Bukker Privacy Policy

Last updated: February 1, 2026

At Bukker ("Bukker", "we", "our", "the Platform"), we are committed to protecting the privacy and security of information. This Policy describes how we collect and process information when you use our educational management service.

By using Bukker, you accept the practices described in this Policy. If you do not agree, you must not use the Service.

0. Roles and scope of processing

Bukker provides a platform for educational institutions to manage information.

0.1. Account data (Bukker as Controller)

Regarding the data necessary to create and manage the User's Account (e.g. administrator name, email, credentials, billing and contact data), Bukker acts as data controller.

0.2. Data uploaded by the User (Bukker as Processor)

Regarding data that the User uploads or generates within the Platform (e.g. students, teachers, attendance, payments, communications), the User/institution acts as controller and Bukker acts as processor, processing such data only to provide, maintain, secure and improve the Service, and in accordance with the User's instructions.

0.3. User responsibility

The User is responsible for having the necessary legal basis to upload and process third-party personal data (including, where applicable, consent from parents/guardians in the case of minors), and for complying with applicable data protection, communications and spam regulations.

1. Information we collect and/or process

1.1. Account information

When you register with Bukker, we collect:

  • First and last name (of the administrator/representative)
  • Email address
  • Password (stored securely using hashing mechanisms)
  • Institution information (name, address, contact details)
  • Service configuration preferences (e.g. language, notifications)

1.2. Student and teacher information (processed on behalf of the User)

When the User uploads information to the Platform, Bukker processes and stores, on behalf of the User, information that may include:

  • Student data (name, ID/passport, email, phone)
  • Emergency contacts
  • Academic information (attendance, grades)
  • Teacher data (name, contact, availability)
  • Financial information associated with fees/payments (e.g. payment status, transaction reference)
  • Communication preferences (e.g. WhatsApp and Email acceptance)

Important: Bukker does not "decide" what data to upload; the User chooses what information to enter and for what purpose.

1.3. Usage information (logs and activity)

We collect information about use of the Service to operate, secure and improve the Platform, for example:

  • Activity and action logs (audit)
  • Access dates and times, security events
  • Use of features
  • Operational statistics (e.g. number of messages sent)

1.4. Technical information

We automatically collect technical information, which may include:

  • IP address
  • Browser type and operating system
  • Device information
  • Cookies and similar technologies (see section 7)

1.5. Payment information

If the User uses payment integrations (e.g. MercadoPago):

  • Bukker may process billing information and payment references necessary to operate the integration.
  • Bukker does not store sensitive credit card data or full banking details.
  • Payment information is processed by the provider according to their own policies.

2. How we use the information

We use the information to:

  1. Provide the Service: create and manage accounts, operate features, support.
  2. Communications: send operational notifications, Service notices and communications requested by the User.
  3. Security: prevent fraud, abuse, unauthorized access and incidents.
  4. Service improvement: metrics, internal analytics, debugging and development of new features.
  5. Legal compliance: respond to valid legal requests and comply with regulatory obligations.

When possible and reasonable, Bukker uses aggregated and/or anonymized data for internal analysis.

3. Who we share information with

Bukker does not sell or rent personal information. We may share information in these cases:

3.1. Providers and subprocessors (to operate the Service)

We share information with providers that help us operate the Platform (e.g. hosting, storage, monitoring, email, messaging, analytics, and payment processing), to the extent necessary to provide the Service.

Examples of categories of data these providers may process, depending on the functionality used:

  • Hosting/infrastructure providers: data stored on the Platform and technical logs necessary to operate and secure the Service.
  • Email providers: recipient email addresses, message content and delivery metadata (date/time/status).
  • Meta/WhatsApp (if the User uses WhatsApp): phone numbers, message content and delivery/status metadata in accordance with Meta's policies.
  • Payment processors (e.g. MercadoPago): billing and transaction data necessary to execute payment.

These providers act under our instructions and with reasonable security measures.

3.2. Legal requirements

We may disclose information if required by law, court order or valid government request, or to protect the rights, property or safety of Bukker, Users or third parties.

3.3. Aggregated and anonymized data

We may share aggregated or anonymized data (that does not identify individuals) for analysis, research or Service improvement.

4. Data security

We implement reasonable technical and organizational measures to protect information, which may include:

  • Encryption in transit (e.g. HTTPS/TLS)
  • Access controls and principle of least privilege
  • Monitoring and logging of security events
  • Reasonable backups
  • Restricted access to personal data

Nevertheless, no system is 100% secure. We cannot guarantee absolute security.

5. Data retention and deletion

We retain information:

  • while the Account is active and necessary to operate the Service; and/or
  • for as long as necessary to fulfil the purposes described in this policy; and/or
  • for periods required by legal obligations.

After cancellation or termination, Bukker may retain data for a reasonable period to allow export, operational closure and legal compliance; thereafter it may delete or anonymize data, except where retention is required.

Aggregated and/or anonymized data may be retained indefinitely.

6. Rights of individuals over their data

Depending on the applicable jurisdiction, you may have rights such as: access, rectification, update, deletion, objection, restriction and portability.

If you are an institution administrator (User/Customer): you may exercise these rights regarding your Account data by contacting us.

If you are a student/teacher or other third party whose data was uploaded by an institution: your request should normally be channelled through the institution (data controller). Bukker can technically assist the institution to comply with the request.

For queries or requests, you can contact us at hello@bukker.app. We will respond within a reasonable time.

7. Cookies and similar technologies

We use cookies and similar technologies to:

  • enable essential functions (login, security, preferences),
  • analyse use and performance,
  • improve the User experience.

You can control cookies through your browser settings. Some cookies may be necessary for the Service to function.

8. International transfers

Information may be transferred and processed in countries other than the User's, for example when we use infrastructure or messaging providers with global operations.

Bukker implements reasonable safeguards to protect information in international transfers and seeks to use mechanisms consistent with the applicable legal framework.

9. Children's data

Bukker is not intended for minors to create accounts or use the Service as end users. However, the Platform may be used by educational institutions to manage student data, including minors, under the responsibility of the User/institution.

The User represents and warrants that they have the legal basis and necessary consents (e.g. from parents/guardians where applicable) to upload and process minors' data on the Platform.

If Bukker becomes aware that a minor's data has been processed without the required legal basis, it may take reasonable measures to restrict or remove that information, subject to legal obligations.

10. Changes to this Policy

We may update this Policy from time to time. We will publish the updated version and change the "Last updated" date. If changes are material, we will endeavour to notify through reasonable means (Platform or email).

Continued use of the Service after the updated Policy takes effect constitutes acceptance.

11. Contact

If you have questions or requests about this Policy or the processing of information, contact us:

Email: hello@bukker.app

We are committed to responding within a reasonable time.