Privacy Policy

Last updated: March 12, 2026

1. Introduction

Bipla (“we,” “us,” or “our”) operates the Bipla platform available at bipla.co (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account via Google OAuth, we collect your email address, display name, and profile picture as provided by Google. We do not collect or store your Google password.

2.2 Business Information

You may provide business details such as business name, industry, and description to configure your account and AI agents.

2.3 End-User Messaging Data

When your AI agents interact with end users through messaging channels (such as WhatsApp or Telegram), we process the following data on your behalf:

  • Contact identifiers (e.g., phone numbers, chat IDs)
  • Display names as provided by the messaging platform
  • Message content exchanged between end users and your AI agents
  • Voice message audio (temporarily processed for transcription, then discarded)

2.4 Documents and Files

You may upload documents to build your AI agent's knowledge base. These files are stored securely and processed to enable AI-powered responses.

2.5 Calendar and Booking Data

If you use our calendar features, we may collect event details, attendee information, and scheduling data. If you connect Google Calendar, we access your calendar data in accordance with Google's API Services User Data Policy.

2.6 Usage and Log Data

We automatically collect technical information such as IP addresses, browser type, device information, and pages visited. We do not log message content — only metadata such as message timestamps and character counts.

2.7 Cookies

We use strictly necessary httpOnly cookies for authentication and session management. We do not use advertising or tracking cookies. The cookies we use are:

  • bipla-token — session authentication (expires after 24 hours)
  • bipla-refresh — session renewal (expires after 30 days)

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process messages through AI on your behalf
  • Store and index your documents for AI-powered retrieval
  • Manage your account, billing, and support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Third-Party Service Providers

We share data with the following categories of third-party providers, solely to operate the Service:

  • AI Processing (OpenAI) — Document content and conversation messages are sent to OpenAI for AI-powered responses, document embedding, and voice transcription. OpenAI processes this data under their API data usage policies and does not use it for model training.
  • Cloud Infrastructure (Google Cloud) — We use Google Cloud Platform for hosting, data storage, and database services. All data is encrypted in transit and at rest.
  • Messaging Platforms (Meta/WhatsApp, Telegram) — Message data is transmitted through these platforms to deliver AI agent responses to end users.
  • SMS Services (Twilio) — Used for phone number verification when applicable.

We do not sell your personal data to any third party.

5. Data Storage and Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Encrypted storage of sensitive credentials
  • Database connections secured with SSL certificates
  • Rate limiting to prevent abuse
  • Webhook signature verification for messaging platforms
  • Access controls enforcing data isolation between accounts

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. You may delete documents at any time through the platform. When you delete your account or business, all associated data — including agents, documents, conversations, and messages — is permanently removed from our systems.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of the data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your data
  • Portability — Request your data in a portable format
  • Restrict Processing — Request that we limit how we use your data
  • Withdraw Consent — Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at hi@bipla.com. We will respond within 30 days.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that data promptly.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at hi@bipla.com.