1. Who We Are
Badalytics ("we", "us", "our") is a company incorporated and operating under the laws of the Republic of Mauritius. We provide AI-powered communication intelligence and customer engagement software designed exclusively for automotive dealerships in Mauritius.
2. Scope of This Policy
This Privacy Policy applies to all personal data collected, processed, stored, or transmitted by Badalytics in connection with:
- Our website at badalytics.io and all associated sub-domains;
- Our software platform and services (the "Platform") provided to dealership clients;
- Communications we receive from prospective and existing clients and end-users.
This Policy is governed by and must be read in accordance with the Data Protection Act 2017 of Mauritius (the "DPA 2017") and any regulations or guidelines issued thereunder by the Data Protection Commissioner.
3. Personal Data We Collect
We collect personal data only to the extent necessary for the purposes described in this Policy ("data minimisation", per Section 23 of the DPA 2017). The categories of personal data we may collect include:
- Identity data: full name, job title, dealership name;
- Contact data: email address, phone number (including WhatsApp number), business address;
- Communication data: messages sent to us via WhatsApp, email, web chat, Instagram DM, or Facebook Messenger that pass through the Platform;
- Technical data: IP address, browser type and version, device identifiers, operating system, referral URLs, and pages visited on our website (collected via cookies and server logs);
- Usage data: feature usage, login timestamps, session duration, and interaction logs within the Platform;
- Transaction data: records of services purchased, plan tier, invoicing details;
- Lead data: data relating to vehicle-buyer leads that our dealership clients process through the Platform (processed by us as a data processor on behalf of the client as data controller).
Note on lead data: Where our Platform processes personal data of a dealership's end-customers (vehicle buyers), Badalytics acts as a data processor under the DPA 2017, acting strictly on the written instructions of the dealership client (the data controller). Each client's data processing is governed by a Data Processing Agreement (DPA) incorporated into our service contract.
4. How We Use Your Personal Data
We process personal data for the following purposes:
- To deliver, maintain, and improve the Platform and associated services;
- To communicate with you about your account, enquiries, and support requests;
- To manage contracts, billing, and service agreements;
- To send service updates, platform notifications, and — where you have opted in — marketing communications;
- To analyse usage patterns and perform internal research to enhance the Platform;
- To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities;
- To comply with our legal and regulatory obligations under Mauritius law;
- To enforce our Terms of Service and protect our legal rights.
5. Legal Basis for Processing
Under the DPA 2017 (Sections 20–22), we rely on the following lawful grounds to process personal data:
- Contractual necessity: processing required to perform our contract with you or to take steps at your request before entering into a contract;
- Legitimate interests: processing necessary for our legitimate business interests (e.g. fraud prevention, network security, product improvement), provided such interests are not overridden by your rights and freedoms;
- Legal obligation: processing required to comply with a legal obligation applicable to Badalytics under the laws of Mauritius;
- Consent: where we have obtained your freely given, specific, informed, and unambiguous consent (e.g. marketing emails). You may withdraw consent at any time without detriment.
6. Sharing and Disclosure
We do not sell, rent, or trade personal data. We may share your personal data only in the following circumstances:
- Service providers: third-party vendors who process data on our behalf (e.g. cloud hosting, payment processors, analytics tools) under contractual data processing agreements that impose equivalent data protection obligations;
- Platform integrations: communication channel providers (Meta/WhatsApp Business API, Instagram, Facebook) where necessary to deliver the service. Each integration is subject to the provider's own privacy terms;
- Dealership clients: where you are an end-customer of a dealership using our Platform, the dealership is the data controller and may access your communications data through the Platform;
- Legal requirements: where disclosure is required by law, court order, or a competent regulatory or governmental authority in Mauritius or any jurisdiction having jurisdiction;
- Business transfers: in connection with a merger, acquisition, or sale of all or part of our business, subject to the acquiring party agreeing to be bound by equivalent data protection obligations.
7. International Data Transfers
Where personal data is transferred outside the Republic of Mauritius (e.g. to cloud infrastructure hosted in other jurisdictions), we ensure appropriate safeguards are in place as required by Section 40 of the DPA 2017. Such safeguards may include:
- Transfers to countries deemed to offer an adequate level of data protection;
- Contractual clauses that impose data protection obligations on the recipient;
- Binding corporate rules where applicable.
You may request details of the specific safeguards applicable to a given transfer by contacting us at info@badalytics.io.
8. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this Policy and in accordance with our legal obligations under Mauritius law. Our general retention periods are:
- Client account data: for the duration of the contract plus 7 years (in line with the Companies Act 2001 requirements for business records);
- Communication and lead data: as specified in the Data Processing Agreement with each dealership client, typically 12–36 months from collection;
- Website analytics and technical data: up to 26 months;
- Marketing consent records: for the period of consent plus 3 years after its withdrawal.
After the applicable retention period expires, personal data is securely deleted or anonymised.
9. Your Rights Under the DPA 2017
As a data subject under the Data Protection Act 2017 of Mauritius, you have the following rights (subject to applicable exemptions):
- Right of access (Section 37): to obtain confirmation of whether we process your personal data and to receive a copy of it;
- Right to rectification (Section 38): to have inaccurate personal data corrected or incomplete data completed;
- Right to erasure: to request deletion of your personal data where there is no overriding legitimate ground for continued processing;
- Right to restriction of processing: to request that we restrict processing of your personal data in certain circumstances;
- Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format;
- Right to object: to object to processing based on legitimate interests or direct marketing at any time;
- Rights related to automated decision-making: not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects, without human review.
To exercise any of these rights, please contact us in writing at info@badalytics.io. We will respond within 30 days of receipt of your request, as required by the DPA 2017.
10. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance user experience and collect analytics data. Categories of cookies used include:
- Strictly necessary cookies: essential for the website to function; cannot be disabled;
- Analytics cookies: used to understand how visitors interact with our website (e.g. pages visited, session duration). Data is aggregated and anonymised where possible;
- Functional cookies: used to remember your preferences and settings.
Where required by law, we obtain your consent before placing non-essential cookies. You may manage or withdraw cookie consent at any time through your browser settings.
11. Security
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are described in detail in our Security Policy.
In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will notify the Data Protection Commissioner and affected data subjects in accordance with the DPA 2017.
12. Children's Privacy
Our Platform and services are directed exclusively at businesses (automotive dealerships) and their staff. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately at info@badalytics.io and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. We will notify you of material changes by posting the updated Policy on this page with a revised effective date and, where appropriate, by direct notification via email.
Continued use of our Platform or website after the effective date of any change constitutes acceptance of the revised Policy.
14. Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact our designated point of contact:
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commissioner of Mauritius:
Data Protection Office
5th Floor, Bramer House, Remy Ollier Street
Port Louis, Mauritius
Website: dataprotection.govmu.org