Privacy Policy
Last updated: March 12, 2026
1. Scope and Roles
This Privacy Policy describes how Bambu Technologies ("Bambu", "we", "our") processes personal data when providing the Bambu platform. Depending on context, Bambu acts as a controller for account, billing, support, security, audit, and compliance processing, and as a processor for customer business records entered into the service.
2. Categories of Data We Process
We process account identifiers, authentication data, business profile data, operational records such as products, stock movements, customers, debts, payments, expenses, suppliers, notifications, billing metadata, privacy-request records, and limited telemetry. AI assistant, OCR, and handwritten-intake features may process uploaded business records, prompts, extracted text, and operator actions. We do not intentionally request special-category data unless a customer chooses to submit it.
3. How We Use Data
We use data to create and secure accounts, provide inventory and debt-management workflows, send notifications, process subscriptions, operate AI and OCR features requested by the customer, fulfill privacy requests, investigate incidents, support customer disputes, and maintain service reliability. The primary legal bases reflected in the current system are contract performance, legitimate interests, and legal obligation, with consent used only where law requires it.
4. Audit Trail and Accountability
Bambu maintains a canonical Audit Trail for material account, operational, billing, privacy, and admin actions. Audit Trail records may include actor identifiers, role, business and tenant context, subject and resource identifiers, request correlation identifiers, hashed IP addresses when available, user-agent strings when available, and allowlisted metadata needed for dispute reconstruction or compliance evidence. Audit Trail records are tamper-evident through a chained hash design.
5. Service Providers and Transfers
Bambu uses service providers that may process data on our behalf, including PostgreSQL infrastructure, Redis infrastructure, Sentry for error monitoring and tracing, OpenRouter for AI requests, Google Cloud Vision for OCR, Lemon Squeezy for subscription billing, an email provider such as Resend or SMTP infrastructure, and Twilio for SMS delivery when enabled. Some providers may process data outside Rwanda. Where transfers occur, Bambu expects contractual and security safeguards, but provider-region and DPA evidence still requires human review outside the codebase.
6. Security and Monitoring
Bambu applies TLS in transit, role-based access control, tenant isolation, password protection, rate limiting, deterministic audit-chain integrity, and privacy-safer telemetry defaults. Session Replay is not used in production. Sentry is limited to error tracking, traces, release information, and operational debugging, with PII-heavy collection disabled by default.
7. Retention, Archival, and Deletion
Bambu applies defined retention rules for authentication data, privacy requests, generated exports, notifications, usage records, and Audit Trail evidence. Audit Trail data is not redacted in place because that would break tamper-evident verification. Instead, monthly audit segments are sealed, archived, and later purged only after the retention window expires and only if no legal hold applies. Some financial or dispute-related data may be kept longer where required for accounting, investigation, or complaint handling.
8. Your Rights and DSAR Workflows
Subject to local law, users may request access, correction, deletion, portability, or restriction of processing. Authenticated users can submit privacy requests through the product workflow, and Bambu may also accept requests through support channels. Requests are verified, tracked, audited, and handled within applicable timelines. Correction or deletion requests may be limited where Bambu must preserve evidence for legal, financial, or dispute-resolution purposes.
9. AI, OCR, Billing, and Admin Oversight
AI-assisted actions, OCR uploads, and handwritten-intake flows are treated as higher-risk features and should be used only for operationally necessary content. Subscription and billing features may involve Lemon Squeezy and webhook processing. Limited admin and support personnel may access data where necessary for support, billing review, privacy fulfillment, abuse prevention, or incident investigation, and those actions are intended to be recorded in the canonical Audit Trail.
10. Contact and Policy Updates
Material policy updates may be communicated through the product or by email. Continued use after the effective date indicates acknowledgment where law permits. Legal text still requires periodic human review to ensure alignment with Rwanda law, any future EU expansion, and vendor-contract changes.