Privacy Policy

This Privacy Policy explains how BitPalm LLC ("BitPalm", "we", "us") collects, uses, and protects your personal data when you use the BitPalm Agent Platform. We are committed to protecting your privacy and handling your data transparently.

The data controller responsible for processing your personal data is:

• Bitpalm Computer Systems & Communication Equipment Software Design LLC, United Arab Emirates
• Email: [email protected]

We collect the following categories of personal data:

• Account data: name, email address, and password (encrypted) when you register
• Billing data: payment information processed securely through our payment provider (we do not store credit card numbers)
• Usage data: interactions with the platform, feature usage, and agent performance metrics
• Conversation data: messages exchanged between end-users and your AI agents
• Technical data: IP address, browser type, device information, and access logs

We process your personal data for the following purposes:

• Providing and maintaining the platform and your AI agents
• Processing payments and managing your subscription
• Sending transactional emails (welcome, billing, usage alerts)
• Improving our services, fixing bugs, and developing new features
• Ensuring platform security and preventing abuse

We process your data based on the following legal grounds:

• Contract performance: processing necessary to provide the services you subscribed to (Art. 6(1)(b) GDPR)
• Legitimate interest: analytics, security, and service improvement (Art. 6(1)(f) GDPR)
• Legal obligation: tax and accounting requirements (Art. 6(1)(c) GDPR)

We share data with the following third-party processors, all of which are contractually bound to protect your data:

• Supabase (database & authentication) — hosted in EU (Frankfurt)
• Google Cloud / Gemini (AI processing) — data processing agreement in place
• Paddle (payment processing) — PCI DSS compliant merchant of record
• Resend (transactional emails) — email delivery service

We retain your personal data for as long as your account is active or as needed to provide the services. After account deletion, we remove your personal data within 30 days, except where retention is required by law (e.g., invoicing records for tax purposes, typically 7–10 years). Conversation data associated with your agents is deleted immediately upon account or agent deletion.

Under GDPR and applicable data protection laws, you have the following rights:

• Right of access: request a copy of your personal data
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your personal data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to restriction: request restriction of processing in certain circumstances
• Right to object: object to processing based on legitimate interest

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.

We implement industry-standard security measures to protect your data, including AES-256 encryption at rest, TLS encryption in transit, row-level security policies in our database, and regular security reviews. All data is hosted on EU-based servers in compliance with GDPR.

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the platform after changes constitutes acceptance of the updated policy.

For questions about this Privacy Policy or to exercise your data protection rights, contact us at [email protected].