Privacy Policy

• Personal Data means any information relating to an identified or identifiable natural person. • Controller means the entity that determines the purposes and means of processing. • Processor means the entity that processes personal data on behalf of the Controller.

Controller: Buzzbip 1053 La Marsa, Tunis Email: [email protected] Phone: ‎(+216) 25 53 66 66‎

This policy applies to: • Users accessing the Buzzbip website • Customers using the SaaS automation platform • End-users whose personal data is processed through customer integrations Buzzbip acts as: • Controller for data relating to Buzzbip account users • Processor for customer data imported from e-commerce platforms and messaging channels

A. Controller Data (Buzzbip Accounts) Collected when you register or contact support: • Business name • Email • Phone number • Billing details • Login credentials • Support messages • IP address • Device/browser information • Usage metadata B. Processor Data (Customer Store & Communications) When you connect your store or API, Buzzbip processes on your behalf: • Customer names • Phone numbers • Email addresses • Order IDs • Cart content • Product names, SKUs, categories • Prices and quantities • Purchase history • WhatsApp messages & metadata • Automation workflow context • CRM fields • Conversation history • Custom mapped fields All such data remains the property of the customer (Controller).

Buzzbip processes data to: • Provide automation and messaging services • Sync orders • Send WhatsApp messages • Authenticate users • Manage subscriptions • Operate AI Agents • Prevent fraud • Maintain platform security • Perform anonymized analytics • Fulfil legal obligations Buzzbip does not sell or distribute personal data.

Controller Processing • Consent • Contract performance • Legitimate interests (support, security) • Legal obligations Processor Processing • Processing strictly based on customer instructions • Contractual necessity • Compliance with law Buzzbip does not determine independent purposes when acting as a processor.

Buzzbip integrates with: • Salla • Shopify • Magento • WooCommerce • PrestaShop • WhatsApp (Meta-approved BSPs) • Custom APIs By connecting these services, customers authorize Buzzbip to access, store, and process necessary data for automation. Buzzbip is not responsible for the privacy practices of third-party platforms.

Buzzbip may share data with: A. Sub-Processors Including but not limited to: • Google Cloud • WhatsApp BSPs • AI providers (OpenAI, Google, Anthropic) • Analytics providers • Logging & monitoring tools • SMS/Email partners • Payment providers (if applicable) All sub-processors are bound by GDPR-compliant agreements. B. Business Transfers In case of merger, sale, or restructuring. C. Legal Requirements When required by Tunisian law or the law applicable to the data subject.

Personal data may be transferred outside the EU only when: • Standard Contractual Clauses (SCCs) apply • Provider safeguards are in place • Data is encrypted Customers remain responsible for ensuring lawful transfers where applicable.

• Active accounts: retained while subscription remains active • Inactive/closed accounts: retained for 12 months, then deleted or anonymized • Security logs: retained up to 12 months or longer if legally required Deletion is irreversible.

Buzzbip uses: • Encryption in transit & at rest • Secure token storage • Role-based access control • Network segmentation • Audit logs • Vulnerability scanning • Incident response procedures No system is 100% secure — clients must protect their API keys.

Clients must: • Obtain all required customer consents • Comply with GDPR, CCPA, anti-spam laws • Maintain their own privacy policy • Inform users about WhatsApp marketing • Ensure lawful use of AI features • Follow Meta messaging rules Buzzbip is not responsible for misuse by clients.

Buzzbip offers AI Agents capable of: • Automated replies • Classification • Segmentation • Message generation • Support automation Data Accessible by AI • Messages • Orders • Products • Categories • Conversation context • Templates AI Providers AI providers (OpenAI, Google, Anthropic): • Act as Sub-Processors • Do not train models on customer data • Implement SCCs • Receive only minimal data Automated Decision-Making Automated workflows may qualify as automated decision-making. Users may request: • Human review • Intervention • Contestation Logging Logs are used for: • Reliability • Analytics • Client history Logs follow the 12-month retention rule.

Depending on your jurisdiction: • Access • Rectification • Erasure • Restriction • Objection • Portability • Withdrawal of consent Requests: [email protected] You may also lodge a complaint with: • INPDP (Tunisia) • Or the authority in your EU member state

We use cookies for: • Session management • Analytics • Platform performance You may disable cookies through your browser.

We may update this policy periodically. The "Last Updated" date reflects the latest version.

This policy is governed by: • Law of the Republic of Tunisia Disputes fall under: • Courts of Tunis, Tunisia

Customer data is hosted based on client business location to ensure appropriate protections and compliance.

Categories include: • Cloud hosting • AI providers • WhatsApp BSPs • Email/SMS partners • Analytics • Security monitoring • Payments A full updated list is available upon request.

If you have any questions about privacy: Buzzbip Boulevard Sadok Mokaddem Les Berges du Lac 1053 La Marsa, Tunis Email: [email protected] Phone: ‎(+216) 25 53 66 66‎