Privacy Policy Statement

Effective Date: October 17, 2025

Who we are

Buburuza (“we,” “us,” “our”) provides financial technology products and services (the “Services”). This Privacy Policy explains what we collect, how and why we use it, who we share it with, how long we keep it, how we protect it, and your rights.

We comply with applicable privacy laws (e.g., PIPEDA in Canada, UK GDPR/Data Protection Act 2018, EU GDPR, and CCPA/CPRA in California) and operate a privacy program grounded in the PIPEDA Ten Principles(Accountability, Identifying Purposes, Consent, Limiting Collection, Limiting Use/Disclosure/Retention, Accuracy, Safeguards, Openness, Individual Access, Challenging Compliance).

What we collect

  • Identity & contact: name, date of birth, address, email, phone.
  • Verification & compliance: government ID data, liveness/biometric checks (for authentication), sanctions/PEP results where required by law.
  • Financial & transactional: payment instructions, transaction history, risk/screening outcomes, product selections.
  • Technical: device identifiers, IP address, security telemetry, logs.
  • Preferences & communications: marketing settings, support tickets, feedback.

We may also obtain information from third parties (e.g., credit bureaus, sanctions lists, fraud and blockchain analytics) for compliance, security, and service delivery purposes.

Why we use data

  • Deliver the Services (create/manage accounts, process payments, service transactions).
  • Meet legal duties (KYC/KYB, AML/CFT, sanctions screening, reporting).
  • Protect our users and platform (fraud prevention, security, incident response, business continuity).
  • Improve our products (service analytics, quality assurance; we prefer aggregation/anonymization where possible).
  • Communicate with you (service updates, regulatory notices; marketing where permitted/with consent).

Legal bases include contract necessity, legal obligations, legitimate interests, and consent (where required). We do not sell personal information for money.

Cookies & similar tech

We use cookies for security, core functionality, and (where permitted) analytics/personalization. Optional cookies can be controlled via our consent banner and your browser/app settings.

Sharing & disclosure

We share personal data with:

  • Affiliates (under intra-group agreements with equivalent protections).
  • Service providers (cloud, payments, custody, KYC/KYB, support) under written contracts limiting use and requiring security.
  • Regulators/law enforcement when required by law.
  • Business transferees (e.g., mergers), under comparable safeguards.

International transfers

Data may be processed in or accessed from the U.S., U.K., Canada, Comoros, Hong Kong, and the EU/EEA. We use appropriate safeguards such as Standard Contractual Clauses and participate in applicable Data Privacy Framework (DPF) programs for eligible transfers.

Retention

We retain personal data only as long as necessary for the purposes above and to satisfy legal/AML requirements (typically up to 7 years post-relationship for AML records). We then securely delete or anonymize data.

Security (what matters)

We apply layered security (encryption, access controls, MFA, monitoring, incident response) and align our controls with ISO/IEC 27001 (ISMS), ISO/IEC 22301 (Business Continuity), ISO 31000 (Risk Management), and ISO/IEC 30107-3 (PAD Levels 1 & 2) for liveness/biometric presentation-attack detection used in identity flows. We use e-IDVT-certified processes where required or appropriate for identity verification. (We publish current certification status in our Trust Center.)

Your rights

Depending on your jurisdiction, you may have rights to access, rectify, delete, port, restrict or object to processing, withdraw consent, and opt out of certain uses:

  • Canada (PIPEDA): access/correction and complaint rights; we respond typically within 30 days.
  • UK/EU (UK GDPR/GDPR): access, rectification, erasure, portability, restriction/objection; you can complain to the ICO (UK) or your EU DPA.
  • California (CCPA/CPRA): rights to know/delete/correct and to limit use of sensitive information; opt-out of certain sharing for cross-context advertising.

Submit requests via Settings → Privacy (in-app) or email support@buburuza.com; we’ll respond within applicable statutory timeframes.

UK-specific notice & ICO registration

For UK users, Buburuza provides a UK-tailored privacy notice and maintains registration with the Information Commissioner’s Office (ICO). Our UK contact details and DPO/Privacy Officer are available via Settings → Privacy → UK Notice (in-app).

Contact the Privacy Officer

Buburuza AI Inc.
Attention: Privacy Officer
Bentall II, 555 Burrard Street, Office 03-109, Vancouver, BC V7X 1M8, Canada
Phone: +1 (770) 525-7664

Email: support@buburuza.com

Home
About us
Bubu Ai
Cards
Concierge
MoneyOS
Trust & Financing
Services
Security & Custody
Legal
Bubu Lab
/
En
中文
Trust & Financing
Wealth management
Insurance
Digital assets custody
VIP concierge
SERVICES
Stablecoins & Tokens
Home
ABOUt us
Bubu ai
cards
Concierge
Money OS
trust & financing
Services
Security & Custody
Legal info
bubu lab
Close
Menu
We use cookies. By continuing, you agree to our cookie policy.
Decline
Accept