Privacy Policy

This Privacy Policy describes how Buivo, Inc. (“Buivo,” “we,” “us,” or “our”), a Delaware corporation, collects, uses, discloses, and protects your information when you access or use our website at buivo.ai, our platform at app.buivo.ai, our APIs, and any other services we provide (collectively, the “Service”). The Service includes our AI-powered software development platform and related tools.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use the Service.

Note for commercial and enterprise customers: This Privacy Policy applies to individual users of the Service. If your employer or organization has entered into a separate agreement with Buivo (such as a Master Services Agreement or Data Processing Agreement), your use of the Service is governed by that agreement and the data processing terms therein. This Privacy Policy does not apply to the extent that Buivo processes personal data on behalf of commercial customers as a data processor.

1. Information We Collect

We collect information to provide, improve, and secure the Service. The types of information we collect depend on how you interact with our platform.

1.1 Account Information

When you register for an account, we collect your name, email address, username, password (encrypted), organization name, and billing contact information.

1.2 User Content and Code

When you use the Service, you may submit source code, repository data, prompts, instructions, and other content (“User Content”) to interact with our AI features. We process User Content solely to provide the Service to you.

1.3 Payment Information

We use Stripe as our payment processor. Buivo does not directly store your full credit card number or bank account details. Stripe collects and processes payment information in accordance with its own privacy policy and PCI DSS standards.

1.4 Usage Data

We automatically collect information about how you interact with the Service, including: IP address, browser type and version, device information, operating system, pages visited, features used, service usage data, session duration, referring URLs, and timestamps of access. We collect this data through cookies, log files, and similar technologies.

1.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate the Service, remember your preferences, and analyze usage patterns. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted). You can control cookie preferences through your browser settings. We also use third-party analytics services, including Google Analytics and Mixpanel, which may set their own cookies.

1.6 Communications

When you contact us via email or through the Service, we collect the content of your communications and any information you voluntarily provide.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service, including processing your User Content through our AI models to generate code, suggestions, and other outputs.
• To process transactions and manage your subscription in accordance with the plan you select.
• To communicate with you, including sending service-related notices, updates, security alerts, and support messages.
• To improve and develop the Service, including analyzing usage patterns, diagnosing technical issues, and developing new features.
• To ensure security, detect fraud, and protect against unauthorized access or misuse of the Service.
• To comply with legal obligations, enforce our Terms of Service, and respond to lawful requests from authorities.

3. AI and Machine Learning Data Practices

This section describes how we handle data in connection with our AI technology and is critical to understanding your rights as a user of our platform.

3.1 Processing of User Content

When you submit User Content (including code, prompts, and instructions) to the Service, our AI models process this content to generate outputs such as code, documentation, and suggestions. This processing occurs in real time and is necessary to deliver the core functionality of the Service. The Service may process User Content through our proprietary AI models and, where applicable, select third-party AI service providers. All third-party providers are bound by contractual obligations to protect your data and are prohibited from using your User Content for their own training purposes.

3.2 Model Training and Improvement

Buivo does not use your User Content to train or improve our AI models unless you explicitly opt in. If you choose to participate in our model improvement program, your data will be anonymized and aggregated before being used for training purposes. You can manage your training preferences at any time through your Account privacy settings. Your decision will not affect your access to or the quality of the Service.

Please note that if you previously opted in and your anonymized data was incorporated into a trained model, it may not be technically feasible to extract that specific data from the model's learned parameters. However, we will cease using any new data from you upon opt-out, and we will delete identifiable copies of your data in accordance with our retention schedule.

3.3 Ownership of AI-Generated Outputs

You retain all rights, title, and interest in the outputs generated by the Service based on your User Content. Buivo does not claim any ownership or intellectual property rights over code, documentation, or other content generated in response to your inputs. This is consistent with industry-standard practices adopted by leading AI-assisted development platforms.

3.4 Automated Decision-Making

The Service provides AI-generated suggestions and code outputs to assist your development workflow. These outputs are tools to support your work, not autonomous decisions that produce legal or similarly significant effects on you. You retain full control over whether to accept, modify, or reject any output generated by the Service.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers (Subprocessors)

We share information with third-party service providers who perform services on our behalf, subject to contractual obligations to protect your data.

We may update our list of subprocessors from time to time. For the most current list, please contact us at privacy@buivo.ai.

4.2 Legal Requirements

We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena, court order, or government request), to enforce our Terms of Service, to protect the rights, property, or safety of Buivo, our users, or the public, or to detect, prevent, or address fraud, security, or technical issues.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Information: Retained for the duration of your account. Upon account deletion, personal data is permanently deleted within 30 days.
• User Content (code, prompts, outputs): Deleted within 30 days of account cancellation. You may delete specific User Content at any time through the platform.
• Usage Data and Logs: Retained in anonymized form for up to 12 months for analytics and service improvement purposes.
• Payment Records: Retained as required by applicable tax and financial regulations (typically 7 years).
• Communications: Retained for up to 24 months after the last interaction for support purposes.
• Safety and Abuse Records: Content flagged by our trust and safety systems may be retained for up to 2 years to comply with legal obligations, enforce our Terms of Service, and protect the safety of our users and the public, even if the associated account is deleted.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Access controls and role-based permissions for internal systems.
• Regular security assessments and vulnerability testing.
• Secure development practices and code review processes.
• Incident response procedures and breach detection mechanisms.
• Cloud infrastructure with geographic redundancy.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents in accordance with applicable law.

7. Your Rights and Choices

7.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to certain legal exceptions.
• Data Portability: Request a machine-readable copy of your personal data.
• Objection: Object to processing of your personal data for certain purposes.
• Restriction: Request that we restrict processing of your personal information.
• Withdrawal of Consent: Withdraw consent at any time where processing is based on consent, including opting out of model training.

To exercise any of these rights, please contact us at privacy@buivo.ai. We will respond to your request within 30 days (or as required by applicable law).

7.2 Privacy Controls

You can manage your privacy preferences directly from your Account settings, including: opting in or out of our model improvement program, deleting specific User Content, exporting your data, and managing cookie preferences. Changes to your privacy settings take effect immediately for new interactions.

7.3 Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases: performance of a contract (to provide the Service), legitimate interests (to improve and secure the Service), consent (for model training opt-in and marketing communications), and compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority. For international data transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

7.4 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including: the right to know what personal information we collect, use, and disclose; the right to delete personal information; the right to opt out of the sale or sharing of personal information (note: we do not sell your personal information); the right to non-discrimination for exercising your privacy rights; and the right to limit use of sensitive personal information. You may also designate an authorized agent to make requests on your behalf. We honor Global Privacy Control (GPC) signals as valid opt-out requests in accordance with applicable law.

7.5 Marketing Communications

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us at privacy@buivo.ai. Please note that we may still send you non-promotional messages related to the Service, such as security alerts and account notifications.

8. International Data Transfers

Buivo is headquartered in the United States, and our infrastructure is hosted on Google Cloud Platform. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. When we transfer personal data internationally, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs), data processing agreements with our subprocessors, and technical measures such as encryption and access controls. By using the Service, you acknowledge that your information may be transferred to countries with different data protection laws than your country of residence.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe that we have collected information from a child under 16, please contact us at privacy@buivo.ai.

10. Third-Party Links and Integrations

The Service may contain links to third-party websites or integrate with third-party services (such as GitHub, GitLab, and other developer tools). This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service. When you connect a third-party integration (e.g., a GitHub repository), we only access the data you explicitly authorize and for the purposes described in this Privacy Policy.

11. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and applicable regulatory authorities in accordance with applicable law. For GDPR-covered breaches, notification will occur within 72 hours of becoming aware of the breach. For CCPA-covered breaches, notification will occur in the most expedient time possible and without unreasonable delay. Notifications will include: the nature of the breach, the categories of data affected, the likely consequences, and the measures taken to address the breach.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by sending a notice to the email address associated with your account or by placing a prominent notice on the Service at least 30 days before the changes take effect. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For data protection inquiries from the EEA/UK, you may also contact our designated representative by emailing privacy@buivo.ai with the subject line “GDPR Inquiry.”

© 2026 Buivo, Inc. All rights reserved.