BUJI — PRIVACY POLICY

1. Overview

This Privacy Policy explains how Buji Technologies Limited ("Buji", "we", "us", "our") collects, uses, shares and protects your personal data.

Buji processes health-related information solely to support the activities of independent licensed Clinics and insurers.

Buji does not provide medical advice or treatment.

We comply with the UK GDPR, the Data Protection Act 2018, and applicable consumer regulations.

2. Personal Data We Collect

We collect:

2.1 Information you provide

• Name, email, phone number, country of residence
• Account credentials
• Intake questionnaire responses (medical history, lifestyle information)
• Photos and videos (e.g., before/after or intake documentation)
• Passport details (for travel arrangements)
• Communications with coordinators, Clinics, insurers

2.2 Automatically collected

• Device identifiers
• IP address
• Usage data and analytics
• App interactions
• Crash logs (via Sentry and similar tools)

2.3 Payments

Payment information is processed by Stripe and never stored by Buji.

3. Special Category Health Data

Some intake responses and photos constitute health data.

We process this data under:

• UK GDPR Art. 6(1)(b) — necessary for the performance of a contract;
• UK GDPR Art. 9(2)(h) — health data processed for assessing your suitability for a procedure by independent professionals;
• UK GDPR Art. 9(2)(a) — explicit consent (obtained during the intake flow).

4. How We Use Your Data

We use data to:

• Create your account
• Facilitate intake review by independent medical assessors and Clinics
• Build and deliver treatment packages
• Process payments
• Coordinate aftercare and insurance workflows
• Provide customer support
• Detect fraud, abuse and security threats
• Improve app performance and user experience
• Comply with legal obligations

We do not sell personal data.

5. Sharing Your Data

We may share your data with:

5.1 Clinics & Healthcare Professionals

For suitability assessments and provision of treatment.

5.2 Insurers

For risk assessment, policy issuance, and claims management.

5.3 Service Providers

Including:

• Stripe (payments)
• Cloud hosting providers
• Messaging providers
• Sentry (crash reporting)
• Customer support tools

All third parties are bound by strict data-processing agreements.

5.4 Legal or Regulatory Authorities

Where required by law.

6. International Transfers

Your data may be transferred outside the UK (e.g., to Turkey).

We ensure appropriate safeguards, including:

• UK Addendum to the EU Standard Contractual Clauses;
• Adequacy decisions where applicable.

7. Data Retention

We retain data only for as long as necessary for the purposes outlined in this Policy, including:

• Legal, regulatory and audit requirements
• Insurance claim periods
• Dispute resolution

You may request deletion at any time.

8. Your Rights

Under UK GDPR, you have rights to:

• Access your data
• Correct inaccurate data
• Delete your data ("right to erasure")
• Restrict processing
• Data portability
• Withdraw consent at any time
• Object to processing

Requests can be submitted to: support@buji.health

9. Security

We use:

• Encryption in transit and at rest
• Access controls
• Secure development practices
• Monitoring and intrusion detection
• Regular audits and testing

No system is entirely risk-free, but we take reasonable measures to protect your information.

10. Children

Buji is not intended for individuals under 18.

We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

Material updates will be notified via the app or email.

12. Contact

For privacy questions or requests: support@buji.health

Data Protection Officer: Shoubhik Rahman