Privacy Policy

1. Introduction

Bizno (“we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our digital readiness platform in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and other applicable laws.

Data Controller: Bizno (Joto Ltd)
Registered Address: United Kingdom
Contact: privacy@bizno.co.uk

2. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract: Processing necessary to provide our services to you
• Consent: Where you have given explicit consent (e.g., marketing emails)
• Legitimate Interests: For security, fraud prevention, and service improvement
• Legal Obligation: To comply with applicable laws and regulations

3. Information We Collect

3.1 Personal Information

• Email address (for account creation and communication)
• Business information you provide (business names, types)
• Team member email addresses (for invitations)
• Account activity and business progress data
• IP address and device identifiers
• Browser type and operating system

3.2 Usage Data

• Pages visited and features used
• Time spent on the platform
• Click patterns and navigation paths
• Device information (for mobile app users)
• Session duration and frequency of use

3.3 Cookies and Similar Technologies

We use the following types of cookies:

• Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
• Analytics Cookies: We use Plausible Analytics (privacy-focused, no cookies, no personal data tracking)
• Functionality Cookies: Remember your preferences and settings

You can manage cookie preferences through your browser settings. For more information, visit aboutcookies.org.

4. How We Use Your Information

• Provide and maintain our digital readiness platform
• Create and manage your user account
• Send notifications about business deadlines, tasks, and updates
• Process team invitations and manage access permissions
• Send transactional emails (account creation, password resets, invitations)
• Send marketing communications (only with your consent)
• Analyze usage patterns to improve our services
• Detect and prevent fraud, security incidents, and abuse
• Comply with legal obligations and respond to legal requests

5. Data Retention

We retain your personal data only for as long as necessary:

• Account Data: Retained while your account is active. Deleted within 30 days of account deletion.
• Business Data: Retained while associated businesses exist. Deleted when business is deleted.
• Communication Records: Retained for 12 months for customer service purposes.
• Usage Logs: Retained for 90 days for security and debugging.
• Analytics Data: Anonymized after 90 days.

In some cases, we may retain data longer if required by law or for legitimate business purposes (e.g., fraud prevention).

6. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and role-based permissions
• Regular staff training on data protection
• Incident response procedures

Despite our efforts, no security system is impenetrable. We will notify you and relevant authorities of any data breach as required by applicable law.

7. International Data Transfers

Your data is primarily stored in the United Kingdom (Supabase EU regions). Some of our service providers may process data outside the UK/EU. When this occurs, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the ICO
• Adequacy decisions for countries with equivalent data protection
• Service providers certified under recognized privacy frameworks

8. Your Rights

Under UK GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure (“Right to be Forgotten”): Request deletion of your data
• Right to Restriction: Limit how we process your data
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
• Right to Complain: Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise these rights, email us at privacy@bizno.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Third-Party Services

We use the following data processors:

• Supabase: Database hosting, authentication, and storage (EU-based)
• Resend: Email delivery service (US-based, SCCs in place)
• Plausible Analytics: Privacy-focused analytics (EU-based, no cookies)
• Vercel: Web hosting and edge delivery (US-based, SCCs in place)
• Stripe (if applicable): Payment processing (SCCs in place)

Each processor is vetted for GDPR compliance and only processes data necessary for their service provision.

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately and we will delete such information.

11. Data Breach Notification

In the event of a personal data breach, we will:

• Notify the ICO within 72 hours if required
• Notify affected users without undue delay if the breach poses a high risk to their rights
• Provide information about the nature of the breach and steps taken

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new “Last updated” date
• Sending an email notification for significant changes
• Displaying a notice in the platform

Your continued use of our services after changes indicates acceptance of the updated policy.

13. Contact Us

For privacy-related questions, to exercise your rights, or to make a complaint:

• Email: privacy@bizno.co.uk
• Data Protection Officer: privacy@bizno.co.uk

You also have the right to complain to the Information Commissioner's Office (ICO):

ICO Contact:
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Cookie Policy

This Cookie Policy explains how we use cookies and similar technologies.

What Are Cookies?

Cookies are small text files stored on your device when you visit websites. They help websites function properly and provide information to website owners.

How to Manage Cookies

Most web browsers allow you to control cookies through their settings. You can:

• View cookies stored on your device
• Delete existing cookies
• Block third-party cookies
• Block all cookies (may affect functionality)

Note: Blocking essential cookies will prevent you from using our platform.