Bustly

Privacy Policy

Last updated: October 17, 2025

This Privacy Policy explains how Bustly ("Bustly," "we," "us") collects, uses, shares, and safeguards information in connection with our websites, products, and services (the "Service"). Capitalized terms not defined here have the meanings in our Terms of Service.

1) Scope and Roles

This Policy covers information we collect about website visitors, account holders, and merchants who connect their stores. For Store Data we process on behalf of a Merchant, Bustly generally acts as a processor/service provider; for our own website, account, billing, support, and marketing data, Bustly acts as a controller/business.

2) Information We Collect

a) You provide

  • Account & profile: name, email, password, role, organization, time zone.
  • Billing: payment method details (processed by our payment processor), billing address, tax IDs.
  • Store configuration: guardrails, rules, approvals, whitelists, experiments, and preferences.
  • Content: prompts, uploaded assets, copy, images, and other Customer Content.

b) From your Store and integrations

  • Store Data: products, variants, images, prices, costs, inventory, orders, refunds, discounts, carts, traffic and conversion metrics, search terms, campaigns, ROAS/CPA where available, and related identifiers.
  • Connected apps: information from integrated Third‑Party Services (e.g., analytics, email, ad platforms) as authorized by you. You can disconnect integrations at any time.

c) Collected automatically

  • Usage & device: log data, IP address, browser type, device identifiers, pages viewed, referring/exit pages, timestamps, language, crash reports.
  • Cookies & similar: see "Cookies" below.
  • Generated metadata: model prompts, Outputs, action logs, approvals, rollbacks, and audit trails.

3) How We Use Information (Purposes)

We use information to:

  • Provide and operate the Service, including generating proposals/Outputs and enabling actions within Guardrails;
  • Maintain security, monitor abuse, fraud, and service performance;
  • Improve the Service, including analytics, testing, research, and feature development;
  • Communicate with you about updates, support, and educational or marketing messages (you can opt out of non‑essential marketing);
  • Comply with legal obligations and enforce our Terms.

Model training: Unless otherwise agreed in writing, we do not use your Customer Content or Store Data to train third‑party foundation models. We may use aggregated or de‑identified data to improve features and quality.

4) Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, our processing bases include: performance of a contract; legitimate interests (e.g., to secure and improve the Service, prevent abuse, and communicate relevant updates); consent where required (e.g., certain cookies/marketing); and legal obligations.

5) Sharing of Information

We may share information with:

  • Service providers / subprocessors who help us operate the Service (hosting, storage, analytics, email, support, payment processing, and AI model providers) under appropriate contracts;
  • Third‑Party Services you choose to connect, under your direction;
  • Affiliates for support and operations consistent with this Policy;
  • Legal/regulatory authorities where required;
  • Business transfers (e.g., merger, acquisition, asset sale), subject to this Policy.

We do not sell personal information, and we do not share it for cross‑context behavioral advertising as those terms are defined under certain laws (e.g., CPRA). If that practice changes, we will update this Policy and provide required opt‑outs.

6) International Data Transfers

We and our providers may process information globally. Where required, we use lawful transfer mechanisms such as the EU Standard Contractual Clauses (SCCs) and the UK Addendum. You can contact support@bustly.shop for a copy of applicable safeguards (redacted as permitted).

7) Data Retention

We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. We may retain logs and audit trails for security and compliance. We will delete or de‑identify data after the applicable retention period or upon your request where required by law. You can request export or deletion at support@bustly.shop.

8) Your Choices and Rights

  • Access, correction, deletion, portability, restriction, objection (EEA/UK/other regions where applicable).
  • California (CPRA): right to know, delete, correct, and to limit use of sensitive personal information; we do not sell or share personal information; you may designate an authorized agent.
  • Marketing: opt out of non‑essential marketing emails via the unsubscribe link; you will still receive essential service emails (e.g., security, billing, "Pulse" operational updates).
  • Cookies: manage preferences via our cookie banner or browser settings (see below).

To exercise rights, email support@bustly.shop. We may verify your identity and respond within the timeframe required by law.

9) Cookies and Similar Technologies

We use:

  • Essential cookies for login, security, and preferences;
  • Analytics cookies to understand usage and improve the Service;
  • Functional tools to remember settings and improve experience.

You can adjust preferences via our banner or browser settings. Because there is no common industry standard, we do not respond to "Do Not Track" signals.

10) Security

We use reasonable technical and organizational measures (e.g., encryption in transit, access controls, audit logging). No method of transmission or storage is 100% secure; you use the Service at your own risk. Report security issues to support@bustly.shop.

11) Children

The Service is not directed to children under 16 (or as defined by local law). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact support@bustly.shop for deletion.

12) Third‑Party Links

Our Service may link to Third‑Party Services. Their privacy practices are governed by their own policies.

13) Data Controller; Contact; DPA

For website, account, billing, and marketing data, the data controller is Bustly. For Store Data we process on your behalf, Bustly acts as a processor/service provider. For a Data Processing Addendum, email support@bustly.shop.

Contact: support@bustly.shop

14) Changes to this Policy

We may update this Policy. Material changes will be notified (e.g., email or in‑app). The "Last updated" date reflects the latest version. Continued use after changes become effective constitutes acceptance.

Regional Addenda (optional to include at launch)

A. EEA/UK Addendum

  • Controller contact: support@bustly.shop
  • Representative / DPO: [if applicable, insert details]
  • Legal bases: see Section 4.
  • Transfers: SCCs/UK Addendum (Section 6).
  • Complaints: You have the right to complain to your local supervisory authority.

B. California Addendum (CPRA)

  • Categories collected: Identifiers; commercial information; internet/electronic activity; inferences; professional information.
  • Business purposes: As described in Section 3.
  • "Sale"/"Share": We do not sell or share personal information as defined under CPRA.
  • Sensitive information: Processed only for permitted purposes or with consent.
  • Rights & requests: Section 8; email support@bustly.shop.