Privacy Policy

Overview

This Privacy Policy explains how biz collect ("we", "us", "our") collects, uses, discloses, and protects personal information when you use our website at bizcollect.dev and our API (collectively, the "Service"). We are committed to processing personal information lawfully, fairly, and transparently.

This policy is designed to satisfy our obligations under the EU General Data Protection Regulation (GDPR), the revised Swiss Federal Act on Data Protection (revFADP), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

Who we are

The controller responsible for your personal information is Nico Jaroszewski, Schlosstalstrasse 202, 8408 Winterthur, Switzerland. See our Impressum for full contact details.

Information we collect

We collect the following categories of personal information:

• Account information - name, email address, and authentication identifiers, provided when you create an account. Authentication is handled by our processor Clerk.
• API usage data - request metadata (timestamps, endpoints, IP address, response codes, payload sizes) generated when you call the API. Used for rate limiting, abuse prevention, billing, and debugging.
• Billing information - when paid plans are introduced, payment data will be processed by Stripe and we will receive only transactional metadata.
• Support correspondence - content of emails or messages you send us.
• Cookies and similar technologies - see our Cookie Policy.

We do not intentionally collect special categories of data (Art. 9 GDPR / sensitive personal information under CCPA).

How we use your information

We use personal information to:

• Provide, operate, and maintain the Service.
• Authenticate users and secure accounts.
• Process and respond to API requests.
• Enforce rate limits, detect abuse, and protect the Service.
• Send service announcements and respond to support requests.
• Comply with legal obligations.
• Improve the Service (analytics, only with your consent).

Legal basis for processing (GDPR Art. 6)

Sharing and disclosure

We share personal information only with the third-party processors listed on our Subprocessors page, each of which is bound by a written data-processing agreement. We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the CPRA.

We may disclose personal information when required by law, to enforce our rights, or to protect the safety of users.

International data transfers

The Service is operated from Switzerland and uses processors in the United States and the European Union. Transfers of personal data outside Switzerland and the EEA are governed by:

• The European Commission's 2021 Standard Contractual Clauses, supplemented by the Swiss Federal Data Protection and Information Commissioner's recognized addenda for transfers originating in Switzerland.
• Where applicable, our processors' certifications under the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework.

Retention

Security

We protect personal information with industry-standard technical and organisational measures, including: encryption in transit (TLS) and at rest, multi-factor authentication for administrative access, least-privilege access controls, audit logging, and a documented incident response process. See Annex 2 of our DPA for the full list.

Your rights

Under the GDPR (EU/EEA residents)

You have the right to:

• Access your personal data (Art. 15).
• Rectify inaccurate data (Art. 16).
• Erase your data ("right to be forgotten", Art. 17).
• Restrict processing (Art. 18).
• Data portability (Art. 20).
• Object to processing based on legitimate interest (Art. 21).
• Not be subject to solely automated decision-making (Art. 22). We do not engage in such decision-making.
• Withdraw consent at any time (Art. 7(3)) without affecting prior lawful processing.

You may exercise these rights by emailing info@bizcollect.dev. You also have the right to lodge a complaint with your local Data Protection Authority.

Under the revFADP (Swiss residents)

You have rights equivalent to those above, including access, correction, deletion, and data export. The competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch).

Under the CCPA / CPRA (California residents)

You have the right to:

• Know what personal information we collect, use, and disclose.
• Delete personal information we have collected.
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information. We do not sell or share personal information, but we honor the Global Privacy Control signal as a valid opt-out request.
• Limit the use of sensitive personal information. We do not collect sensitive personal information.
• Non-discrimination for exercising your rights.

To exercise these rights, email info@bizcollect.dev. We will verify your request using the email address associated with your account.

Cookies

See our dedicated Cookie Policy for a full list of cookies we use and how to manage your preferences.

Children's privacy

The Service is not directed at individuals under the age of 16 (EU/EEA) or under the age of 13 (United States). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced with at least 30 days' notice via email or in-app notice before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

For privacy questions or to exercise your rights:

Email: info@bizcollect.dev
Mail: Nico Jaroszewski, Schlosstalstrasse 202, 8408 Winterthur, Switzerland

Questions about this policy? Email info@bizcollect.dev. Previous versions of every legal document are visible in our public Git history.