BGG Executive AI Platform – Privacy Policy

Effective Date: 10/15/2025

Last Updated: 10/15/2025

1. Overview

BGG Global Holding Inc. (“BGG,” “we,” “us,” or “our”) operates the BGG Executive AI Platform, a secure, invite-only artificial intelligence environment designed exclusively for BGG’s leadership and authorized personnel.

This Privacy Policy explains how we collect, use, store, and protect information associated with your use of the Platform.

2. Scope

This Policy applies to all users accessing the Platform through Single Sign-On (SSO) authentication under the BGG corporate domain. It governs all interactions within the Platform, including AI-generated queries, data inputs, and administrative metadata.

3. Information We Collect

The Platform follows a Zero Data Retention (ZDR) model. No user content, prompt, or AI-generated output is retained or stored.

We only collect minimal metadata necessary for security and compliance:

  • User Identification: Email address (SSO-authenticated via Google Workspace).
  • Session Metadata: Timestamp, region, and authentication token.
  • System Logs: API gateway request IDs and CloudWatch event summaries.
  • Access Data: Device type, browser type, and IP (for security monitoring).

No message content or file uploads are stored or transmitted beyond session scope.

4. How We Use Information

Metadata is used solely for the following purposes:

  • Authentication and access control (via AWS Cognito).
  • Security event monitoring (via AWS CloudWatch and WAF).
  • System performance auditing and compliance verification.
  • Internal analysis to improve infrastructure reliability and data security.

5. Data Sharing and Disclosure

We do not sell, trade, or disclose any user data to third parties.

Limited metadata may be processed by:

  • Amazon Web Services (AWS) – for hosting, authentication, and secure storage.
  • OpenAI Enterprise API – for AI inference without content retention.

All vendors are contractually bound by strict data protection and confidentiality terms.

6. Data Retention

  • User-generated content is not retained.
  • Authentication and log metadata are stored for up to 90 days, unless required longer for compliance review.
  • Data is automatically deleted or anonymized after the retention period.

7. Security and Access Control

The Platform employs multiple layers of protection:

  • Amazon WAF and IP allowlisting.
  • End-to-end HTTPS encryption via AWS CloudFront.
  • Federated SSO (Google Workspace) with MFA.
  • Secrets managed through AWS Secrets Manager (no plaintext keys).
  • Regular internal audits and quarterly compliance reviews.

8. User Rights

Users have the right to:

  • Request access to their login metadata.
  • Request correction or deletion of identifiable log entries.
  • Report any data privacy concerns to privacy@bggworld.com.

Requests are reviewed by BGG’s Information Governance Team and completed within 30 days.

9. International Data Transfers

All Platform operations are hosted within Amazon Web Services global infrastructure, with primary regions in the United States and Asia-Pacific. Transfers comply with applicable data protection laws, including GDPR and Singapore PDPA frameworks.

10. Updates to This Policy

BGG reserves the right to update this Privacy Policy as technologies, laws, or governance practices evolve.

Any material changes will be communicated via internal email or during sign-in.

11. Contact

For questions or data access requests, please contact:

BGG Data Privacy Office

BGG Global Holding