Controller: Banu — Mateo Leiman.
Address: Buenos Aires, Argentina.
Contact: banu@usebanu.com
At Banu, we only collect the information necessary to provide our operational assistance and productivity service. This includes:
Banu uses the information to: execute commands requested via WhatsApp (sending emails, scheduling in Google Calendar, searching contacts in Google Contacts), issue reminders, and configure daily summaries. We do not sell or share your data with third parties for advertising purposes.
For users in Brazil, the processing of personal data is carried out under the following legal bases of the Lei Geral de Proteção de Dados (Lei 13.709/2018):
For users in Spain and other European Union countries, the processing of personal data is carried out under the General Data Protection Regulation (EU) 2016/679 (GDPR) on the following legal bases:
Additional rights under GDPR (Art. 15–22): in addition to the rights detailed in Section 6b, EU users have the right to restrict processing of their data, to data portability in a structured, machine-readable format, and to lodge a complaint with the competent supervisory authority (in Spain: Agencia Española de Protección de Datos — www.aepd.es). To exercise any of these rights, contact us at banu@usebanu.com.
International transfers: data may be processed on servers outside the European Economic Area by our providers (Anthropic, OpenAI, Railway). Such transfers are made under Standard Contractual Clauses approved by the European Commission or equivalent recognised frameworks.
If you are a resident of the State of California (USA), you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
To exercise these rights, email us at banu@usebanu.com with your WhatsApp number and the request. We will respond within 45 calendar days as required by the CCPA.
Security is our priority. All credentials and third-party integration tokens (Google OAuth2) are stored in our databases encrypted using the military-grade AES-256-GCM standard. Only the automated system can decrypt them at the moment of executing an action required by you.
Infrastructure: Banu runs on Railway, a cloud infrastructure platform that holds a SOC 2 Type II certification. This certification applies to Railway's underlying infrastructure; it does not imply that Banu itself holds SOC 2 certification.
Banu operates using the official WhatsApp (Meta) and Google Workspace APIs. To process your text, audio, and image commands, we use Artificial Intelligence providers (such as Anthropic and OpenAI) under the strict legal figure of Third Party Service Providers (TPSP). The data shared with these providers is used transiently and exclusively to execute your requested instruction. In strict compliance with Meta's policies, your data and interactions (Business Solution Data) will NEVER be used to create, develop, train, or improve Artificial Intelligence models (AI Models).
Payments: subscription payment processing is handled entirely by MercadoPago (Mercado Libre). Banu does not store, process, or have access to your credit or debit card details. All financial transactions take place directly on MercadoPago's platform under their own security policies.
Banu's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, Banu accesses the following Google services under the principle of least privilege:
drive.file scope) — to create and log your personal finances.We only access data explicitly requested by you in each action.
You have the right to opt-out at any time by sending the word "STOP" through our WhatsApp channel, which will suspend automated interactions. If you wish to have your records entirely deleted, you can request it by emailing us at banu@usebanu.com.
In compliance with Argentina's Law 25.326, Brazil's LGPD, the GDPR (EU), and the CCPA (California), you have the right to:
To exercise these rights, email us at banu@usebanu.com or send a message via WhatsApp. Response timeframes: confirmation within 5 business days (Law 25.326) / 15 calendar days (LGPD Art. 18 §3) / 30 days (GDPR Art. 12) / 45 days (CCPA); resolution within 15 business days.
This section applies exclusively to Pro plan users who activate the flight tracking feature.
Data we collect: when saving a flight, Banu stores the airline, flight number, departure and arrival times (in UTC), origin and destination airports, and the last known boarding gate. Banu does not store or retain at any point the booking reference (PNR/confirmation code), passport number, or payment details associated with the flight.
Purpose: this data is used exclusively to schedule automatic check-in alerts, departure preparation reminders, gate change notifications, and timezone adjustment notifications upon landing.
External flight data provider: to obtain real-time gate, delay, and flight status information, Banu queries the AirLabs API (airlabs.co). When querying this API, we share the flight number and date only. We do not share your name, WhatsApp number, or any other personally identifiable information with AirLabs.
Image and document processing: if the user shares an image or PDF of a boarding pass or flight confirmation, that content is processed by Anthropic (Claude) and/or OpenAI solely to extract the flight details. By sharing such documents, the user grants explicit consent for Banu to process any information visible in the document, which may include full name, flight number, booking reference (PNR), or other data present in the document. Banu extracts only the flight data necessary for the service and does not store the booking reference (PNR) or passport details. The full document content is not persisted on Banu's servers beyond the time strictly required for processing.
Retention: flight itinerary data is automatically deleted from our systems 7 days after the registered arrival date. Flight alert logs are deleted within the same period.
Consent: this feature is activated only under the user's explicit consent. The first time Banu detects the intent to save a flight, it requests confirmation before processing or storing any data.
We are not custodians: Banu does not hold or act as custodian of your boarding pass or any other travel document. The user must always retain their original boarding pass (physical or digital) and all relevant travel documentation, regardless of any alerts received.
Cancellation: the user can cancel flight tracking at any time by telling Banu via WhatsApp. All flight data and scheduled alerts will be immediately deleted.
← Back to Banu