verified_user Privacy at a Glance
At Biznsbook, we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based ERP platform and related services.
1. Information We Collect
1.1 Account Information
When you create an account or subscribe to our services, we collect:
- Full name, email address, and phone number
- Company name, business type, and billing address
- Password (stored securely using industry-standard hashing)
- Role and permissions within your organization
1.2 Business Data
Through your use of Biznsbook modules (Inventory, Accounting, HR, Real Estate, Manufacturing, etc.), we process and store business data you enter, including:
- Financial transactions, invoices, and ledger entries
- Inventory records, stock movements, and product information
- Employee records, attendance, and payroll data (HRMS module)
- Customer, vendor, and partner information
- Property listings, bookings, and payment schedules (Real Estate module)
1.3 Employee Data (HRMS/Payroll Module)
If you use our HRMS and Payroll modules, you may enter Personally Identifiable Information (PII) for your employees, including:
- Full legal names, addresses, and contact information
- Government identification numbers (SSN, Tax ID, National ID)
- Bank account details for payroll deposits
- Salary, compensation, and benefits information
- Emergency contact information
- Employment history and performance records
Important: As the data controller, you are responsible for obtaining appropriate consent from your employees before entering their PII into Biznsbook. See Section 6 for our Employee Privacy Commitments.
1.4 Usage Data
We automatically collect certain information when you use our platform:
- IP address, browser type, and device information
- Pages visited, features used, and time spent
- Login timestamps and session duration
- Error logs and performance data
1.5 Payment Information
Payments are processed securely through our authorized payment provider, which acts as the Merchant of Record. We do not directly store your credit card numbers or bank account details. Our payment provider handles all payment processing in compliance with PCI-DSS Level 1 standards.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, maintain, and improve our ERP platform and its modules
- Account Management: To create and manage your account, process subscriptions, and handle billing
- Communication: To send service-related notifications, security alerts, and product updates
- Support: To respond to your inquiries and provide technical assistance
- Security: To detect, prevent, and address technical issues, fraud, and unauthorized access
- Analytics: To understand how our platform is used and to improve user experience
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
3. Data Security
📋 Plain English: Your data is encrypted like a bank vault. We use the same security standards as major financial institutions.
We implement enterprise-grade security measures to protect your data:
- Encryption at Rest: All data stored in our databases is encrypted using AES-256 encryption, the same standard used by banks and government agencies
- Encryption in Transit: All data transmitted between your browser and our servers is protected with TLS 1.3 (SSL) encryption
- Access Controls: Role-based access control (RBAC) with multi-factor authentication (MFA) support
- Infrastructure: Hosted on Microsoft Azure with SOC 2 Type II and ISO 27001 compliance
- Audit Trails: Complete logging of data access and modifications with tamper-proof audit logs
- Regular Backups: Automated daily backups with point-in-time recovery and geo-redundant storage
- Penetration Testing: Regular third-party security assessments and vulnerability scanning
- Employee Training: All staff undergo regular security awareness training
4. The "No-Sell" Promise
shield Our Data Promise to You
🔒 Biznsbook does NOT sell, rent, or trade your business data, employee records, or customer lists to ANY third party. Ever.
Your financial data, inventory records, employee information, customer lists, and all other business data you enter into Biznsbook belongs to you. We will never monetize your data through advertising, data brokering, or any other means.
We may share limited information only in these specific circumstances:
- Payment Provider: To process subscriptions and payments
- Cloud database: Our cloud infrastructure provider for hosting and data storage
- SendGrid: For transactional email delivery (account verification, password resets)
- Application Insights: For anonymized performance monitoring and error tracking
- Legal Authorities: When required by law, regulation, or valid legal process
5. Multi-Tenant Data Isolation
Biznsbook is a multi-tenant platform. Your business data is logically isolated from other tenants through our company-level access controls. Each tenant's data is segregated using unique Company IDs, and access is strictly enforced through our authentication and authorization systems.
6. Employee Privacy (HRMS/Payroll Data)
📋 Plain English: Your employees' personal data is protected with the same care as your business data. We're just the processor; you control the data.
When you use our HRMS and Payroll modules, you act as the Data Controller for your employees' personal information. Biznsbook acts as the Data Processor.
6.1 Our Commitments for Employee PII
- Purpose Limitation: Employee data is processed solely to provide HRMS and Payroll functionality—nothing else
- Minimum Access: Only your authorized users with appropriate permissions can access employee records
- No Cross-Tenant Access: Employee data is completely isolated from other companies using Biznsbook
- Encryption: Sensitive fields (SSN, bank accounts, salary data) receive additional field-level encryption
- Audit Logging: All access to employee records is logged for your compliance audits
6.2 Your Responsibilities
As the employer and data controller, you are responsible for:
- Obtaining appropriate consent from employees for data processing
- Informing employees about how their data is stored and used
- Responding to employee data access or deletion requests
- Ensuring compliance with local labor and privacy laws
7. GDPR & CCPA Compliance
Biznsbook is designed to help you meet your data protection obligations under GDPR (EU), CCPA (California), and similar privacy regulations worldwide.
7.1 Your Rights Under GDPR/CCPA
Depending on your jurisdiction, you have the following rights:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request complete deletion of your personal data
- Right to Data Portability: Receive your data in a machine-readable format (JSON, CSV, Excel)
- Right to Restrict Processing: Limit how we use your data in certain circumstances
- Right to Object: Object to processing based on legitimate interests
- Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights
7.2 How to Exercise Your Rights
To exercise any of these rights, contact our Privacy Team:
- Email: privacy@biznsbook.com
- Response Time: We will respond within 30 days (GDPR) or 45 days (CCPA)
- Verification: We may need to verify your identity before processing requests
7.3 Data Protection Officer
For GDPR-related inquiries, you may contact our Data Protection representative at dpo@biznsbook.com.
8. Data Retention
- Active Accounts: Data is retained for the duration of your subscription
- Cancelled Accounts: Data is retained for 30 days after cancellation (grace period for export), then permanently deleted
- Legal Requirements: Certain financial records may be retained longer as required by tax and accounting regulations (typically 7 years)
- Audit Logs: Security and access logs are retained for 12 months
- Backup Retention: Backups are retained for 30 days, then automatically purged
9. Cookies
We use minimal, essential cookies to maintain your login session and store user preferences. We do not use third-party advertising or tracking cookies.
- Session Cookie: Used to maintain your authenticated session
- Preferences Cookie: Stores your UI preferences (theme, language, etc.)
- Security: All cookies are HTTP-only, Secure, and use SameSite=Strict policy
10. International Data Transfers
Your data may be processed and stored in data centers located in different regions (primarily EU and US). We ensure that all international transfers comply with applicable data protection laws, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all sub-processors
- Adequacy decisions where applicable
11. Children's Privacy
Biznsbook is a business application and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on our website with a new "Last updated" date
- Sending an email notification to account administrators
- Displaying an in-app notification for significant changes
We encourage you to review this policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy Team: privacy@biznsbook.com
- Data Protection Officer: dpo@biznsbook.com
- General Support: support@biznsbook.com
- Legal Inquiries: legal@biznsbook.com
- Website: biznsbook.com/contactus