • Name: Your full name
  • Email Address: For communication and sending project requirements documents
  • Company Name: Your organization (optional)
  • Chat Conversations: All messages exchanged with the AI business analyst, including project requirements, budget information, and technical specifications

3.2 Automatically Collected Information

  • Usage Data: Session duration, interaction patterns, and feature usage
  • Technical Data: IP address, browser type, device information, operating system
  • Session Data: Firebase session IDs, authentication tokens, and timestamps
  • Cookies: Essential cookies for session management and functionality (see our Cookie Policy)

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: You provide explicit consent when submitting your information to use our Service
  • Contract Performance: Processing is necessary to provide the AI business analyst service you requested
  • Legitimate Interests: We process data to improve our Service, prevent fraud, and ensure security

5. How We Use Your Information

We use your information for the following purposes:

  • Providing and maintaining the Bantum AI business analyst service
  • Generating project requirements documents based on your conversations
  • Sending PDF reports to your email address
  • Improving our AI models and service quality
  • Analyzing usage patterns to enhance user experience
  • Communicating with you about service updates or issues
  • Ensuring security and preventing fraudulent activity
  • Complying with legal obligations

6. Data Storage and Security

Your data is stored securely using Google Firebase and Google Cloud Platform services:

  • Firestore Database: Stores chat sessions, user information, and conversation history
  • Firebase Storage: Stores generated PDF documents with signed URLs (7-day expiration)
  • Cloud Functions: Processes requests and generates requirements documents

We implement industry-standard security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for stored data
  • Firebase App Check for request validation
  • Rate limiting to prevent abuse
  • Regular security audits and updates

7. Data Sharing and Third Parties

We share your data with the following third parties:

7.1 Service Providers

  • Google Firebase/Cloud Platform: Infrastructure, database, and storage services
  • AI/LLM Providers: Your chat messages are processed by third-party AI models (XAI Grok or Together AI) to generate responses and requirements documents

7.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

8. Data Retention

We retain your personal data for the following periods:

  • Chat Sessions: Stored indefinitely unless you request deletion
  • PDF Documents: Signed URLs expire after 7 days; files may be retained in storage for up to 90 days
  • User Information: Retained while you use the Service and for 12 months after your last session
  • Logs and Analytics: Retained for up to 90 days

You may request earlier deletion at any time (see "Your Rights" below).

9. Your Rights Under GDPR

If you are in the EEA, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (does not affect lawfulness of prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@excality.com. We will respond within 30 days.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States. We ensure adequate protection through:

  • Google's compliance with GDPR and EU-U.S. Data Privacy Framework
  • Standard contractual clauses with third-party processors
  • Regular data protection impact assessments

11. Children's Privacy

Bantum is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us at: