Privacy Policy

About This Policy

beCo AI ("beCo", "we", "us", or "our") is a venue intelligence platform developed and operated by GlobeCo Technologies Pvt Ltd, a company incorporated in India. This Privacy Policy explains how we collect, use, store, and disclose information when venue operators ("Venue Partners") deploy beCo AI in their spaces, and when visitors ("Visitors") interact with beCo AI-powered experiences in venues such as shopping malls, hospitals, airports, and transit hubs. By using beCo AI or deploying it in your venue, you acknowledge that you have read and understood this policy.

1. Information We Collect

We collect information from two distinct groups — Venue Partners and Visitors:

• —Venue Partner Account Data: Organisation name, contact name, email address, phone number, and billing details provided during onboarding.
• —Venue Configuration Data: Floor maps, directory listings, store/facility information, opening hours, amenity details, and any other venue-specific content provided by the Venue Partner to power AI responses.
• —Visitor Query Data: Natural language queries submitted to the beCo AI assistant, including navigation requests, directory searches, and support questions. These are processed in real time to generate helpful responses and are not linked to a persistent visitor identity.
• —Technical and Session Data: IP addresses, device type, browser, operating system, and session identifiers — collected from both venue operator admin sessions and visitor interactions for security, performance monitoring, and abuse prevention.
• —Anonymised Usage Analytics: Aggregate interaction patterns including query categories, peak usage times, and resolution rates — used to improve assistant accuracy. This data contains no personally identifiable information.

2. How We Use Information

We use collected information for the following purposes:

• —Operating the beCo AI assistant to provide accurate, real-time navigation, directory, and support responses within a specific venue context.
• —Managing Venue Partner accounts, subscriptions, billing, and onboarding.
• —Communicating with Venue Partners about service updates, support responses, and platform changes.
• —Generating anonymised, aggregated analytics reports for Venue Partners to understand visitor behaviour patterns and improve the in-venue experience.
• —Improving the accuracy, reliability, and capability of the beCo AI platform at the product level — without using any venue-specific or visitor data to train AI models for other venues.
• —Detecting and preventing fraud, security incidents, and misuse of the platform.

3. Legal Basis for Processing

Where GDPR, India's Digital Personal Data Protection Act 2023, or other applicable data protection laws apply, we process personal data on the following bases:

• —Contract Performance: Processing necessary to deliver the venue assistant service that the Venue Partner has subscribed to.
• —Legitimate Interests: Security monitoring, anonymised analytics for service improvement, and abuse prevention — carefully balanced against your privacy rights.
• —Legal Obligation: Compliance with applicable laws and lawful requests from government authorities.
• —Consent: Where visitors or partners provide personal information on a voluntary basis (e.g., within a feedback form or live chat escalation).

4. Data Isolation and AI Processing

Each venue's data is housed in a dedicated, logically isolated environment within our infrastructure. We apply strict separation between venue accounts at both the application and database levels:

• —No cross-venue data access: A venue's maps, directories, operational content, and visitor interaction history are never accessible to other venues or used to generate responses for other deployments.
• —No foundational model training: We do not use any venue-specific data or visitor query data to fine-tune, pre-train, or otherwise improve any AI foundation model, whether for our own benefit or for third parties.
• —AI inference providers process only the minimum context required to generate a response and are contractually prohibited from retaining or using this data for any purpose beyond completing the request.

5. Visitor Privacy

beCo AI is built with a privacy-first approach for venue Visitors. Specifically:

• —We do not require Visitors to create an account, register, or provide any personal information to use the assistant.
• —Visitor queries are processed ephemerally to generate real-time responses. We do not build persistent profiles of individual visitors based on their interactions.
• —Visitor interaction data is not used for advertising, third-party profiling, or resale under any circumstances.
• —Where a Visitor voluntarily provides personal information (e.g., for a support escalation or feedback form), that information is handled in accordance with this policy and used only for the stated purpose.

6. Third-Party Sub-processors

We share data with the following categories of sub-processors only as necessary to operate the platform:

• —AI Inference Providers (e.g., Google Gemini API or equivalent): For natural language understanding and response generation. Sub-processors are bound by data processing agreements with zero-data-retention provisions where available.
• —Cloud Infrastructure (AWS and/or GCP): For application hosting, encrypted storage, database services, and logging.
• —Mapping and Location Services: Where venue-specific mapping integrations are used, strictly within the scope of the venue's configuration.
• —Legal and Regulatory Authorities: Where required by applicable law or a valid court order.

7. Security

We implement the following technical and organisational security measures:

• —TLS 1.2+ encryption for all data in transit between the visitor interface, our servers, and AI inference providers.
• —AES-256 encryption for all venue and operational data stored at rest.
• —Role-based access controls ensuring that beCo personnel can only access venue data for legitimate support purposes, with full audit logging.
• —Regular security assessments, vulnerability scanning, and penetration testing of our infrastructure.
• —In the event of a confirmed data breach affecting personal data, we will notify affected Venue Partners and relevant regulatory authorities within the timeframes required by applicable law.

8. Data Retention

We retain data for the following periods:

• —Venue Partner account and configuration data: Retained for the duration of the subscription and for 60 days after termination to allow for reactivation. Deleted thereafter unless earlier deletion is requested.
• —Anonymised visitor interaction logs: May be retained for up to 12 months for product analytics and venue performance reporting. These logs contain no personally identifiable information.
• —Technical and security logs: Retained for up to 90 days.
• —Billing and financial records: Retained for 7 years as required by applicable tax and accounting regulations.

9. Your Privacy Rights

Depending on your jurisdiction, Venue Partners and individuals may have the following rights regarding personal data we hold:

• —Right of Access: Request a copy of the personal data we hold about you or your organisation.
• —Right to Rectification: Request correction of inaccurate or incomplete data.
• —Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
• —Right to Restriction: Request that we limit our processing of your data in certain circumstances.
• —Right to Object: Object to processing carried out on the basis of legitimate interests.
• —Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.

10. Venue Partner Responsibilities

Venue Partners who deploy beCo AI in a public space act as data controllers for any personal data collected from Visitors within their venue. Venue Partners are responsible for:

• —Displaying appropriate notices in the venue (e.g., signage near beCo AI kiosks or interfaces) informing visitors that an AI assistant is in use.
• —Complying with all data protection and privacy laws applicable in their jurisdiction, including obtaining any necessary consents from visitors.
• —Handling data subject requests from visitors that relate to personal data processed on their behalf.

11. Cookies

The beCo AI web interface and venue kiosk deployments use a session cookie to maintain conversation continuity within a single visitor session. This cookie does not track visitors across websites, does not contain personal data, and expires when the session ends. Our Venue Partner management portal uses essential cookies for authentication and preference cookies to store admin settings. Optional analytics cookies may be used on our website with your consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We will notify Venue Partners of material changes by email at least 14 days before they take effect. Continued use of beCo AI after the updated policy takes effect constitutes acceptance. We recommend Venue Partners review their own public-facing privacy disclosures when updates are made.