Privacy Policy - Bizent

Bizent is committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1. Data Controller

The data controller responsible for your personal data is:

Bizent Limited

Registered Address: [INSERT COMPANY REGISTERED ADDRESS]

ICO Registration Number: [INSERT ICO REGISTRATION NUMBER]

Privacy Contact: privacy@bizent.com

2. Personal Data We Collect

2.1 Account Data

Name
Email address
Password (encrypted)
Authentication tokens

2.2 Business Profile Data

Business name
Business logo
Website URL
Business bio/description
Industry tags and vertical

2.3 Collaboration Data

Goals and milestones you create
Messages and comments on goals
Applications to collaborate on goals
Reviews and ratings given/received
Workspace membership information

2.4 Verification Data

Domain verification records
Social authentication credentials (via OAuth)

2.5 Payment Data

Payment information (credit card details) is collected and processed directly by our payment processor, Stripe. We do not store full payment card details on our servers. We retain:

Transaction IDs
Payment status
Billing history
Last 4 digits of card number

2.6 Technical Data

IP address (anonymised)
Browser type and version
Device type
Operating system
Time zone and locale settings

2.7 Usage Data

Features used
Pages visited
Time spent on platform
Interaction patterns

3. Legal Basis for Processing

We process your personal data under the following legal bases:

3.1 Contract (Article 6(1)(b) UK GDPR)

Processing necessary to provide the Bizent service, including account management, goal collaboration, messaging, and billing.

3.2 Legitimate Interest (Article 6(1)(f) UK GDPR)

We process data for platform security, fraud prevention, service improvement, and anonymised analytics. We have balanced these interests against your rights and determined they do not override your fundamental rights.

3.3 Consent (Article 6(1)(a) UK GDPR)

For optional analytics cookies and marketing communications. You can withdraw consent at any time.

3.4 Legal Obligation (Article 6(1)(c) UK GDPR)

To comply with legal requirements such as tax law, accounting regulations, and responding to lawful requests from authorities.

4. Data Storage and Location

UK/EU Data Processing

Your data is stored and processed exclusively within the United Kingdom and European Union. We do not transfer personal data outside the UK/EU.

5. Sub-processors

We use the following trusted third-party service providers to deliver our service:

Service	Purpose	Location
Clerk	Authentication and user management	UK/EU
Stripe	Payment processing	UK/EU
Resend	Transactional emails	UK/EU
PostHog	Analytics (anonymised)	UK/EU

All sub-processors are contractually bound to UK GDPR standards and have appropriate technical and organisational measures in place.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Data Type	Retention Period
Account data	Duration of account + 30 days after deletion
Messages and collaboration data	90 days after goal completion (180 days for Enterprise)
Reviews and reputation data	Lifetime (aggregated after 24 months)
Billing records	7 years (tax compliance)
Audit logs	2 years
Analytics data	26 months (anonymised after 13 months)

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

Request a copy of the personal data we hold about you.

Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Request deletion of your personal data (subject to legal retention requirements).

Right to Restriction of Processing (Article 18)

Limit how we use your personal data in certain circumstances.

Right to Data Portability (Article 20)

Receive your personal data in a structured, commonly used format and transfer it to another controller.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Article 7)

Withdraw consent for processing based on consent (does not affect lawfulness of processing before withdrawal).

How to Exercise Your Rights

You can exercise your rights by:

Visiting your account settings: Settings → Privacy & Data
Emailing us at: privacy@bizent.com

We will respond to your request within 30 days. We may require proof of identity to process certain requests.

8. Cookies

We use cookies to provide and improve our service. For detailed information about the cookies we use, please see our Cookie Policy.

Cookie Categories

Essential Cookies: Required for authentication and security (Clerk). These do not require consent.
Analytics Cookies: Optional cookies for anonymised usage analytics (PostHog). Requires consent.

9. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

We will notify the ICO within 72 hours of becoming aware of the breach
We will notify affected individuals without undue delay if the breach poses a high risk
Notifications will include the nature of the breach, likely consequences, and measures taken to address it

10. Contact and Complaints

Contact Us

If you have questions about this Privacy Policy or how we handle your personal data:

Email: privacy@bizent.com

Address: [INSERT COMPANY REGISTERED ADDRESS]

Right to Complain

You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. Your continued use of Bizent after such changes constitutes acceptance of the updated policy.