Privacy Policy
Last updated: March 10, 2026
1. Introduction
Bibike ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise resource planning (ERP) software and services.
2. Information We Collect
We collect information that you provide directly to us:
- Account Information: Name, email address, phone number, business name, and password when you create an account.
- Business Data: Product information, inventory data, sales records, customer information, supplier details, and financial records you enter into the system.
- Payment Information: Billing address and payment method details for subscription services.
- Communications: Messages you send to us for support or feedback.
We automatically collect:
- Usage Data: Pages visited, features used, and actions taken within the application.
- Device Information: Browser type, operating system, IP address, and device identifiers.
- Log Data: Access times, error logs, and system activity for security and troubleshooting.
2.5 AI-Related Data
When you use our AI-powered features (chat assistant, smart suggestions, automated categorization, OCR, and reporting), we collect:
- AI Conversations: Your messages and AI responses, including the context of the page you are viewing.
- AI Audit Logs: Records of AI interactions including input summaries, output summaries, model used, confidence scores, and processing costs.
- AI Feedback: Corrections or ratings you provide on AI outputs, used to improve suggestion quality.
Important: To provide AI features, portions of your business data and queries are sent to third-party AI providers for processing. We apply PII detection and redaction before transmission where possible, but some business context (product names, sales figures, customer names referenced in your queries) may be included. See Section 4 for details on which providers receive your data.
3. How We Use Your Information
We use the collected information to:
- Provide, maintain, and improve our services
- Process transactions and send related information
- Send technical notices, updates, and security alerts
- Respond to your comments, questions, and support requests
- Monitor and analyze usage patterns to improve user experience
- Detect, investigate, and prevent fraudulent or unauthorized activities
- Comply with legal obligations
4. Data Sharing and Disclosure
We do not sell your personal information. We may share information with:
- AI Providers: To power AI features, we send business context and your queries to one or more of the following providers:
- Anthropic (Claude) — Privacy Policy
- OpenAI (GPT) — Privacy Policy
- Google (Gemini) — Privacy Policy
- Groq — Privacy Policy
- OpenRouter — Privacy Policy
These providers process your data to generate AI responses and do not use your data to train their models under our API agreements. Professional and Enterprise customers using their own API keys (BYOK) send data directly to their chosen provider under their own agreement.
- Payment Processors: Paypack (Rwanda), and in the future Stripe, Flutterwave, and other regional processors for subscription billing.
- Hosting & Infrastructure: Our servers are hosted by Namecheap. Data is stored on servers located in the United States.
- Email Services: Transactional emails are sent via our configured SMTP provider.
- Analytics: Google Analytics 4 for website usage analytics (subject to your cookie consent).
- Legal Requirements: When required by law or to protect our rights, safety, or property.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
- With Your Consent: When you explicitly authorize us to share information.
5. Data Security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS/SSL), secure password hashing, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure.
6. Data Retention
We retain your information for as long as your account is active or as needed to provide services. We may retain certain information as required by law or for legitimate business purposes (e.g., financial records for 7 years per accounting regulations).
7. Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your personal data (subject to legal retention requirements).
- Portability: Receive your data in a structured, machine-readable format.
- Object: Object to certain processing activities.
- Withdraw Consent: Withdraw previously given consent at any time.
To exercise these rights, contact us at privacy@bibike.app.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States (where our AI providers and hosting infrastructure are located). We ensure appropriate safeguards are in place, including contractual data processing agreements with our providers. For users in Rwanda, transfers are conducted in accordance with the Data Protection Law (2021). For users in the EU/EEA, we rely on Standard Contractual Clauses (SCCs) where applicable.
9. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Fivorana Ltd (trading as Bibike)
Kigali, Rwanda
Email: privacy@bibike.app
Website: https://bibike.app