Privacy Policy

This Privacy Policy explains how we handle your information when you use the BatchBuddy website, platform, and services (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use our Service.

1. Information We Collect

We collect several types of information to provide and improve our Service:

1.1 Information You Provide Directly

When you create an account, use our Service, or communicate with us, we collect:

Account Information:

• Name and contact information (email address, phone number)
• Business name, role/title, and company information
• Username and password (stored in hashed format)
• Profile information and preferences

Billing Information:

• Payment details processed securely through Stripe, our third-party payment processor
• Billing address and tax identification information
• We do NOT store complete credit card numbers on our servers; Stripe handles all payment card information in accordance with PCI DSS standards

User Content:

• Formulations, recipes, and ingredient data
• Production records, batch tracking information, and manufacturing data
• Cost analyses and pricing information
• Supplier information and vendor relationships
• Documents, files, and notes you upload or create
• Any other information you choose to store in our platform

Communications:

• Messages you send us through support requests, feedback forms, or email
• Survey responses and testimonials
• Chat messages with our support team

Third-Party Integration Data:

• When you connect third-party services (like QuickBooks Online), we access data as described in Section 3.2

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

Usage Data:

• Pages visited, features accessed, and actions taken within the platform
• Time spent on pages and navigation patterns
• Search queries within the Service
• Timestamps and frequency of use
• Errors encountered and performance metrics

Device and Technical Information:

• IP address and general geographic location (city/region level)
• Browser type and version
• Operating system and device type
• Device identifiers (such as mobile device ID)
• Referring URLs and website paths
• Screen resolution and display settings

Cookies and Similar Technologies:

• Session cookies for authentication and maintaining your login state
• Preference cookies to remember your settings
• Analytics cookies to understand usage patterns (see Section 8)
• Security cookies to detect fraudulent activity

1.3 Information from Third-Party Sources

We may receive information about you from:

• Third-party services you connect to BatchBuddy (e.g., QuickBooks Online)
• Public databases and data providers for business verification
• Marketing and analytics partners (aggregated data only)
• Other users who add you to their organization or share information with you

2. How We Use Your Information

2.1 To Provide and Maintain the Service

• Enable you to access and use all BatchBuddy features
• Create and manage your account
• Process and fulfill your subscription
• Provide customer support and respond to your inquiries
• Send transactional notifications (e.g., password resets, subscription confirmations)
• Synchronize data with third-party integrations you've authorized

2.2 To Improve and Optimize the Service

• Analyze usage patterns and user behavior to enhance features
• Develop new features and functionality
• Conduct research and testing to improve user experience
• Identify and fix bugs, errors, and technical issues
• Optimize performance and loading times

2.3 To Ensure Security and Prevent Fraud

• Detect and prevent fraudulent transactions and abuse
• Monitor for security threats and unauthorized access
• Verify user identities and prevent account takeovers
• Enforce our Terms of Service and investigate violations
• Protect our systems, users, and business

2.4 To Communicate with You

• Send important Service announcements and updates
• Notify you of changes to features, policies, or pricing
• Respond to your support requests and feedback
• Send optional promotional communications (with your consent)
• Request feedback through surveys or reviews

2.5 For Legal and Compliance Purposes

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from government authorities
• Enforce our Terms of Service and other agreements
• Protect our legal rights and defend against claims
• Prevent illegal activity and ensure platform safety

2.6 For Business Operations

• Process payments and manage billing
• Maintain accurate financial and business records
• Conduct internal audits and quality assurance
• Analyze business performance and market trends
• Facilitate business transfers (mergers, acquisitions, or asset sales)

3. Data Sharing and Disclosure

We respect your privacy and limit how we share your information.

3.1 We DO NOT Sell Your Personal Information

3.2 Third-Party Service Providers

We share data with carefully selected service providers who help us operate and improve the Service. These providers are contractually required to protect your data, use it only for specified purposes, and maintain confidentiality.

Current Service Providers:

Stripe (Payment Processing)

• Purpose: Process subscription payments and manage billing
• Data Shared: Name, email, billing address, payment card information
• Privacy Policy: https://stripe.com/privacy

SendGrid / Amazon SES (Email Communications)

• Purpose: Deliver transactional emails (receipts, notifications, password resets)
• Data Shared: Email address, name, message content
• Privacy Policy: https://www.twilio.com/legal/privacy

Shippo (Shipping Services)

• Purpose: Calculate shipping rates and generate labels (if applicable to your use case)
• Data Shared: Shipping addresses, package dimensions
• Privacy Policy: https://goshippo.com/privacy

Replit / Cloud Hosting Provider (Infrastructure)

• Purpose: Host and operate the BatchBuddy platform
• Data Shared: All data stored in your account
• Privacy Policy: https://replit.com/site/privacy

QuickBooks Online / Intuit (Accounting Integration - Optional)

• Purpose: Sync vendor, purchase order, and cost data between systems
• Data Shared: Only data you explicitly authorize when connecting your QuickBooks account
• Privacy Policy: https://www.intuit.com/privacy/statement/
• Your Control: You may revoke access at any time through QuickBooks or BatchBuddy settings

Analytics and Monitoring Tools

• Purpose: Monitor performance, identify errors, and analyze usage patterns
• Data Shared: Aggregated and pseudonymized usage data, technical logs
• Examples: Error tracking services, performance monitoring tools

All service providers are required to comply with applicable data protection laws and maintain security standards equivalent to or exceeding ours.

3.3 Legal and Regulatory Requirements

We may disclose your information when required or permitted by law, including:

• In response to valid subpoenas, court orders, or legal processes
• To comply with government or regulatory investigations
• To enforce our Terms of Service or investigate violations
• To protect the rights, property, or safety of BatchBuddy, our users, or the public
• To detect, prevent, or address fraud, security issues, or illegal activity
• In connection with legal claims or disputes

We will make reasonable efforts to notify you of legal requests for your information unless prohibited by law or when we believe notification could compromise an investigation.

3.4 Business Transfers

If BatchBuddy is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will:

• Provide notice before your information is transferred or becomes subject to a different privacy policy
• Require the acquiring entity to honor the commitments in this Privacy Policy
• Give you the option to delete your account before the transfer, if feasible

3.5 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so, such as:

• When you connect third-party integrations
• When you share formulations or data with other users or organizations
• When you authorize us to provide references or testimonials

3.6 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This includes:

• Industry trends and benchmarking reports
• Usage statistics and platform analytics
• Research and public reports

4. Data Retention

4.1 Active Accounts

We retain your information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

4.2 Account Deletion

You may request deletion of your account and personal data at any time by:

• Contacting us at support@batchbuddy.ai
• Using the account deletion feature in your account settings (if available)

Upon receiving a valid deletion request, we will:

• Delete or anonymize your personal information within 30 days
• Confirm the deletion via email
• Permanently remove your User Content (formulations, recipes, etc.)

4.3 Exceptions to Deletion

We may retain certain information even after account deletion when necessary for:

• Legal compliance (tax records, transaction history)
• Fraud prevention and security investigations
• Resolving disputes or enforcing agreements
• Backup and disaster recovery (deleted from backups within 90 days)

Retained data will be isolated, protected, and not used for any other purpose.

4.4 Data Retention Periods

5. Your Privacy Rights

5.1 Rights for All Users

Regardless of your location, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to certain types of data processing
• Restriction: Request that we limit how we process your data

5.2 European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

• Contractual Necessity: Processing necessary to provide the Service you've subscribed to
• Legitimate Interests: Improving the Service, security, and fraud prevention
• Consent: For optional features like marketing communications (you may withdraw consent at any time)
• Legal Obligations: Compliance with tax, accounting, and regulatory requirements

Specific GDPR Rights:

• Right to withdraw consent at any time (without affecting prior processing)
• Right to lodge a complaint with your local Data Protection Authority
• Right to object to automated decision-making (we do not use automated decisions that significantly affect you)
• Right to restrict processing while we verify or investigate your requests

Data Protection Authority Contact: You may contact your local supervisory authority if you have concerns about our data practices. A list of EU Data Protection Authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

5.3 California Users (CCPA/CPRA)

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

• Categories of personal information collected
• Sources from which information was collected
• Business purposes for collecting or selling information
• Categories of third parties with whom we share information
• Specific pieces of personal information collected about you

Right to Delete: Request deletion of personal information (subject to exceptions)

Right to Correct: Request correction of inaccurate personal information

Right to Opt-Out: Opt-out of the sale or sharing of personal information

Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes other than providing the Service

Right to Non-Discrimination: You will not be discriminated against for exercising your rights (no denial of service, different pricing, or reduced quality)

Authorized Agents: You may designate an authorized agent to submit requests on your behalf by providing written authorization

Shine the Light: California residents may request information about disclosure of personal information to third parties for direct marketing (we do not engage in this practice)

5.4 Other U.S. State Privacy Rights

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have similar rights to those described above. Contact us to exercise these rights.

5.5 How to Exercise Your Rights

To exercise any privacy rights:

Email: support@batchbuddy.ai with "Privacy Request" in the subject line

Include:

• Your full name and email address associated with your account
• Specific right you wish to exercise
• Description of your request
• Proof of identity (we may request additional verification)

Response Time: We will respond to verified requests within 30 days (45 days for complex requests, with notice of extension)

Verification: We may request additional information to verify your identity before processing requests, especially for deletion or data access requests

No Fee: We do not charge fees for processing requests unless they are excessive, repetitive, or manifestly unfounded

6. Data Security

We implement comprehensive security measures to protect your information:

6.1 Technical Safeguards

Encryption:

• In Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS 1.2 or higher (256-bit encryption)
• At Rest: Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms

Access Controls:

• Role-based access controls (RBAC) limiting employee access to data
• Multi-factor authentication (MFA) for administrative accounts
• Principle of least privilege (users only access data necessary for their role)
• User isolation ensures you can only access your own organization's data

Password Security:

• Passwords are hashed using the scrypt algorithm with unique salts
• We never store passwords in plain text
• Password complexity requirements enforced
• Protection against brute force attacks through rate limiting

Application Security:

• Regular security vulnerability scanning and penetration testing
• Secure coding practices and code reviews
• Input validation and sanitization to prevent injection attacks
• Protection against common vulnerabilities (OWASP Top 10)

6.2 Operational Safeguards

• Security Monitoring: 24/7 monitoring for suspicious activity and security incidents
• Incident Response: Documented incident response plan and procedures
• Employee Training: Regular security awareness training for all personnel
• Background Checks: Screening of employees with access to sensitive data
• Vendor Management: Security assessments of third-party service providers
• Regular Audits: Internal security audits and reviews
• Backup and Recovery: Regular encrypted backups with disaster recovery procedures

6.3 Physical Safeguards

Our infrastructure is hosted by enterprise-grade cloud providers with:

• Secure data centers with physical access controls
• Redundant power and cooling systems
• Fire suppression and environmental monitoring
• SOC 2 Type II or equivalent certifications

6.4 Your Security Responsibilities

You also play a critical role in protecting your data:

• Keep your password secure and do not share it
• Use a strong, unique password
• Enable two-factor authentication if available
• Log out when using shared or public computers
• Keep your contact information up to date
• Report suspicious activity immediately

6.5 Security Limitations

No system is 100% secure. While we implement robust security measures and continuously monitor for threats, we cannot guarantee absolute security against all possible attacks or unauthorized access. You use the Service at your own risk.

Data Breach Notification: In the event of a data breach that compromises your personal information, we will notify you via email within 72 hours of discovering the breach and provide information about:

• The nature of the breach
• Types of data affected
• Steps we are taking to address the breach
• Recommended actions you should take
• How to contact us with questions

We will also notify relevant regulatory authorities as required by applicable law.

7. International Data Transfers

7.1 Where Your Data is Processed

BatchBuddy is based in the United States, and our servers and service providers may be located in the United States and other countries. Your information may be transferred to, stored in, and processed in countries outside your country of residence, which may have different data protection laws than your country.

7.2 Safeguards for International Transfers

When we transfer personal information from the EEA, UK, or Switzerland to countries that do not provide an adequate level of data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (also known as Model Clauses) with our service providers to ensure adequate protection
• Data Processing Agreements: Contractual commitments requiring service providers to protect data according to applicable laws
• Additional Security Measures: Technical and organizational measures to protect data during transfer and storage

7.3 UK and Swiss Users

For transfers from the UK, we comply with the UK GDPR and use the UK International Data Transfer Agreement or UK Addendum to the SCCs. For transfers from Switzerland, we comply with the Swiss Federal Act on Data Protection.

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve the Service. We use cookies and similar technologies (web beacons, pixels, local storage) to recognize you, remember your preferences, and analyze how you use our Service.

8.2 Types of Cookies We Use

Essential Cookies (Required):

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance optimization
• Cannot be disabled without affecting Service functionality

Functional Cookies (Optional):

• Remember your preferences and settings
• Personalize your experience
• Store form data to save you time

Analytics Cookies (Optional):

• Understand how users interact with the Service
• Track page views, clicks, and navigation patterns
• Identify popular features and areas for improvement
• Measure effectiveness of our marketing efforts

Third-Party Cookies: Some third-party services (like analytics providers) may set their own cookies when you use the Service. We do not control these cookies.

8.3 Cookie Duration

• Session Cookies: Deleted when you close your browser
• Persistent Cookies: Remain on your device for a set period (typically 30 days to 1 year) or until you delete them

8.4 Managing Cookies

Browser Controls: You can control cookies through your browser settings:

• Block all cookies (may prevent you from using certain features)
• Delete cookies after browsing
• Browse in private/incognito mode

Opt-Out of Analytics: You can opt out of analytics cookies through:

• Our cookie preferences tool (if available)
• Browser extensions like Google Analytics Opt-out Browser Add-on
• Your browser's "Do Not Track" setting (we honor DNT signals)

Note: Disabling essential cookies will prevent you from logging in and using core features of the Service.

8.5 Cookie List

For a detailed list of cookies we use, including their purpose and duration, please contact us at support@batchbuddy.ai

9. Third-Party Links and Integrations

9.1 External Links

Our Service may contain links to third-party websites, services, or resources (e.g., ingredient suppliers, industry resources, social media). We are not responsible for the privacy practices, content, or policies of these external sites.

Recommendation: Please review the privacy policies of any third-party websites before providing them with personal information.

9.2 Third-Party Integrations

When you connect third-party services to BatchBuddy (like QuickBooks Online), you are also subject to those third parties' terms of service and privacy policies. We encourage you to review their policies to understand how they handle your data.

Your Control: You may disconnect third-party integrations at any time through your BatchBuddy account settings.

10. Children's Privacy

The BatchBuddy Service is intended for business use and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we discover that we have collected information from a child under 18 without parental consent, we will promptly delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@batchbuddy.ai so we can take appropriate action.

11. Marketing Communications

11.1 Types of Communications

We may send you:

Transactional Emails (Cannot Opt-Out):

• Account confirmations and receipts
• Password reset and security alerts
• Subscription renewals and billing notifications
• Important Service updates and changes

Promotional Emails (Optional):

• Product updates and new features
• Tips and best practices
• Industry news and resources
• Special offers and promotions

11.2 Opting Out

You can opt out of promotional emails by:

• Clicking "Unsubscribe" in any promotional email
• Adjusting email preferences in your account settings
• Contacting us at support@batchbuddy.ai

You will continue to receive essential transactional emails even if you opt out of promotional communications.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

12.1 How We Notify You

When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this page
• Send an email notification to the address associated with your account
• Post a prominent notice on our website or within the Service
• For significant changes, provide at least 30 days' notice before the changes take effect

12.2 Non-Material Changes

For minor changes (such as clarifications, corrections, or formatting updates), we may update this Privacy Policy without prior notice. We encourage you to review this Privacy Policy periodically.

12.3 Acceptance of Changes

Your continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and may request deletion of your account.

13. Contact Us and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries:

• Email: support@batchbuddy.ai
• Company: BatchBuddy LLC
• Website: https://batchbuddy.ai

Data Protection Officer (DPO):

For privacy-related inquiries, including GDPR or data protection matters:

• Email: privacy@batchbuddy.ai

Mailing Address:

BatchBuddy LLC
305 N. Heatherwilde Blvd
Suite 320 PMB1005
Pflugerville, TX 78660
United States

Response Time: We will respond to all inquiries within 30 days or as otherwise required by applicable law.