Back
Privacy Policy for Baruly
Last Updated: January 15, 2025
PRIVACY POLICY
Thank you for visiting Baruly ("we," "us," "our," or "Baruly"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our website located at https://baruly.com (the "Website") and our related services (collectively, the "Service").
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with this Privacy Policy, please do not use the Service.
This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms used but not defined in this Privacy Policy have the meanings given to them in our Terms of Service.
1. INFORMATION WE COLLECT
We collect information that you provide directly to us, information that is automatically collected when you use the Service, and information from third-party sources.
1.1 Information You Provide Directly
Account Information:
- Name
- Email address
- Profile image (if provided through authentication providers)
- Authentication credentials (managed through NextAuth)
Payment Information:
- Payment method details (processed securely through Stripe)
- Billing address
- Transaction history
- Subscription details and payment records
User Content:
- Positioning canvases and analyses you create
- Company information and URLs you submit for analysis
- Chat messages and interactions with our AI services
- Feedback, comments, and other content you submit
Communication Information:
- Support requests and communications
- Survey responses and feedback
- Marketing preferences and consent
1.2 Information Automatically Collected
Technical Information:
- IP address
- Browser type and version
- Device information (type, operating system, device identifiers)
- Screen resolution and display settings
- Language preferences
Usage Information:
- Pages visited and time spent on pages
- Features used and interactions with the Service
- Clickstream data and navigation patterns
- Session duration and frequency of use
- Token usage and consumption metrics
- Referral sources and campaign tracking
Analytics Data:
- Page views and user interactions (tracked via Umami Analytics)
- Event tracking (feature usage, conversions, errors)
- Performance metrics and error logs
- User journey and behavior analytics
Cookies and Tracking Technologies:
- Session cookies (for authentication and session management)
- Preference cookies (for user settings and preferences)
- Analytics cookies (for service improvement and analytics)
- Local storage data (for session tracking and preferences)
1.3 Information from Third-Party Sources
Authentication Providers:
- When you sign in using Google OAuth or other providers, we receive your name, email address, and profile image
Payment Processors:
- Stripe provides us with payment status, subscription information, and transaction details
AI Service Providers:
- We may share your content with AI service providers (OpenAI, Anthropic) to generate responses. These providers may process your data according to their privacy policies.
2. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
2.1 Service Delivery
- To provide, operate, and maintain the Service
- To process your transactions and manage your subscriptions
- To generate AI-powered positioning analyses, canvases, and recommendations
- To deliver features and functionality you request
- To authenticate your identity and manage your account
- To track usage limits and enforce subscription tiers
- To provide customer support and respond to your inquiries
2.2 Service Improvement
- To analyze usage patterns and improve the Service
- To develop new features and functionality
- To optimize performance and user experience
- To conduct research and analytics
- To train and improve our AI models (using aggregated and anonymized data)
2.3 Communication
- To send you transactional emails (order confirmations, account updates, service notifications)
- To send you marketing communications (with your consent)
- To respond to your support requests
- To notify you about changes to the Service or our policies
- To send you important security and policy updates
2.4 Legal and Security
- To comply with legal obligations and enforce our rights
- To detect, prevent, and address fraud, security issues, or abuse
- To protect the rights, property, or safety of Baruly, our users, or others
- To investigate violations of our Terms of Service
2.5 Business Operations
- To manage our business operations and administration
- To process payments and manage billing
- To generate analytics and business intelligence
- To conduct audits and ensure compliance
3. MARKETING COMMUNICATIONS
3.1 Marketing Emails
With your consent, we may use your email address to send you marketing communications, including:
- Newsletters and product updates
- Promotional offers and special deals
- Information about new features or services
- Relevant content and insights related to positioning and marketing
- Event invitations and webinars
3.2 Opt-Out
You can opt-out of marketing communications at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Contacting us at support@mg.baruly.com
- Adjusting your email preferences in your account settings
3.3 Transactional Communications
Even if you opt-out of marketing communications, we may still send you transactional emails related to:
- Account management and security
- Order confirmations and receipts
- Subscription updates and billing
- Service notifications and important updates
- Responses to your support requests
4. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We share information with third-party service providers who perform services on our behalf, including:
- Stripe (payment processing and subscription management)
- MongoDB (data storage and database services)
- Mailgun (email delivery and transactional emails)
- OpenAI and Anthropic (AI service providers for content generation)
- Umami Analytics (website analytics and usage tracking)
- NextAuth (authentication services)
- Railway (hosting and infrastructure)
These service providers are contractually obligated to protect your information and use it only for the purposes we specify.
4.2 Business Transfers
If we are involved in a merger, acquisition, asset sale, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government investigations).
4.4 Protection of Rights
We may disclose your information when we believe it is necessary to:
- Protect our rights, property, or safety
- Protect the rights, property, or safety of our users or others
- Enforce our Terms of Service or other agreements
- Investigate potential violations or fraud
4.5 Public Canvas Directory
When you make your positioning canvas public and add it to our directory:
- Your canvas content will be visible to other users who have directory access
- We may display your canvas in our directory service, which may be monetized
- Your canvas may be used for marketing, promotional, and commercial purposes
- You can remove your canvas from the public directory at any time
5. DATA RETENTION
We retain your personal information for as long as necessary to:
- Provide the Service to you
- Fulfill the purposes described in this Privacy Policy
- Comply with legal obligations
- Resolve disputes and enforce our agreements
Specific retention periods:
- Account information: Retained while your account is active and for a reasonable period after account closure
- Payment information: Retained as required by law and for accounting purposes (typically 7 years)
- User content: Retained until you delete it or request deletion
- Analytics data: Retained in aggregated and anonymized form
- Cookies: Retained according to cookie expiration settings (typically 30 days to 2 years)
When we no longer need your information, we will securely delete or anonymize it, except where we are required to retain it for legal purposes.
6. DATA SECURITY
We implement appropriate technical and organizational security measures to protect your information, including:
- Encryption of data in transit (SSL/TLS)
- Secure authentication and access controls
- Regular security assessments and updates
- Limited access to personal information on a need-to-know basis
- Secure payment processing through Stripe (we do not store complete payment card information)
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. YOUR RIGHTS AND CHOICES
Depending on your location, you may have certain rights regarding your personal information:
7.1 Access and Portability
You have the right to:
- Access the personal information we hold about you
- Request a copy of your data in a portable format
- View your account information and usage data through your account dashboard
7.2 Correction
You can update your account information at any time through your account settings or by contacting us.
7.3 Deletion
You have the right to request deletion of your personal information, subject to legal and operational requirements. You can:
- Delete your account through your account settings
- Request deletion by contacting us at support@mg.baruly.com
Note: Some information may be retained as required by law or for legitimate business purposes.
7.4 Objection and Restriction
You have the right to:
- Object to processing of your information for certain purposes
- Request restriction of processing in certain circumstances
- Withdraw consent where processing is based on consent
7.5 Opt-Out Rights
- Marketing communications: Opt-out as described in Section 3.2
- Cookies: Manage cookie preferences through your browser settings
- Analytics: Some analytics may continue even if you opt-out, but in anonymized form
7.6 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising your privacy rights
7.7 European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
To exercise any of these rights, please contact us at support@mg.baruly.com. We will respond to your request within 30 days (or as required by applicable law).
8. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to:
- France (our primary jurisdiction)
- United States (where many of our service providers operate)
- Other countries where our service providers are located
We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions where applicable
- Other appropriate legal mechanisms
9. COOKIES AND TRACKING TECHNOLOGIES
9.1 Types of Cookies We Use
Essential Cookies:
- Required for the Service to function properly
- Enable authentication and session management
- Cannot be disabled without affecting Service functionality
Functional Cookies:
- Remember your preferences and settings
- Enhance your user experience
- Can be disabled, but may affect Service functionality
Analytics Cookies:
- Help us understand how you use the Service
- Enable us to improve performance and user experience
- Used by Umami Analytics (privacy-focused analytics)
9.2 Managing Cookies
You can manage cookies through:
- Your browser settings (most browsers allow you to refuse or delete cookies)
- Our cookie preference center (if available)
- Third-party opt-out tools
Note: Disabling certain cookies may limit your ability to use some features of the Service.
9.3 Do Not Track
Some browsers include a "Do Not Track" (DNT) feature. We do not currently respond to DNT signals, but we respect your privacy choices as described in this Privacy Policy.
10. CHILDREN'S PRIVACY
The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at support@mg.baruly.com. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.
11. THIRD-PARTY LINKS AND SERVICES
The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services you access.
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect:
- Changes in our practices or services
- Legal or regulatory requirements
- Industry standards and best practices
We will notify you of material changes by:
- Posting the updated Privacy Policy on this page
- Updating the "Last Updated" date
- Sending you an email notification (for significant changes)
- Displaying a notice on the Service
Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the Service and may request deletion of your account.
13. DATA CONTROLLER INFORMATION
For purposes of the GDPR and other applicable data protection laws, the data controller is:
Baruly
Email: support@mg.baruly.com
14. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: support@mg.baruly.com
We will respond to your inquiry within 30 days (or as required by applicable law).
15. CONSENT
By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.