BAWAB · بوابBAWABبواب
last updated · 30 April 2026

Privacy Policy

BAWAB Ltd (“BAWAB”, “we”) operates an AI concierge service available worldwide. This policy explains what we collect, why we collect it, and what control you have. We aim to be readable rather than legalistic. If anything is unclear, write to privacy@bawab.ai.

1. What we collect

  • Account: name, email, password (hashed with PBKDF2), country, locale, currency preference, optional phone.
  • Conversations: messages between you and your assistant, including any attachments. Stored encrypted at rest.
  • Tasks & payments: the requests you approve, the vendors dispatched, the prices, and the payment records (we never store card numbers; those go to our PSP, tokenised).
  • Technical: IP address, browser, approximate location (city level, from IP), device identifiers needed for security.
  • Cookies: a small set of strictly-necessary cookies (auth, locale, currency). Analytics cookies only if you accept them.

2. Why we collect it

  • To run the service: route your message to the right AI assistant, find vendors, take payment, send updates.
  • To improve safety and fraud detection.
  • To honour legal obligations (tax records, regulatory requests).
  • If you opt in, to send transactional or service emails. We do not sell your data, ever.

3. AI processing

Your conversations are processed by Anthropic's Claude models to extract intent and draft responses. Anthropic processes the message in transit but does not retain it for training under our enterprise terms. Voice messages, when used, are transcribed via Deepgram or Vapi. Translation requests use Claude Haiku. We never use your conversations to train any model.

4. Vendors & third parties

When you approve a task, we share the minimum information a vendor needs (your first name, the address, the requirement). Never your card, password, or full message history. Our processors include:

  • Cloudflare (hosting, edge compute, D1, R2)
  • Anthropic (AI inference)
  • Google (Maps + Places vendor discovery)
  • ElevenLabs (voice synthesis)
  • Vapi (voice calls + transcription)
  • Resend (transactional email)
  • Stripe / Paddle / Lemon Squeezy (payments; only the active provider)
  • Sentry (error monitoring; PII scrubbed before send)
  • Plausible (privacy-first analytics, no cookies)

5. Where data is stored

Primary storage is on Cloudflare's global edge network. Backups are kept in regions appropriate to your jurisdiction. EU/UK user data stays within the EU/UK. We use Standard Contractual Clauses for any transfers that cross those boundaries.

6. Your rights

Wherever you live, you can:

  • Access a copy of your data: write to privacy@bawab.ai.
  • Correct anything that's wrong (most fields are editable in /settings).
  • Delete your account and your data: go to /settings or write to us. We honour deletions within 30 days.
  • Object to processing or export your data in a portable format.
  • Withdraw consent for analytics from the cookie banner at any time.
  • Lodge a complaint with your local data protection authority (e.g. ICO in the UK, the CNIL in France).

7. Retention

Account data is kept while you have an account. Conversation logs are kept for 24 months by default. You can shorten this in /settings once active. Payment records are kept for the period required by tax law in your jurisdiction (typically 6–10 years).

8. Children

BAWAB is not for users under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, write to us and we'll close the account.

9. Changes to this policy

Material changes are emailed to active users. Minor edits, like typos and clarifications, are posted here with the “last updated” date.

10. Contact

Data Protection: privacy@bawab.ai
General: hello@bawab.ai