Privacy Policy for Bashy.ai
Last updated: October 15, 2025
1. Introduction & Scope
Bashy.ai (“we”, “us”, “our”, “the App”) is committed to protecting the privacy of users (“you”, “your”, “User”). This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in respect of your use of the App and related services, in compliance with applicable Canadian privacy laws (including PIPEDA) and other relevant provincial privacy obligations.
If you are located in Ontario, this Policy should be read in conjunction with any applicable provincial requirements. In Ontario, while private-sector entities are primarily governed by federal privacy law (PIPEDA) in commercial activities, public-sector institutions are subject to Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) (though FIPPA does not generally apply to private apps).
By using Bashy.ai, you consent to the collection, use, and disclosure of your information as described in this Policy.
2. Definitions
- Personal Information means any information about an identifiable individual (name, email address, device identifiers, etc.).
- Sensitive Information means personal data of a more private nature (for example, location data, biometric data, health data) requiring higher protection.
- Non-personal / Aggregate Data means data from which individuals cannot be identified.
- Third Party Services / Providers means any external services, platforms, vendors, or contractors with which we integrate or that process data on our behalf.
3. Accountability & Privacy Governance
We designate a privacy officer or responsible person to oversee compliance with this Privacy Policy and applicable laws.
We implement and maintain administrative, technical, and physical safeguards to protect personal information under our control.
4. What Information We Collect & How
We may collect the following kinds of information:
- Information you provide directly.
• Account registration data (e.g. name, email).
• Profile information.
• Communications (support requests, feedback).
• Content that you upload, generate or submit via the App. - Automatically collected information.
• Device identifiers, operating system version, IP address, browser type.
• Usage and analytics data (e.g. times of access, features used).
• Crash and diagnostic data.
Bashy.ai integrates with third-party digital marketing and analytics platforms (such as Google Analytics, Google Ads, Meta, TikTok, and others) using industry-standard OAuth 2.0 authorization protocols.
No Storage of User Credentials
- Bashy.ai does not collect, access, or store usernames, passwords, or login credentials for any third-party platforms.
- Users authenticate directly with the third-party platform via its official authorization interface (e.g., Google or Meta login screens).
Use of OAuth Tokens
- Upon successful authentication, the third-party platform issues access tokens and/or refresh tokens to a secure integration service provider (e.g., Nango).
- These tokens allow Bashy.ai to access data via APIs without ever handling user credentials.
- Tokens may be revoked by the user at any time directly within the third-party platform.
Role of Integration Providers
- Bashy.ai may use a third-party integration service to manage OAuth connections and token refresh workflows.
- These providers store OAuth tokens only, not user credentials.
- All such providers are contractually required to implement appropriate security safeguards
5. Purposes for Collection, Use & Disclosure
We collect, use and disclose personal information for purposes including but not limited to:
- To provide, maintain, and improve the App and services.
- To personalize your experience.
- To respond to your inquiries or support requests.
- To communicate with you (e.g. updates, notices, marketing) — with your consent where required.
- To detect and prevent fraud, security breaches, or unauthorized access.
- To comply with legal requirements or law enforcement demands.
- To integrate with third-party services (e.g. analytics, payment processors, cloud services).
When you connect a third-party platform, Bashy.ai accesses only the data made available through that platform’s API and permitted by the scope of authorization you grant.
This may include:
- Aggregated analytics data (e.g., traffic, sessions, conversions)
- Campaign performance data (e.g., impressions, clicks, spend)
- Metadata about accounts, properties, or campaigns
Important limitations:
- Bashy.ai does not access private user account data such as passwords, direct messages, or unrelated personal content.
- Bashy.ai does not intentionally collect personally identifiable information (PII) unless such information is included in the data returned by the third-party platform APIs.
- Bashy.ai is designed to prioritize aggregated and non-identifiable data wherever possible.
6. Consent & Withdrawal
We will not use your personal information for purposes incompatible with the ones originally identified, unless we obtain your consent or are required by law.
We rely on user consent (express or implied) for the collection, use, or disclosure of personal information, except where otherwise permitted or required by law.
You may withdraw consent at any time (subject to legal or contractual restrictions). Withdrawing consent may limit your ability to use certain features of the App.
You may revoke Bashy.ai’s access to your third-party platforms at any time by:
- Disconnecting the integration within Bashy.ai, or
- Revoking access directly within the third-party platform’s security or app settings
Once access is revoked:
- Bashy.ai will no longer be able to retrieve new data from that platform
- Previously collected data will be retained or deleted in accordance with this Policy
7. Retention of Data
We retain personal information only as long as necessary to fulfill the identified purposes or as required by law. After that, we securely destroy, anonymize, or de-identify the data.
8. Disclosure to Third Parties & Cross-Border Transfer
We may disclose your information to third-party service providers and partners who assist in delivering the App, subject to contractual assurances requiring them to safeguard the data.
If data is transferred outside Canada (e.g. to cloud servers abroad), we ensure appropriate safeguards (contracts, encryption, data localization where feasible) are in place to comply with Canadian privacy expectations.
9. Security & Safeguards
We use technical, organizational, and physical security measures (encryption, access controls, network security, regular audits) to protect personal information.
We periodically review and update our security practices to reflect evolving threats.
10. Access, Correction & Deletion
You may request access to personal information we hold about you, and request correction or deletion, subject to legal exceptions.
If you find inaccuracies, you may ask us to amend them; if we do not agree, you may append a statement of disagreement.
Requests should be made to our Privacy Officer (contact details below).
11. Breach Notification
In the event of a breach of security safeguards involving personal information under our control, we will assess whether it is reasonably likely to result in significant harm. If so, we will notify affected individuals and report to the Privacy Commissioner of Canada, in accordance with statutory obligations.
12. Children
Our App is not intended for children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without proper consent, we will promptly delete it.
13. Links to Other Sites
Our App may contain links to third-party websites or services. This Policy does not apply to third-party sites; you should review their privacy policies separately.
14. Changes to this Privacy Policy
We may update this Policy from time to time (e.g. to accommodate new features, legal requirements). We will post a new version on the App or website, with the “Last updated” date. Where required by law, we will notify you of material changes and obtain re-consent if necessary.
15. Contact Us / Complaints
If you have questions, concerns or want to make a complaint about how we handle your personal information, contact:
Privacy Officer
Bashy.ai
privacy@bashy.ai
If unsatisfied with our response, you may contact the Office of the Privacy Commissioner of Canada, or (if applicable) the relevant provincial privacy regulator.