Privacy Policy

Last updated: March 9, 2026

1. Overview

Bayanista ("we", "us", "our") is an AI-powered product intelligence platform. This Privacy Policy explains how we collect, use, and protect data when you use our Service, and how our customers use our SDK to collect data from their end users.

2. Data We Collect

From Our Customers (Dashboard Users)

  • Account information: name, email address, password (hashed)
  • Usage data: login times, features used, API calls made

From End Users (via SDK)

Our SDK collects the following interaction data on behalf of our customers:

  • Page views and navigation events
  • Click interactions (element type, position, semantic context)
  • Form interactions (field types, submission events — not field values)
  • Scroll depth milestones (25%, 50%, 75%, 100%)
  • Error events (JavaScript errors, network failures)
  • Session data (anonymous session ID, duration)
  • Device context (screen size, browser, language, timezone)

3. Data We Do NOT Collect

  • Passwords, credit card numbers, or financial data
  • Form field values (masked by default)
  • Sensitive URL parameters (tokens, API keys — automatically stripped)
  • Personal text content when masking is enabled
  • Data from users with Do Not Track enabled (honored by default)

4. How We Use Data

  • Generate AI-powered product insights and behavioral analysis
  • Detect usage patterns, drop-offs, and conversion opportunities
  • Identify user frustration signals (rage clicks, dead clicks, errors)
  • Provide recommendations to improve product experiences
  • Maintain and improve the Service

5. Data Processing

Interaction data is processed by our AI engine to generate plain-English product insights. We use OpenAI's API for AI-powered analysis. Data sent to AI providers is anonymized and does not include personally identifiable information.

6. Data Retention

Event data is retained for 12 months from the date of collection. Aggregated insights derived from event data may be retained longer. You can request deletion of your data at any time.

7. Cookies and Storage

The Bayanista SDK uses:

  • localStorage: Anonymous user ID (persistent across sessions)
  • sessionStorage: Session ID and activity timestamps
  • IndexedDB: Offline event queue (flushed when connectivity returns)

No third-party tracking cookies are used.

8. Data Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Encrypted storage for sensitive configuration
  • JWT-based authentication with token expiration
  • Rate limiting to prevent abuse
  • Security headers (CSP, HSTS, X-Frame-Options)

9. Your Rights

You have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a machine-readable format
  • Opt out of data collection (via Do Not Track)

10. Third-Party Services

We use the following third-party services:

  • OpenAI: AI-powered insight generation (anonymized data only)
  • Render: Application hosting
  • Redis: Session and rate-limit storage

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.

12. Contact

For privacy-related inquiries, contact us at privacy@bayanista.com.