Privacy Policy

Privacy Policy for end users.
Last updated: September 10, 2025

We take your privacy seriously. This Privacy Policy explains what information the BCCA AI Assistant collects and how we keep it safe.

1. What We Collect

We collect only the minimum data required to deliver conversational support via our BCCA AI Assistant tool. This includes:

  • Your conversation content with the AI
  • An anonymized, hashed version of your IP address (used to determine approximate geographic location)
  • Timestamps of interactions

We do not collect:

  • Names, email addresses, or other personally identifiable information (PII)
  • Account information

2. How We Use Your Data (Updated)

We use anonymized and de-identified conversation data to:

  • Deliver AI-powered answers to your questions
  • Analyze usage patterns, such as:
    • What topics are being asked most frequently
    • General interest in services (e.g., training, procurement)
    • Location-based trends (based on non-reversible, hashed IP geolocation)
    • Improve overall product experience and performance

This information is always analyzed in aggregate form and is never used to identify, track, or profile individual users.

We do not:

  • Collect or associate personal identifiers
  • Use conversation content to make individual-level decisions or for advertising
  • Share data with third parties beyond OpenAI’s secure API

3. Storage and Retention

  • Conversation data is stored indefinitely in a secure, encrypted MongoDB Atlas instance
  • All stored data is anonymous and cannot be tied to any individual
  • We retain data only for internal operational purposes and to ensure system continuity

4. Third‑Party Services

We use OpenAI’s API to process and generate responses. OpenAI does not use your data for training, and data is transmitted securely via HTTPS.

5. Your Rights

Because we do not store user-identifiable data, there is no mechanism for data access or deletion requests. However, if you believe your data was mistakenly linked to personal information, you may contact us at [your email/contact method].

6. Security

  • Encrypted data storage (MongoDB Atlas with encryption at rest and TLS)
  • Role-based access control (RBAC)
  • Secure API integrations
  • Sanitization of user inputs

We do not allow external access to stored conversation data.

7. Policy Updates

We may revise this policy over time. Updates will be posted here with a revised “Last Updated” date.