Privacy & Data Policy
This Privacy Policy describes how Bodha App (“we”, “our”, “us”) handles data across Bodha App (bodhaapp.com) and Pivot by Bodha (pivot.bodhaapp.com).
1. What Data We Collect
We collect minimal information required to deliver our services:
- Basic account data: name, email address (when provided).
- Journey inputs: reflections, goals, and experiment notes you submit.
- Usage data: interactions, browser type, device info, and analytics cookies.
2. Use of AI (OpenAI Processing)
Our platform uses OpenAI and other third-party AI services to process text inputs and generate insights. To protect your privacy, do not include personal identifiers such as names, contact details, addresses, or sensitive personal information in free-text fields.
When data is sent to OpenAI’s API, it is processed under OpenAI’s own Privacy Policy. We cannot control how OpenAI stores or uses that transient data once transmitted. Bodha App remains the data controller for your stored journey data but not for external AI processing.
3. Analytics & Cookies
We use analytics tools such as Google Analytics or equivalent services to measure engagement and performance. These services may use cookies or tracking pixels to collect aggregated, pseudonymized data.
You can withdraw cookie consent at any time through the cookie settings or by clearing your browser cookies.
4. Lawful Basis (GDPR)
Under the EU General Data Protection Regulation (GDPR), our lawful bases for processing data are:
- Legitimate interest — to operate and improve our platform.
- Consent — for analytics cookies and optional AI personalization features.
- Contractual necessity — for registered users or organizations with agreements.
5. Data Transfers Outside the EEA
Some processors (such as OpenAI and Google LLC) may store or process data outside the European Economic Area. We rely on the EU Standard Contractual Clauses (SCCs) and equivalent safeguards to ensure lawful transfers.
6. Data Retention
Journey data and experiments are stored only as long as necessary for active users or organizations. You may request deletion or export of your data anytime by contacting: privacy@bodhaapp.com.
7. Your GDPR Rights
- Access your personal data
- Request correction or deletion
- Restrict or object to processing
- Request data portability
- Withdraw consent (for analytics/cookies)
8. Organization-Specific Terms (Pivot by Bodha )
For organization accounts, administrators are responsible for managing member access and ensuring local compliance. Bodha App processes data only on behalf of the organization as a processor, under a Data Processing Agreement (DPA).
Organizations must not upload or share personally identifiable information about users in AI prompt fields. All cohort data is visible only to authorized mentors and admins.
9. Contact & Complaints
For privacy-related questions, contact our Data Protection Officer (DPO) at privacy@bodhaapp.com. EU users may also contact their national data protection authority.