Privacy Policy

Boni One is operated by Bohni Tech Private Limited, Bangalore, Karnataka, India. Boni One may act as a controller/Data Fiduciary for website visitors, prospects, account users, administrators, vendors, and security records.

We may act as a processor/Data Processor when we process customer-controlled data only to provide services under customer instructions. Customers remain responsible for their own notices, lawful basis, consents, campaign permissions, grievance handling, and end-user/Data Principal requests where they decide the purpose and means of processing.

We may process account details, contact details, organization information, login/authentication records, membership and permission records, support messages, billing and commercial records, product usage data, API events, device/browser data, IP addresses, audit logs, consent records, and information submitted through forms or product workflows.

If a customer connects Boni One to other systems, we may process the data required to operate that connection, including resource links, workspace metadata, integration settings, service-account metadata, and limited operational logs.

We process personal data to provide and secure the service, manage organizations and memberships, support customers, operate integrations, respond to requests, improve reliability, prevent misuse, comply with law, maintain financial and tax records, and send service or commercial communications.

For GDPR, our legal bases may include contract, legitimate interests, consent, and legal obligation. For DPDP, we process digital personal data for consent-based purposes, applicable legitimate uses, legal requirements, or customer-controlled processing instructions, and we publish contact details for privacy questions and grievances.

Boni One may use automation or AI-assisted tools for support, classification, operational analysis, drafting, search, and product workflows.

We aim to use only the data needed for the task, restrict access, and review higher-risk workflows before launch.

Essential cookies and similar technologies may be used to operate the site, remember security/session choices, and prevent abuse.

Non-essential analytics, advertising, or tracking technologies should run only after valid consent where required. Users must be able to reject or later change non-essential cookie choices.

We use service providers for hosting, cloud infrastructure, authentication, communications, analytics, support, payments, logging, security, AI, and other operational needs.

We may also disclose information to comply with law, protect rights and safety, enforce terms, or complete a corporate transaction. We do not sell personal data as a standalone business.

Personal data may be processed in India and other countries where we, our customers, or service providers operate.

For GDPR-covered data, we use appropriate transfer mechanisms where required, such as adequacy decisions, standard contractual clauses, or processor terms. For DPDP-covered data, we monitor Indian transfer restrictions and applicable rules.

We retain personal data only as long as needed for the purposes described in this Policy, customer contracts, security, tax/accounting, legal obligations, dispute resolution, audits, and backups.

Where processing is based on consent and consent is withdrawn, we will stop or help the responsible customer stop the relevant processing unless continued processing is required or authorized by law, contract, security, fraud-prevention, dispute, or other permitted grounds.

We use technical and organizational measures designed to protect personal data, including access controls, encryption in transit where applicable, audit logs, vendor review, secure development practices, and incident response. Boni is building an ISO/IEC 27001-aligned security management program, but this Policy is not a certification claim.

Depending on where you are and how we process your data, you may request access, information about processing, correction, completion, update, deletion, restriction, objection, portability, withdrawal of consent, grievance review, and nomination under applicable law.

For DPDP-covered data, Data Principals may contact us for processing questions, correction, erasure, grievance redressal, consent withdrawal, and nomination. If we process your personal data on behalf of a customer, we may route your request to that customer or assist the customer in responding.

Boni One is intended for business use and is not directed to children. Customers must not use Boni One to intentionally process children's personal data unless the required safeguards are in place.

We may update this Policy as our products, laws, vendors, or practices change. The latest version will be posted on this page with its effective date.