Skip to content
Bunifu AI

Privacy

Privacy policy

Last updated: [PLACEHOLDER: date]

[PLACEHOLDER: 2–3 sentence intro covering scope of this policy, who it applies to, and how to contact us with questions.]

Who we are

[PLACEHOLDER: Data controller — name the legal entity behind Bunifu AI (registered name, business address, contact email). Per Kenya Data Protection Act 2019 requirements.]

Lawful basis for processing

[PLACEHOLDER: Lawful basis per Kenya DPA 2019 for each processing activity — legitimate interest for analytics, consent for marketing communications, contract for client engagements, legitimate interest for receiving and responding to contact-form submissions.]

Your rights

Under the Kenya Data Protection Act 2019, you have the following rights regarding your personal data:

  • Access
  • Rectification
  • Erasure
  • Objection
  • Portability
  • Restriction of processing
  • Withdrawal of consent

[PLACEHOLDER: How to exercise these rights — contact email channel, response timeframe.]

Third-party processors

We use a small number of trusted third parties to operate this site and our agent. Each one's role and data flows are listed below.

Anthropic

Receives Atlas conversation content (system prompt, visitor messages, model output) for inference. Based in the United States.

[PLACEHOLDER: Data handling and retention summary — link to Anthropic's current API privacy page; do not name a specific retention number per §4.9.]

Anthropic's data handling policy →

Cloudflare

Hosting (Cloudflare Pages), Pages Functions logs, cookieless Web Analytics, and Turnstile bot challenge (Turnstile itself captures no personally identifiable information).

[PLACEHOLDER: Retention summary — link to Cloudflare's current logging / observability policy; do not name a specific retention number per §4.9.]

Cloudflare's logging policy →

Calendly

Booking flow for the workflow audit call. Calendly is a separate data controller for booking data — when you book a slot, Calendly's privacy policy applies to that interaction.

Calendly's privacy policy →

Resend

Transactional email delivery for contact-form notifications (to our team) and auto-confirmations (to you, after submitting the form).

How we handle Atlas conversations

Atlas conversations are processed by Anthropic for inference and aren't stored on our servers. The in-product disclosure under the Atlas input is the canonical statement; this section mirrors it.

What is logged on our side

  • Timestamp
  • Hashed session id
  • Message count on the session
  • Prompt + completion token counts
  • Response latency in ms
  • Error code if any

What is never logged

  • Message content
  • Visitor input
  • Model output
  • Full prompts
  • Raw IP addresses (the rate-limit counter uses a hashed key)

How we handle contact form submissions

[PLACEHOLDER: Fields collected (name, email, company, workflow description, optional budget range), where they're sent (Resend → our inbox), retention policy, what's done with the data.]

Cookies

Our analytics provider (Cloudflare Web Analytics) is cookieless — no tracking cookies are set when you visit this site.

We do set one functional cookie when you use the Atlas agent: atlas_session. It's short-lived, used only to bind your session to the agent's rate limits, and contains no tracking identifiers.

Changes to this policy

[PLACEHOLDER: Standard "we may update this policy from time to time" language. Note that the "Last updated" date above will reflect the most recent substantive change.]

Contact us

[PLACEHOLDER: How to reach Bunifu AI with privacy-related questions or to exercise your rights — email address, response timeframe.]