๐Ÿ”’ GDPR Compliant

Privacy Policy

Last updated: 15 June 2026 ย ยทย  Effective: 15 June 2026

1. Who We Are

BizLyn ("BizLyn", "we", "our", or "us") is a business management software platform operated by BizLyn Softwares. We act as a data processor on behalf of the organisations ("Entity Admins") who use our platform, and as a data controller in respect of the personal data of the users who register directly with us.

Contact: contact@bizlyn.com

2. What Data We Collect

CategoryExamplesPurpose
Account dataName, email address, profile photoAuthentication & account management
Usage dataLogin timestamps, pages visited, actions takenSecurity, audit logs, platform improvement
HR & payroll dataSalary, department, employee ID (if entered by your employer)Payroll & HR module functionality
Business dataInvoices, purchase orders, customers (entered by your entity)Core ERP functionality
Device & log dataIP address, browser type, error logsSecurity monitoring & debugging

3. Lawful Basis for Processing (GDPR Article 6)

  • Contract performance โ€” to provide the platform services you have signed up for.
  • Legitimate interests โ€” security monitoring, fraud prevention, and platform improvement.
  • Consent โ€” where you explicitly agree to optional processing (e.g. marketing communications). You may withdraw consent at any time.
  • Legal obligation โ€” where we are required to process data to comply with applicable law.

4. How We Use Your Data

  • Authenticating your identity and maintaining your account.
  • Providing, operating, and improving the BizLyn platform.
  • Sending transactional emails (password reset, account alerts).
  • Generating in-app notifications relevant to your role.
  • Enforcing our Terms of Service and preventing abuse.
  • Complying with legal and regulatory obligations.

We do not sell your personal data to third parties.

5. Data Sharing & Third Parties

We share data only with trusted service providers who process it on our behalf under data processing agreements (DPAs):

  • Google Firebase / Firestore โ€” authentication, database, and app hosting (Google Cloud, US/EU regions).
  • Google Cloud Platform โ€” infrastructure and serverless compute.
  • Genkit / Google AI โ€” AI-assisted features (processed without storing your personal data).

All third-party processors are bound by GDPR-compliant Standard Contractual Clauses (SCCs) where data is transferred outside the EEA.

6. International Data Transfers

Our primary infrastructure runs on Google Cloud (nam5 / us-central1). If you are based in the European Economic Area (EEA), your data may be transferred to the United States. We rely on Google's Standard Contractual Clauses and their EUโ€“US Data Privacy Framework certification to ensure an adequate level of protection.

7. Data Retention

We retain your personal data for as long as your account is active, or as necessary to provide services and comply with legal obligations:

  • Account data: retained for the duration of the active account + 12 months after deletion request.
  • Financial records: retained for 7 years in accordance with applicable accounting law.
  • Log data: retained for 90 days for security purposes.

8. Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights:

๐Ÿ“‹ Right of Access (Art. 15)

Request a copy of your personal data (use the Download My Data feature in Settings โ†’ Profile).

โœ๏ธ Right to Rectification (Art. 16)

Correct inaccurate personal data via your profile settings.

๐Ÿ—‘๏ธ Right to Erasure (Art. 17)

Request deletion of your personal data by emailing contact@bizlyn.com.

๐Ÿšซ Right to Restrict Processing (Art. 18)

Ask us to stop processing your data in certain circumstances.

๐Ÿ“ฆ Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

๐Ÿ™‹ Right to Object (Art. 21)

Object to processing based on legitimate interests.

To exercise any of these rights, email us at contact@bizlyn.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK).

9. Cookies

BizLyn uses only strictly necessary cookies required for authentication and session management (Firebase Auth session tokens). We do not use tracking or advertising cookies. No cookie consent banner is required for strictly necessary cookies under GDPR.

10. Security

We implement industry-standard security measures including HTTPS encryption in transit, Firestore security rules with role-based access control, Firebase App Authentication, and regular security reviews. No method of transmission or storage is 100% secure; we encourage you to use a strong, unique password.

11. Children's Privacy

BizLyn is a business management platform intended for use by organisations and their adult employees. We do not knowingly collect personal data from individuals under the age of 16.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via in-app notification or email. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related queries or to exercise your rights:

BizLyn Softwares

Email: contact@bizlyn.com

Website: app.bizlyn.com

ยฉ 2026 BizLyn Softwares. All rights reserved.