BondhuBot ("we", "our", "us") is operated by Bondhu Labs, a business based in Bangladesh. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform and services, including our AI-powered customer support tool integrated with Facebook Messenger.
1. Information We Collect
1.1 From Facebook Messenger
When a customer interacts with a Facebook Page that uses BondhuBot, we receive the following data through Meta's Messenger Platform API:
- Facebook User ID (page-scoped identifier, not global Facebook ID)
- Message content sent to the connected Page
- Public profile information (name, profile picture) as permitted by Facebook's platform policies
- Message timestamps and delivery receipts
- Optional: referral context if the customer arrived via an ad or m.me link
1.2 Automatically Collected
- IP address, browser type, device identifiers
- Usage analytics: pages visited, features used, session duration
- Cookies and similar tracking technologies
2. How We Use Your Information
- To operate, maintain, and improve the BondhuBot platform
- To process and respond to customer messages on Bondhu Labs' Facebook Page
- To train and improve our AI models using aggregated, de-identified conversation data
- To generate internal analytics and improve response quality
- To send service-related communications (account alerts, security notices, product updates)
- To detect and prevent fraud, abuse, and violations of our Terms
- To comply with legal obligations under applicable law
We do not sell personal data to third parties. We do not use your conversation data to train models that are shared publicly or with other customers.
3. Data Sharing & Third Parties
We share data only in these specific circumstances:
- Within Bondhu Labs: Conversation data is accessible only to Bondhu Labs staff operating the Facebook Page. We do not share it with other businesses.
- Meta (Facebook): We use Meta's Messenger Platform API. Data handling is governed by Meta's Data Policy.
- AI providers: Message content is processed through large language model APIs (such as Anthropic and OpenAI) under enterprise data processing agreements.
- Infrastructure providers: Cloud hosting (DigitalOcean), CDN (Cloudflare), and analytics services necessary to operate the service.
- Legal compliance: When required by law, court order, or valid legal process.
4. Data Retention
Conversation data is retained for 24 months from the date of last interaction unless earlier deletion is requested. Account data is retained for the duration of the active account plus 30 days following account closure. Aggregated, de-identified analytics data may be retained indefinitely for service improvement purposes.
5. Data Security
We implement industry-standard technical and organizational safeguards:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Role-based access controls and principle of least privilege
- Regular security audits and vulnerability testing
- Secure development lifecycle practices
- Incident response and breach notification procedures
While we take reasonable steps to protect your data, no system is completely secure. We encourage you to use strong, unique passwords and enable two-factor authentication.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion of your data (see our Data Deletion page)
- Object to or restrict certain types of processing
- Receive a copy of your data in a portable format
- Withdraw consent at any time
To exercise any of these rights, email us at [email protected]. We respond to all verified requests within 30 days.
7. International Data Transfers
Your data may be processed in servers located outside Bangladesh. When we transfer data internationally, we ensure appropriate safeguards are in place — including standard contractual clauses or equivalent protections — consistent with applicable data protection laws.
8. Children's Privacy
BondhuBot is not directed at individuals under 13 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact [email protected].
9. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated by posting the updated policy on this page and updating the "Last updated" date above. For significant changes, we will provide additional notice via email or in-product notification. Continued use of the service after changes take effect constitutes acceptance of the revised policy.
10. Contact Us