Privacy Policy for Bluconnect AI India Pvt Ltd - Customizable B2B ERP with AI Agents

• Company name, business registration details
• Business contact information (addresses, phone numbers)
• Industry classification and business type

• Names and job titles of authorized users
• Business email addresses
• User credentials and authentication data
• Role and permission settings
• User preferences and settings

• Inventory and supply chain data
• Employee records (as entered by clients)
• Project and operational data
• Custom fields and configurations

• Data inputs provided to AI agents
• User interactions with AI features
• Performance metrics and analytics

• IP addresses
• Log files and system activities
• Feature usage patterns
• Performance metrics

• Support ticket communications
• Chat logs and correspondence
• Meeting recordings (with consent)
• Feedback and survey responses

• Delivering ERP functionality and AI agent services
• Processing business transactions and workflows
• Providing customer support and technical assistance
• Managing user accounts and access controls
• Customizing the platform to your business needs

• Providing automated recommendations and insights
• Generating business intelligence and analytics

*Important: AI processing is conducted with privacy-preserving techniques, including data minimization, anonymization where possible, and purpose limitation.

• Improving platform performance and reliability
• Developing new features and capabilities
• Conducting security assessments and monitoring
• Analyzing usage patterns for optimization
• Personalizing user experience

• Meeting regulatory and legal obligations
• Preventing fraud and security threats
• Enforcing our terms of service
• Responding to legal requests and investigations
• Maintaining business records as required by law

We never sell, rent, or trade your personal data to third parties for marketing or advertising purposes.

We may share your data only in the following circumstances:

• Service Providers: With trusted third-party processors who assist in delivering our services, under strict data processing agreements.
• Business Transfers: In connection with mergers, acquisitions, or asset sales, with appropriate data protection safeguards.
• Legal Requirements: When required by law, court order, or to protect our rights and safety.
• With Your Consent: When you explicitly authorize specific data sharing.

If we transfer data internationally, we ensure adequate protection through:

• EU Standard Contractual Clauses
• Adequacy decisions by relevant authorities
• Other approved transfer mechanisms
• Additional safeguards as required

• Regular security assessments and penetration testing
• Secure development practices and code reviews

• Staff training on data protection and security
• Strict access controls on a need-to-know basis
• Regular security audits and compliance assessments
• Incident response and breach notification procedures

• 24/7 monitoring and threat detection
• Regular security updates and patch management
• Disaster recovery and business continuity plans
• Isolated customer environments and data segregation

We retain personal data only as long as necessary for:

• Fulfilling the purposes for which it was collected
• Complying with legal and regulatory obligations
• Resolving disputes and enforcing agreements
• Billing Records: 7 years for tax and accounting compliance

• Automated deletion processes for expired data
• Secure deletion using industry-standard methods
• Regular audit trails of deletion activities
• Customer-initiated deletion options in the platform

• Essential Cookies: Required for platform functionality
• Performance Cookies: To analyze and improve service performance
• Functional Cookies: To remember your preferences and settings
• Security Cookies: For authentication and fraud prevention

We may use third-party services for:

• Analytics and performance monitoring
• Customer support tools
• Security and fraud prevention
• Integration with external business systems

We maintain compliance with:

• ISO 27001: Information Security Management System
• SOC 2 Type II: Security, availability, and confidentiality
• GDPR: EU data protection requirements
• Industry Standards: Relevant sector-specific requirements

• Annual third-party security audits
• Quarterly privacy impact assessments
• Continuous monitoring and compliance reviews
• Regular staff training and certification updates

In case of a data breach, we will:

• Contain and investigate the incident immediately
• Assess the risk to individuals and businesses
• Notify relevant authorities within 72 hours (where required)
• Inform affected customers without undue delay
• Provide clear information about the incident and remediation steps

Business customers should:

• Implement appropriate internal security measures
• Report suspected security incidents promptly
• Notify their own stakeholders as required by law
• Cooperate with incident investigation and response

• Email: security@bluconn.ai
• Address: FIRST-FR, FL-A, 2, RAM SETT ROAD BEADON STREET, Kolkata, West Bengal, India - 700006

• Email: support@bluconn.ai