Privacy Policy

Bitinda AI Inc. (the "Company", "Bitinda AI", "we", "us", "our") is committed to maintaining robust privacy protections for its users. This Privacy Policy explains how we collect, use, share and safeguard information when you use our Service.

What Bitinda is. Bitinda is a platform provider for agentic commerce — software that, on your instructions, finds products, navigates stores and completes checkout on your device. Bitinda does not hold, transfer, take custody of, or collect your funds, and does not itself issue payment cards or perform identity verification. Those regulated functions are carried out by licensed third-party providers. Bitinda orchestrates the experience and receives only limited tokens, references, statuses and confirmations from those providers.

"Site" means our website at https://www.bitinda.ai and https://www.bitinda.app, and our mobile applications. "Service" means the Bitinda agentic-commerce platform. "You" means a user of the Site or Service. By using the Site or Service, you accept this Privacy Policy and our Terms of Use, and consent to the processing of your information as described here.

I. Information we collect

We collect "Non-Personal Information" (which cannot identify you, such as anonymous usage data, general demographics, referring/exit URLs, platform and device types, the preferences you submit, and number of clicks) and "Personal Information".

Personal Information we collect is limited to what we need to run the platform:

• Contact details — your name, email address and phone number (your phone and email may be used to send and verify one-time security codes).
• Delivery address — the shipping address where you ask the agent to have orders delivered.
• Transaction metadata — the limits you set, your balance status, and a history of authorizations and orders that we display to you. This lets you review activity; it is derived from data held by our providers.
• Verification status & credentials — whether your identity has been verified, and authentication credentials such as device passkeys.

Information collected directly by our providers, not by Bitinda. Your full payment-card numbers, the custody of your balance, stablecoin conversion, and identity-verification ("KYC") documents are collected and processed directly by licensed third-party providers, under their own privacy policies. Bitinda does not store your card numbers or your KYC documents; card details used for a purchase are tokenized into single-use, merchant-locked cards and are never exposed to the merchant or to the AI model.

1. Information collected via technology

To improve and secure the Service we automatically collect information from your browser or our application, such as the referring URL, browser type, device, and time and date of access. We use cookies and similar technologies (small text files with an anonymous identifier) to keep you signed in, remember your language and preferences, measure performance, and detect fraud. We may use both persistent cookies (which remain until you delete them) and session cookies (which expire when you close your browser). For example, we store a persistent cookie to keep you signed in and to remember your language preference.

2. Information you provide by registering

To use the Service you create a profile by registering with your email address and a password, and by completing the steps needed to fund a balance and verify your identity with our providers. By registering, you authorize us to collect, store and use this information in accordance with this Privacy Policy.

3. Age requirement

The Site and Service are not directed to anyone under the age of 18, and we do not knowingly collect information from anyone under 18. If we learn that we have collected information from someone under 18, we will delete it as soon as possible. If you believe this has occurred, contact us at contact@bitinda.ai.

II. How we use and share information

Except as described here, we do not sell, trade or rent your Personal Information for marketing purposes. We use Personal Information to operate and secure the platform, route your authorized purchases to our providers, verify your identity through our providers, prevent fraud, communicate with you, and meet our legal obligations.

Providers we share information with. We share the minimum necessary information with service providers acting on our behalf — including providers for payment processing, funds and stablecoin infrastructure, single-use card issuance, identity verification, and embedded wallet and authentication, as well as email, analytics and cloud-hosting providers. We do not name these partners at this stage, as our integrations are still being finalized; this policy will be updated when they go live.

These providers process information only as needed to perform their services. We may disclose information when reasonably necessary to comply with law, legal process or a governmental request; to enforce our Terms of Use; to address fraud, security or technical issues; or to protect the rights, property or safety of our users or the public. In a merger, acquisition or sale of assets, your information may be transferred as part of the transaction.

We use Non-Personal Information to operate, improve and customize the Service and to analyze usage in aggregate.

III. Data retention

We keep your account and profile data while your account is active and for up to 90 days after closure, after which it is deleted or anonymized, unless a longer period is required by law. Transaction metadata (authorizations and orders) is retained for up to 5 years to meet anti-fraud, tax and legal record-keeping obligations, then deleted or anonymized. Marketing preferences are kept until you opt out; cookies persist for their stated lifespan.

IV. How we protect information

We implement security measures designed to protect your information, including encryption in transit and at rest, TLS, firewalls, and isolation of card data from the AI model. Your account is protected by your password and, where enabled, passkeys or one-time codes — keep these confidential and sign out after each use. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. By using the Service, you acknowledge these inherent risks.

V. Your rights

Marketing. You can opt out of marketing messages at any time via the unsubscribe link in each email or in the "Settings" section of the Service. We may still send administrative messages (security alerts, transaction confirmations, policy updates).

European Union / EEA & United Kingdom (GDPR / UK GDPR). You have the rights of access, rectification, erasure, restriction, portability and objection, and the right to complain to your supervisory authority. We process Personal Information on the legal bases of performance of a contract, our legitimate interests (operating and securing the platform), compliance with legal obligations, and your consent where required.

California (CCPA / CPRA). You have the rights to know, access, delete and correct your personal information, and to opt out of its "sale" or "sharing". We do not sell your Personal Information, and we do not discriminate against you for exercising these rights.

International transfers. Bitinda AI and some providers are located in the United States, so your information may be transferred to and processed in the US and other countries. Where required, such transfers rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

To exercise any right, contact us at contact@bitinda.ai. We may need to verify your identity before responding.

VI. Links to other websites

The Service links to and interacts with third-party websites and applications, including the merchant stores where the agent completes purchases. We are not responsible for their privacy practices. This Privacy Policy applies only to information collected by us. Please review the privacy statements of any third party before using it.

VII. Changes to this policy

We may change this Privacy Policy and our Terms of Use at any time. We will notify you of significant changes by email to the address on your account or by a prominent notice on the Site. Significant changes take effect 30 days after notification; non-material changes take effect immediately. Please check this page periodically.

VIII. Contact us

Questions about this Privacy Policy? Contact us at contact@bitinda.ai.

Bitinda AI Inc. — a Delaware C-Corporation
131 Continental Dr, Suite 305, Newark, DE 19713, United States