Privacy Policy for Onbuddy.ai
Last updated: July 2, 2025
This Privacy Policy describes how OnBuddy.ai ("we," "us," or "our") operates under ProteusAI Limited to collect, use, disclose, and protect personal data of users ("you" or "your") of our website (https://onbuddy.ai) and associated applications (collectively, the "Services"). We are committed to complying with the EU General Data Protection Regulation (GDPR), Nigeria Data Protection Act (NDPA) 2023, and industry best practices.
Data Controller
ProteusAI Limited
Email: hello@onbuddy.ai
We act as the Data Controller for all personal data processed under this Policy.
Definitions
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data (e.g., collection, storage, use, disclosure).
Data Subject: An identified or identifiable individual whose Personal Data is processed.
Special Category Data: Sensitive personal data (e.g., health, biometric) requiring heightened protection.
Categories of Data Collected
We collect the following categories of Personal Data, from the sources indicated:
We collect Identity Data, such as your name, job title, and company, from sign-up forms and CRM imports.
We collect Contact Data, including your email address and telephone number, through user submissions.
We collect Account Data, such as usernames and password hashes, during account registration.
We collect Usage Data, like your IP address, browser type, and log files, automatically through cookies and analytics tools.
We collect Communications Data, such as support tickets and emails, through direct correspondence with our support team.
We collect Payment & Business Data, including billing addresses and transaction details, via user-submitted forms and our payment processor.
Note: We do not collect Special Category Data unless explicitly requested and with your consent.
Categories of Data Collected
We process your Personal Data for the following purposes, and under the corresponding legal bases (GDPR Article references):
We process your data for the purpose of providing and maintaining the Services, based on contractual necessity under Art. 6(1)(b) of the GDPR.
We use your data for account management and authentication, also relying on contractual necessity under Art. 6(1)(b).
We process your data to provide customer support and troubleshoot issues, based on our legitimate interests under Art. 6(1)(f).
We use your data for service improvements and analytics, relying on our legitimate interests under Art. 6(1)(f).
We send marketing communications only when you have opted in, based on your consent under Art. 6(1)(a).
We may process your data to ensure compliance with legal obligations, under Art. 6(1)(c).
Note: We do not collect Special Category Data unless explicitly requested and with your consent.
Cookies & Tracking Technologies
We use cookies, web beacons, and similar technologies to:
Remember your preferences.
Analyze usage patterns (e.g., Google Analytics, Mixpanel).
Facilitate secure log‑in.
You may manage or opt out of cookies via your browser settings at any time.
Data Sharing & Third Parties
We may disclose your Personal Data to:
Service providers: Hosting, analytics, payment processors (all under GDPR‑compliant Data Processing Agreements).
Professional advisors: Legal and audit experts when necessary.
Subprocessors: Engaged by our processors, each bound by confidentiality and data protection obligations.
We do not sell your personal data under any circumstances.
International Data Transfers
Your data may be transferred to or stored in countries outside the European Economic Area (EEA). In such cases, we implement appropriate safeguards, including:
Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules (BCRs) for intra‑group transfers
Security Measures
We implement the following technical and organizational measures to protect your Personal Data:
Encryption in transit (TLS) and at rest
Legal or regulatory requirements: e.g., tax and accounting record‑keeping.
Legitimate interests: e.g., dispute resolution.
After the applicable retention period, we securely delete or anonymize your data.
Your Rights (GDPR Chapter 3)
Under the GDPR, you have the following rights:
Access: Request a copy of your Personal Data (Art. 15)
Rectification: Correct inaccurate or incomplete data (Art. 16)
Erasure: Request deletion of your data where lawful (Art. 17)
Restriction: Limit processing in certain circumstances (Art. 18)
Portability: Receive your data in a structured, machine‑readable format (Art. 20)
Objection: Oppose processing based on legitimate interests or marketing (Art. 21)
Withdraw consent: At any time for consent‑based processing (Art. 7(3))
To exercise any of these rights, please contact us at hello@onbuddy.ai. We will respond within one month as required by the GDPR.
Children’s Privacy
Our Services are intended for enterprise and adult users. We do not knowingly collect data from minors under 16. If you believe we have inadvertently collected such data, contact us to request deletion.
Changes to This Policy
We may update this Policy for legal, technical, or operational reasons. When we do, we will:
Post the revised Policy on our website
Update the "Last updated" date above
Provide notice where required by law or contract
Contact Us
Data Protection Officer
ProteusAI Limited
Email: hello@onbuddy.ai
Additional Resources:
Thank you for trusting OnBuddy.ai with your data. We remain committed to protecting your privacy and complying with GDPR, NDPA, and industry best practices.