Privacy Policy

BSpot AI is operated by Team ApexMinds, based in Karachi, Pakistan. We are the data controller for personal data you provide to the Service. Contact: privacy@bspot-ai.lovable.app.

• Account data — email, display name, password hash, preferred language, MFA settings.
• Profile data — home country, target country, business type, budget range, timeline, readiness inputs.
• Uploaded documents — passport scans, bank statements, or other files you choose to store in the Document Vault.
• Usage data — pages visited, features used, AI prompts and responses, credit transactions, error logs.
• Device & technical data — IP address, browser type, operating system, and cookies for session and preferences.
• Payment data — handled directly by our payment processor; we store only the transaction ID and last 4 digits of the card for receipts.

To (a) operate and secure the Service; (b) personalize country guidance, roadmaps, and AI advice; (c) process credit purchases and prevent fraud; (d) communicate service updates and respond to support requests; (e) comply with legal obligations. We do not sell your personal data and we do not use it for third-party advertising.

• Contract — to deliver the features you sign up for.
• Legitimate interest — to secure the platform, improve features, and prevent abuse.
• Consent — for optional marketing emails (you can opt out anytime).
• Legal obligation — to comply with tax, accounting, and law-enforcement requests.

• Lovable Cloud — authentication, database, file storage, edge functions.
• Lovable AI Gateway (Google Gemini) — generates AI dossiers and assistant responses from your prompts.
• ExchangeRate-API, Finnhub, CoinGecko, World Bank — public market and macro data feeds.
• Payment processor — handles card payments, PayPal, and wallets (PCI-DSS Level 1 certified).

These providers receive only the data necessary to deliver the requested feature and are bound by their own data-processing terms.

Account and profile data are retained for as long as your account is active. Uploaded documents remain until you delete them or close your account. Backups are purged within 30 days of deletion. Billing records may be retained for up to 7 years to comply with tax law.

You have the right to access, correct, export, restrict, or delete your personal data, to object to processing based on legitimate interest, and to withdraw consent. Most actions are self-service in Settings; for others email privacy@bspot-ai.lovable.app. We respond within 30 days. EU/UK residents may lodge a complaint with their local data-protection authority.

The Service is hosted on global infrastructure and your data may be processed in regions outside your home country (typically EU, US, or Asia-Pacific). Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

Data is encrypted in transit (TLS 1.2+) and at rest. Documents are stored in private buckets with time-limited signed URLs. Row-level security restricts every record to its owner. Optional MFA (TOTP + recovery codes) is available from Settings. No system is 100% secure — we will notify affected users within 72 hours of any confirmed breach involving personal data.

We use strictly necessary cookies for session and preferences (theme, language, sidebar state). We do not use third-party advertising cookies. You can clear cookies anytime in your browser; doing so may sign you out.

The Service is not directed to anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.

We may update this Policy. Material changes will be notified in-app or by email. The "Last updated" date above always reflects the current version.

Privacy & data requests: privacy@bspot-ai.lovable.app
Security: trust@bspot-ai.lovable.app