Privacy Policy

Fibroweb SAS ("Buska", "we", "us", or "our") operates the website www.buska.io and the application app.buska.io (collectively, the "Service").

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our Service. By accessing or using the Service, you acknowledge that you have read and understood this policy.

If you have any questions, please contact us at hello@buska.io.

Account Data (provided by you)

• Email address, first name, and last name
• Company name and website URL
• Payment information (processed securely by Stripe; we do not store credit card numbers on our servers)

Usage Data (collected automatically)

• IP address, browser type and version
• Pages visited, time and date of each visit
• Device identifiers
• Referral source

Social Media Data (processed on your behalf)

• Public social media posts from over 30 platforms
• Author names, profile URLs, and post content
• Engagement metrics such as likes, comments, and shares

This data is publicly available information collected and processed for lead generation purposes as part of the Service.

Integration Data

• API keys and webhook URLs that you provide
• CRM connection credentials (encrypted at rest on our servers)

We use your personal data for the following purposes:

• To provide, operate, and maintain the Service, including account management and feature delivery
• To process payments and manage subscriptions through our payment processor, Stripe
• To send transactional emails related to your account, billing, and service notifications
• To improve the Service, analyze usage patterns, and develop new features
• To provide customer support and respond to inquiries
• To comply with legal obligations, including tax, accounting, and regulatory requirements
• With your explicit consent, to send marketing communications about product updates and offers (you may opt out at any time)

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

• Performance of a contract: processing necessary to provide the Service, manage your account, and fulfill our contractual obligations to you.
• Legitimate interest: processing necessary for analytics, platform security, fraud prevention, and service improvement, where such interests are not overridden by your rights.
• Consent: processing for the purpose of sending marketing communications, which you may withdraw at any time.
• Legal obligation: processing required to comply with tax, accounting, and other regulatory requirements.

We share personal data only with trusted third-party service providers that are necessary for operating the Service:

• Stripe (Stripe, Inc.): payment processing and subscription management
• OVH (OVH SAS): hosting infrastructure and data storage
• PostHog (PostHog, Inc.): product analytics, with anonymized or pseudonymized data
• Loops (Loops.so): transactional and marketing email communications
• OpenAI (OpenAI, L.L.C.): AI processing for lead scoring and qualification (post content only; no personal account data is shared)
• Integration partners: data is shared only with third-party tools (such as CRM and outreach platforms) that you explicitly choose to connect and export data to

We do not sell your personal data to third parties.

The Service uses a limited number of cookies and similar technologies:

• Essential cookies: required for session management, authentication, and security. These cannot be disabled.
• Analytics cookies: used by PostHog for product usage analytics. You may opt out of analytics tracking via your account settings or browser preferences.
• Preference cookies: used to remember your language and theme settings.

We do not use advertising or third-party tracking cookies.

We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

• Account data: retained while your account is active, plus 30 days following account deletion to allow for recovery requests.
• Lead data: retained while your account is active. Deleted when the associated team is deleted.
• Usage data: retained for 12 months from the date of collection.
• Payment records: retained for 7 years in compliance with legal obligations related to tax and accounting.
• Backups: deleted within 30 days following the deletion of the corresponding source data.

If you are located in the European Economic Area (EEA), you have the following rights with respect to your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request correction of inaccurate or incomplete personal data.
• Right to erasure: you may request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction: you may request that we limit the processing of your personal data under certain circumstances.
• Right to data portability: you may request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object: you may object to the processing of your personal data when such processing is based on our legitimate interest.
• Right to withdraw consent: where processing is based on your consent (such as marketing communications), you may withdraw that consent at any time.

To exercise any of these rights, please contact us at hello@buska.io. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence or place of work.

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), particularly in connection with hosting, payment processing, and AI services.

When such transfers occur, we ensure that adequate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

Our primary hosting provider (OVH) and payment processor (Stripe) both offer EU data residency options.

We implement commercially reasonable technical and organizational measures to protect your personal data, including:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest
• Role-based access controls and authentication mechanisms
• Regular security reviews and vulnerability assessments
• Incident response procedures for data breach management

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to using commercially reasonable measures to protect your information.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

If you believe that we have inadvertently collected personal data from a minor, please contact us immediately at hello@buska.io and we will take prompt steps to delete such data.

The Service may contain links to third-party websites and services that are not operated by Fibroweb SAS. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.

We encourage you to review the privacy policies of any third-party websites you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

When we make material changes, we will notify you by email at the address associated with your account. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

Continued use of the Service after the publication of changes constitutes your acceptance of the updated Privacy Policy.