Privacy Policy

1. Introduction

BPract Software Solutions LLP("BPract," "we," "us," or "our") operates the BPract Agents platform available at https://agents.bpract.com(the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By accessing or using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account registration data: name, email address, company name, and password.
• Billing information: payment details processed securely through Razorpay. We do not store full card numbers.
• Agent configuration: instructions, knowledge base documents, branding settings, and action configurations you create.
• Support communications: messages you send to us via email, chat, or contact forms.

2.2 Information Collected Automatically

• Usage data: pages visited, features used, timestamps, and interaction patterns.
• Device and browser information: IP address, browser type, operating system, and screen resolution.
• Chat conversation data: messages exchanged between website visitors and your AI agent, stored to provide conversation history and analytics.
• Log data: server logs including request URLs, response codes, and error traces for debugging and security.

3. How We Use Your Information

• To provide, maintain, and improve the Service.
• To process transactions and send billing-related communications.
• To train and operate AI agents using the knowledge base content you provide.
• To deliver conversation history and analytics to account holders.
• To detect, prevent, and address fraud, abuse, and security issues.
• To enforce rate limits, token budgets, and usage quotas.
• To communicate with you about updates, features, and support requests.
• To comply with legal obligations.

4. Cookies and Tracking Technologies

We use essential cookies to maintain session state in the admin panel. The chat widget uses localStorage to persist conversation history for returning visitors. We do not use third-party advertising trackers. Cloudflare may set performance cookies as part of CDN and security services. You can disable cookies in your browser settings, but some features may not function properly.

5. Third-Party Services

We share data with the following categories of third-party service providers, solely to operate the Service:

• AI model providers (Anthropic, OpenAI): conversation messages are sent to generate AI responses. Messages are processed per their respective privacy policies and are not used to train their models when accessed via API.
• Cloud infrastructure (AWS): hosting, storage, and compute services.
• CDN and security (Cloudflare): content delivery, DDoS protection, and DNS.
• Payment processing (Razorpay): subscription billing and payment handling.

We do not sell, rent, or trade your personal information to any third party.

6. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption in transit, encrypted database storage at rest, rate limiting, SSRF protection, prompt injection defense, XSS sanitization, CORS validation, and role-based access control. While no method of transmission over the Internet is 100% secure, we continuously audit and improve our security posture with 67+ security controls in place.

7. Data Retention

We retain your account data for as long as your account is active. Conversation data is retained for the duration of your subscription to provide history and analytics. When you delete your account or request data deletion, we remove your personal data within 30 days, except where retention is required by law. Aggregated, anonymized data may be retained indefinitely for analytics purposes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data.
• Portability: request your data in a structured, machine-readable format.
• Objection: object to processing of your data for certain purposes.
• Restriction: request restriction of processing under certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: