Privacy Policy

As part of our efforts to provide the best Service possible, we introduce you to our Privacy Policy, which reflects our privacy standards, as well as offering transparency about the data we collect and the way we use it.

Welcome to Burai's Privacy Policy. We appreciate you entrusting your information to us, and we want to show you how seriously we take your trust.

With this Privacy Policy we want to help you make the best decisions about how and what information you share with us. Our Privacy Policy is designed to provide transparency in our privacy practices and give you the opportunity to understand what information we collect, why we collect it, how we use your Personal information and what are your rights regarding any of your shared information.

Please read the Privacy Policy carefully.

All capitalized terms shall have the meaning assigned to them in the "Definitions" section at the end of this Privacy Policy.

Burai enables precise document version access, ensuring confidentiality with tailored permissions for team members utilizing granular access control, safeguarding sensitive information effectively, while providing the user with a repository of documents.

Burai is provided by BURAI INC. and our affiliates and partners. We will refer to "Burai" also as "we," "us", or "our" where applicable.

For the purpose of the GDPR and other relevant laws, the data controller is BURAI INC., a company registered at 199 Bay Street, Suite 4000, Toronto, Ontario, Canada, M5L 1A9.

This Privacy Policy (together with our Terms of Service, available at www.burai.com/terms-of-service and any other documents referred to in it) applies to the Burai application (the "Application") and the related website located at www.burai.com and its subdomains (the "Website") (the Application and the Website collectively the "Service") and sets out the basis of which any personal data is collected from you, is provided to us by you, or will be handled by us.

Please keep in mind that by using our Services, you agree to and accept the privacy practices described in this Privacy Policy.

We wish to remind you that this Privacy Policy only applies to personal data that we process when you use the Service. It does not apply to any third parties’ websites and/or services, such as third-party applications, that you may encounter when you use the Service. These third parties have their own privacy policies and any information you provide them will be regulated by their respective privacy rules.

We encourage you to carefully familiarize yourself with the privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for the privacy practices of any third parties. However, when we do have the ability to choose such third parties, we always try to match with ones that not only share the same privacy principles, but also share the same positive values as we do.

Should you require any additional information or wish to address any concerns, you will find the contact information under “Your Rights” section.

(i) Data You Provide Directly:

Images & Texts:

Any images or texts you provide, typically for feedback purposes.

Profile Information (optional):

If you choose to fill out your profile, we may store the following:

• Full name
• Email address
• Physical address
• Country
• Zip/Postal code
• Phone number
• Job title within the organization
• Organization name
• Region (automatically detected on login)

(ii) Data Collected Automatically:

The Service may automatically collect the following information from you that in certain circumstances may constitute personal data:

Third-Party Account Sign-In Data:

When you sign in with a third-party account (e.g., Google, Microsoft), we may collect:

• Email address
• User ID
• Avatar image URL
• Full name

Data via Third-Party Drive API:

Documents: Information related to documents stored on third-party drives, including:

• Document ID, title, created/modified time, link, icon, permissions (who has access), and the users associated with documents.
• Metadata about folders where documents are stored (Drive ID, folder name, path).

Comments: Data regarding document comments, such as:

• Comment status, participants, content, and creation time.
• Mentioned users and comment history.

Service Usage Data:

Documents: Data collected when you interact with documents in our service:

• Description, status (draft/published/archived), related documents (branches), annotations on images, audio, video, or CAD files.

Tasks: Task-related information, such as:

• Task title, description, created/edited time, effort, priority, and due date.
• Associated documents, task attachments (ID, name, icon, link), assignees, task replies/comments, and task history.

Projects: Project data like:

• Name, description, created time, last activity, and whether it's shared or archived.
• Users associated with the project and files within it.

Organization Data:

• Organization name, domain, admin user, and all users in the organization.

User Session Data:

Session recordings may be captured (with privacy safeguards), including:

• User email, location (IP address), mouse movements, and Burai-specific metrics (e.g., app usage, task creation, document sharing).

Metrics Collected:

Usage metrics including:

• Logins, document shares, task creation, and project updates.
• Time spent in the app, task creation duration, cancellations, and other related actions.

Problem Reporting Data:

Browser Errors:

When reporting issues, we may collect:

• User email, company name (optional), error category, browser language/platform, and technical information (browser version, architecture).
• Console error logs, browser logs, and any attachments.

Third-Party Integration Data for Problem Reporting:

When integrating with third-party services for error reporting, we may collect:

• Organization ID, User ID, and the relevant project/task information linked to the error report.

AI DataBridge Feature Data:

Email & Calendar Data:

When using the AI DataBridge feature, we may collect:

• Content from emails (modified for privacy), email headers (subject, sender, recipient addresses), calendar event metadata, and reference links.

Security & Data Usage:

Encryption & Privacy:

All data is encrypted to ensure privacy and security. Only authorized personnel have access to encrypted data, and it is not visible or accessible by Burai employees unless necessary.

Data Usage:

The data we collect is used to authenticate users, enhance task context, improve the AI functionalities, and resolve any issues encountered while using the Service. This data is never shared with third parties unless explicitly required for authentication or problem resolution.

Purpose of Data Collection:

• Authentication: We use data from third-party APIs to authenticate users and ensure smooth sign-in and profile management.
• Task/Document Management: Collected data helps in organizing tasks, projects, documents, and communications efficiently.
• Problem Solving: Data from issue reports aids in identifying and solving any issues users may face.
• AI Enhancements: Data collected through the AI DataBridge feature helps improve AI functionality to streamline email decluttering.

The main purpose for using your information is to improve our Service as well as your experience while using our Service.

a) We use the personal data you provide to us directly for the following purposes:

• To set up and maintain your registration with the Service, if you chose to register and if you are of legal age for registration;
• To manage the Service;
• To provide features available in the Service;
• To develop, improve, and protect the Service;
• To communicate with you;
• To facilitate and process any purchases you may make in the Service;
• To prevent and investigate fraud and other misuses;
• To protect our rights and/or our property;
• To operate and improve our products and services;
• For market research;
• For electronic direct marketing, in compliance with applicable laws;
• To audit and analyze the Service; and
• To ensure the technical functionality and security of the Service

b) We use the data collected automatically for the following purposes:

• To provide the Service;
• To improve customer service;
• To personalize user experience;
• To manage the Service;
• To provide features available in the Service;
• To assess the quality of the Service;
• For market research;
• To audit and analyze the Service, including analyzing trends related to the use of the Service; and
• To ensure the technical functionality and security of the Service.

Whatever the reason for collecting your Personal Information, and whatever that Information might be, rest assured that we will always be transparent and will rely on the following principles:

Consent: If we want to collect your data, we will ask you first. We will also provide a contact address where you can withdraw your consent at any time.

Lawful and transparent processing. We abide by relevant legislation and give our best to present you all your rights

Privacy by design: Even while developing our Service, we have your privacy in mind at every step. We therefore include data-protection principles such as pseudonymization and data minimization.

Privacy by default: We have implemented appropriate measures for ensuring that only necessary data is processed for each specific purpose. In practice, this is shown in the amount of personal data collected, the extent of data processing and their accessibility.

We do not sell, lease, rent or otherwise disclose the personal data relating to our users to third parties unless otherwise stated herein.

We may allow other companies to provide analytics regarding your use of our Services. This can help us analyze and better understand how our users use our Service, determine if changes and updates to the Service work as intended and are well received, or help us in targeting advertisements relevant to you.

These entities may use cookies or other technologies to collect such information, including your IP address, web browser, mobile network information, pages viewed, time spent using the Service, links clicked, and conversion information (but NOT including your name, email address, mailing address, or telephone number).

We as a data controller, or our affiliated companies, may use your Personal information only for the purposes described in this Privacy Policy and only when such use is allowed under applicable law.

The personal data collected in the Service may be disclosed in the following manner:

a) Personal data you provide directly:

We may disclose personal data you provide to us with the following categories of third parties:

• service providers, such as data storage service providers, which enable us to provide the Service to you;
• our business partners, such as advertising partners, in compliance with applicable laws;
• public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties;
• our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Service and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy; and
• other third parties, with your consent or as otherwise required or permitted by law.

Please note that in circumstances where you expressly direct us to share your personal information to a third party, the shared information is then controlled by that third party and is subject to that third party's privacy policy.

b) Data collected automatically:

The data collected automatically in the Service may be disclosed to the following categories of third parties:

• To service providers, such as data analysis companies;
• our business partners, such as advertising partners, in compliance with applicable laws;
• public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties;
• our subsidiaries and affiliates; or a subsequent owner, co-owner, or operator of the Service and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy;
• other third parties, with your consent or as otherwise required or permitted by law.

Moreover, we may disclose information to third parties in an aggregate or derivative format that does not constitute personal data and does not allow the identification of individual users. This is information gathered and expressed in a summary form for purposes such as statistical analysis, and so is not personal data for the purposes of data protection law, such as GDPR. For more, please see the Definitions section below.

You are in control of your personal information. We therefore want to give you a clear overview of your rights with respect to your personal data we hold, wherever you may be from:

Right to be forgotten. The right to request deletion of all available data we hold about you. Should you ever wish to start anew, contact us and we will delete all personal information which was collected during your use of our Service.

Right to object. This right allows you to request from us to stop processing your data at any time, either for direct marketing purposes or otherwise. We only process your Personal information for direct marketing purposes if you have expressly allowed such processing with the positive action; in other words, if you have opted-in for such processing. In any case, we only collect user personal information if we have a legitimate interest to do so.

Right to rectification. The right to have incomplete, incorrect, outdated, or unnecessary personal data corrected, or updated. The easiest way to achieve that is to log in to the Service and enter the necessary changes in the account settings of the Service. If you have additional questions regarding the correction, deletion, or updating of your personal data we hold, please contact us at support@burai.com.

Right to restrict processing/Right not to be profiled. Profiling consists of solely automated processing of personal data which evaluate some personal aspects relating to you, for instance, the country from which you are using our Service so we can show you more relevant ads. You will not be subject to such automated processing and decision making unless you have either given us your consent or if there is a legal basis/justified interest. Profiling is usually used for the purpose of incorporating relevant marketing. Our use of such processing shall not have any negative legal repercussion for you.

Right to access. You have the right to request access to Personal data we hold about you, or to request a copy of such data. If you would like to know what personal data we hold about you, please contact us at privacy@burai.com. We seek to promptly respond to your inquiry.

Right to data portability. You have a right to request and receive the Personal data you have shared with us in a commonly used format and you can transmit that data to another controller or otherwise use it for your own purposes.

Right to data minimization. This right requires from us that the data we collect must be relevant and sufficient only to fulfill the purpose for which this information was collected.

Right to be informed. We will inform you about processing of your Personal data, purposes of processing, transfer of your data, retention policy, as well as information about us and contact details should you ever choose to contact us. In a way, we build this Privacy Policy to comply with your right to be informed.

By providing information to the Service that forms the basis of communications with you, such as contact information, you agree to receive electronic communications from us. However, you have the right to opt out of receiving electronic direct marketing communications from us: All electronic direct marketing communications that you may receive from us, such as e-mail messages and SMS-messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us at privacy@burai.com.

For your protection and the protection of all our users, we may ask you to provide proof of identity before we can comply with some of your requests.

No user shall ever be discriminated against for exercising any of their privacy rights. However, please note that some information is sometimes necessary for us to provide the Service, or offer promotions, discounts, or other deals. You can always request information about how your request may affect your participation in such cases. For instance, we cannot provide customer support without you providing us with your contact information.

We expressly state that we do not sell your Personal Information. Moreover, you can request a notice disclosing the categories of personal information about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. To request this notice, please submit your request at privacy@burai.com. Please allow 30 days for a response. For your protection and the protection of all our users, we may ask you to provide proof of identity before we can answer such a request.

Whatever the reason for processing your personal information may be, rest assured that we will always be transparent and will rely on the following principles:

Consent: If we want to collect your data, we will ask you first. This is important to us as we want you to always be in full control of your Personal information. We will also provide a contact address where you can withdraw your consent at any time.

Lawfulness, Fairness and Transparency. We only process your data in a fair, non-misleading and transparent way which we believe you would reasonably expect from a service provider like us.

Purpose limitation. We only process information for the purposes explained in this Privacy Policy.

Accuracy. We try to keep our records up to date and have systems in place to correct any inaccuracies. The best place to change Personal information is to do it from within the app. If needed, you may also contact us at privacy@burai.com.

Privacy by design: Even while developing our Service, we have your privacy in mind at every step. We therefore include data-protection principles such as encryption.

Privacy by default: We have implemented appropriate measures for ensuring that only necessary data is processed for each specific purpose. In practice, this is shown in the amount of personal data collected, the extent of data processing, and their accessibility.

Storage limitation. We shall only store Personal information for as long as we have legitimate need for it. We still grow as a company and user data is valuable to better understand which direction to take in the future.

Integrity and confidentiality (Security). Our security measures are explained in Section 9 below.

This Cookie Policy explains how Burai Inc ("Company," "we," "us," and "our") uses cookies and similar technologies to recognize you when you visit our website at www.burai.com ("Website"). It explains what these technologies are and why we use them, as well as your rights to control our use of them.

In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, Burai Inc) are called "first-party cookies." Cookies set by parties other than the website owner are called "third-party cookies." Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?

We use first- and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Website for advertising, analytics, and other purposes. This is described in more detail below.

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies.

The specific types of first- and third-party cookies served through our Website and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):

Analytics and customization cookies: These cookies collect information that is used either in aggregate form to help us understand how our Website is being used or how effective our marketing campaigns are, or to help us customize our Website for you.

How can I control cookies on my browser?

As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information. The following is information about how to manage cookies on the most popular browsers:

• Chrome
• Internet Explorer
• Firefox
• Safari
• Edge
• Opera

In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit:

• Digital Advertising Alliance
• Digital Advertising Alliance of Canada
• European Interactive Digital Advertising Alliance

What about other tracking technologies, like web beacons?

Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our Website or opened an email including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

Do you use Flash cookies or Local Shared Objects?

Websites may also use so-called "Flash Cookies" (also known as Local Shared Objects or "LSOs") to, among other things, collect and store information about your use of our services, fraud prevention, and for other site operations.

If you do not want Flash Cookies stored on your computer, you can adjust the settings of your Flash player to block Flash Cookies storage using the tools contained in the Website Storage Settings Panel. You can also control Flash Cookies by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash Cookies (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash Cookies that are not being delivered by the operator of the page you are on at the time).

Please note that setting the Flash Player to restrict or limit acceptance of Flash Cookies may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our services or online content.

Do you serve targeted advertising?

Third parties may serve cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. They can accomplish this by using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details, or other details that directly identify you unless you choose to provide these.

We take reasonable measures to protect your Personal information from unauthorized access or against loss, misuse or alteration by third parties, by retaining it in a firewalled and secured database with strictly limited and controlled access rights, using encryption. Despite these efforts to store personal data collected in and through the Service in a secure operating environment that is not available to the public, we cannot guarantee the security of personal data during its transmission or its storage on our systems. Furthermore, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties.

As we operate globally, some elements of the Service may be hosted on servers located in countries outside your own country. The laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. In particular, if you are located within the European Union, please note that personal data collected by us is transferred outside the European Union / European Economic Area. By using our Service, you consent to personal data about you being transferred outside your own country and, where applicable, outside the European Union / European Economic Area.

Wherever we transfer your Personal information, or otherwise store or process such information, we will take reasonable steps to safeguard the privacy of your Personal information. These steps may include obtaining your consent or implementing contractual clauses defining rules and obligations in respect to such transfer or processing.

We only retain Personal data for as long as it is necessary for the purposes set out in this Privacy Policy. General rules concerning data retention require that Personal data be either deleted after some time or that such data be anonymized or retained in other aggregated form by which you cannot be personally identified. Our Privacy Policy uses the term "delete" for all such practices.

We only collect and therefore store anonymized data from your first use of the Service. In the absence of any legal requirements regarding data retention we intend to keep it that way. For other cases, for example Tax law or Employment law, we shall comply with applicable law requirements.

In any case, we will delete any Personal data if you so request or if you withdraw your consent to processing. We will also delete data which we find is no longer up to date or is no longer necessary for the original purpose of processing. Therefore, we will apply the following:

• erasure of the unique identifiers which allow the allocation of a data set to a unique person;
• erasure of single pieces of information that identify the data subject (whether alone or in combination with other pieces of information);
• separation of personal data from non-identifying information (e.g. an order number from the customer's name and address); or
• aggregation of personal data in a way that no allocation to any individual is possible.

We do not use any artificial intelligence functionality within the product and we do not use Personal data to train AI and/or ML models.

Users will be notified of any change in the use of AI in accordance with article 12 of this Privacy Policy.

Google Workspace and/or other third party APIs are not used to develop, improve, or train generalized AI and/or ML models.

From time to time we may change this Privacy Policy. You can tell when changes have been made to the Privacy Policy by referring to the "Last Updated" legend on top of this page. If we materially change the ways in which we use and disclose personal data, we will post a notice in the Service. We encourage you to review the Privacy Policy whenever you access the Service to stay informed about our privacy practices. Your continued use of the Service following any changes to this Privacy Policy constitutes your acceptance of any such changes made.

Should you have any questions regarding this Privacy Policy, your privacy as it relates to the use of the Service, or the protection of the personal data we hold about you, please contact us via e-mail at privacy@burai.com. We seek to promptly resolve any concerns you may have.

Data Controller. A company with the right to determine the purposes and means of the processing of personal information.

Data Processor. A company which processes personal information on behalf of the controller.

Personal Information (Personal data). Any information that relates to an identified or identifiable individual/natural person.

GDPR. Abbreviation For General Data Protection Regulation.

Account. Account means a unique account created by you with which you access our Service.

Application. Application is the software provided by us and downloaded by you on any electronic device.

Aggregate information. Information about groups or categories of users, which does not identify and cannot reasonably be used to identify an individual user. It is not considered as Personal Information.

Cookies. Cookies are small text files that may be downloaded to your computer, tablet or mobile phone when you use the Service (visit a website or application).

Company. As referred to as either "the Company", "We", "Us" or "Our" in this Agreement, Company refers to BURAI INC., its affiliates and partners.

Service. Refers to the Application or the Website or both.

Website. Refers to Burai's webpage accessible from www.burai.com

You. "You" means the individual accessing or using the Service, and an individual to which this Privacy Policy applies.