Privacy Policy
This Privacy Policy describes how Bindi ("we", "us", or "our") collects, uses, and protects your personal information when you use our website at bindi.coach, our web application at app.bindi.coach, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide
When you sign up and use Bindi, we collect information you provide directly:
- Account information: your name, email address, and profile picture, provided through Google Sign-In
- Career information: career goals, job titles, skills, and other professional details you enter to create your personalized career journey
- Conversations: questions and messages you send to the AI career assistant
- Payment information: billing details are collected and processed by Stripe; we do not store your credit card number
1.2 Information Collected Automatically
When you use the Service, we automatically collect certain information:
- Usage data: pages visited, features used, actions taken, and timestamps
- Device information: browser type, operating system, screen resolution, and language preferences
- Log data: IP address, access times, and referring URLs
- Cookies and similar technologies: we use cookies and local storage for authentication, preferences, and analytics (see Section 6)
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: create your account, generate personalized career plans, power AI-assisted guidance, and process payments
- Improve the Service: analyze usage patterns, identify issues, and develop new features
- Communicate with you: send welcome emails, service updates, and respond to your inquiries
- Ensure security: detect and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations: respond to lawful requests and enforce our Terms of Service
3. How We Share Your Information
We do not sell your personal information. We share your data only in the following circumstances:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Authentication (Sign-In) | OAuth tokens, email, profile info | |
| Stripe | Payment processing | Billing and transaction details |
| OpenAI / Anthropic | AI content generation | Career goals, questions, and context needed to generate responses |
| Email provider (SendGrid) | Transactional emails | Email address, name |
| Google Analytics | Website analytics | Anonymized usage and device data |
| MongoDB (cloud hosting) | Data storage | All Service data (encrypted at rest) |
We may also disclose your information if required by law, court order, or governmental request, or if necessary to protect the rights, property, or safety of Bindi, our users, or others.
4. AI and Your Data
To provide AI-powered career guidance, we send relevant context (such as your career goals and questions) to third-party AI providers (OpenAI and/or Anthropic). These providers process data according to their own privacy policies and data processing agreements. We only send the minimum data necessary to generate useful responses.
We do not use your personal data to train AI models. However, we cannot control whether third-party AI providers use data processed through their APIs for model improvement; please review their respective privacy policies for details.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account data: retained until you request deletion
- Career journey data: retained until you delete the journey or your account
- AI conversation history: retained for the duration of your account
- Payment records: retained as required by applicable tax and financial regulations
- Analytics data: retained in anonymized form
After account deletion, we will remove or anonymize your personal data within 30 days, except where retention is required by law.
6. Cookies and Tracking
We use the following types of cookies and similar technologies:
- Essential cookies: required for authentication and core functionality (e.g., session token)
- Analytics cookies: help us understand how the Service is used (Google Analytics)
Cookie consent is managed through Usercentrics. You can adjust your preferences at any time through the cookie banner or your browser settings. Disabling essential cookies may affect Service functionality.
7. Data Security
We take reasonable technical and organizational measures to protect your personal information, including:
- HTTPS encryption for all data in transit
- Encrypted database storage
- Secure authentication through Google OAuth
- Regular security reviews
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal data and account
- Data portability: request a copy of your data in a structured, machine-readable format
- Restriction: request that we limit how we process your data
- Objection: object to the processing of your data for certain purposes
To exercise any of these rights, contact us at 0800.grc@gmail.com. We will respond within 30 days.
9. International Data Transfers
Bindi is operated from Brazil. Your data may be transferred to and processed in countries other than your own, including the United States (where our third-party service providers operate). By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place when transferring data internationally.
10. Children's Privacy
The Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we discover that we have collected data from a child under 18, we will promptly delete it. If you believe we have inadvertently collected such information, please contact us at 0800.grc@gmail.com.
11. Brazilian Data Protection (LGPD)
If you are located in Brazil, the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados, LGPD) provides you with specific rights, including:
- Confirmation of the existence of data processing
- Access to your data
- Correction of incomplete, inaccurate, or outdated data
- Anonymization, blocking, or deletion of unnecessary or excessive data
- Data portability
- Deletion of personal data processed with your consent
- Information about public and private entities with which we have shared your data
- Revocation of consent
The legal bases for our data processing include: your consent, performance of the contract (providing the Service), and our legitimate interests (improving and securing the Service).
12. European Data Protection (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with additional rights. Our legal bases for processing your personal data include:
- Contract performance: processing necessary to provide the Service you requested
- Consent: where you have given explicit consent (e.g., marketing emails, analytics cookies)
- Legitimate interests: improving the Service, ensuring security, and preventing fraud
- Legal obligation: where processing is required by law
You have the right to lodge a complaint with your local data protection authority.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where feasible, notify you via the Service or email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: