1. Operational Overview
BluiAI (referred to as "BluiAI," "we," "our," or "us") provides an autonomous conversational commerce platform that acts as a digital business partner. By connecting e-commerce inventory, CRM databases, and messaging channels (such as WhatsApp and Telegram), BluiAI allows merchants to automatically process orders, check stock levels, handle customer inquiries, and execute bargaining guardrails.
This Privacy Policy describes how we gather, process, and secure information when you integrate our platform with your systems, and when customers interact with your automated BluiAI partners.
2. Data Collection & Scope
We only collect data necessary to run autonomous operations safely and verify system events. The scope of information includes:
Merchant Configurations
- Database endpoints and sync parameters.
- API credentials for Shopify or CRMs.
- Pricing guidelines and bargaining floors.
Customer Interaction Data
- WhatsApp/Telegram usernames and IDs.
- Message history in operational threads.
- Order details (size, quantity, item).
3. Autonomous Data Usage
The data collected is processed dynamically by the BluiAI autonomous agent model to make real-time decisions, such as:
- Dynamic Price Calculation: Evaluating optimal offers based on inventory level, floor parameters, and demand constraints.
- Order Matching: Instantly checking CRM or Shopify catalogs to confirm item availability before generating checkout links.
- System Event Verification: Verifying payment confirmations or shipment status.
4. Security Safeguards
Security is not an afterthought; it is built into the architecture of BluiAI. We implement the following critical safeguards:
PCI-DSS Compliant Redirection
Sensitive customer credit card and payment details are never processed, stored, or exposed within the chat messaging threads. All checkout events redirect the customer to PCI-DSS compliant secure gateways.
Cryptographically Signed Webhooks
All system synchronization updates, catalog imports, and order completions are verified via securely signed cryptographic headers, protecting the system from spoofing or man-in-the-middle attacks.
Temporary Session Resource Locks
To prevent inventory exhaustion during bargaining processes, inventory locks and transaction states expire and release automatically after 10 minutes of inactivity.
5. Third-Party Connections
Because BluiAI integrates directly with external networks, we process data in cooperation with:
- Messaging Providers: WhatsApp Business API (Meta) and Telegram Bot API.
- E-Commerce Engines: Shopify, custom SQL databases, and ERPs.
- Payment Processors: Stripe, Paystack, or other merchant-defined gateways.
Please check the respective privacy policies of these third-party integrations to understand how they collect and handle data at the API layer.
6. Retention & Deletion
We store configuration parameters, customer chat threads, and operational logs only as long as you maintain an active account with BluiAI.
Merchants can disconnect their databases and channels at any time. Disconnecting immediately terminates active sync webhooks, revokes API keys, and schedules all cached product information for permanent deletion from our active databases within 14 business days.
7. Security & Contact Audit
We periodically perform external security audits and vulnerability assessments to verify the integrity of the autonomous partner engine. If you have security concerns, compliance questions, or wish to execute a manual data erasure audit, contact our engineering team directly:
