Privacy Policy — BizCore

Table of Contents

Overview
Information We Collect
How We Use Your Information
How We Share Information
Cookies & Tracking
Data Retention
Security
Your Rights
International Transfers
Children's Privacy
Changes to This Policy
Contact Us

    Plain English summary: We collect the information you give us to run BizCore. We don't sell your data. We use it only to operate and improve the service. You can access, correct, or delete your data at any time by contacting us.
  

1. Overview

BizCore ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the BizCore platform ("Service"), including our website at bizcorehq.com.

This policy applies to:

Workspace owners and agents — individuals who create accounts and manage workspaces
End visitors — visitors to our customers' websites who interact with the BizCore chat widget
Website visitors — people who visit bizcorehq.com

By using the Service you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information you provide directly

Category	Examples
Account registration	Full name, email address, password
Workspace setup	Company name, job title, company size, phone number
Website configuration	Domain name, widget settings, widget key
Chat conversations	Messages sent via the live chat widget or inbox
Knowledge base content	Articles, categories, published content
Bot rules	Trigger phrases, automated response text
Billing information	Handled directly by our payment processors — we do not store card numbers

2.2 Information collected automatically

Usage data — pages visited, features used, actions taken within the app
Log data — IP address, browser type, operating system, referring URLs, timestamp
Device data — device type, screen resolution, language settings
Widget session data — when a visitor opens the chat widget, we log the session and conversation

2.3 Information from third parties

We may receive information from authentication providers if you use single sign-on (SSO), and from payment processors for billing status.

3. How We Use Your Information

We use collected information to:

Provide the Service — authenticate your account, store your workspace data, deliver real-time chat functionality
Improve the Service — analyze usage patterns, fix bugs, develop new features
Communicate with you — send transactional emails (password resets, invitations, important notices)
Process billing — manage your subscription, process payments, issue receipts
Ensure security — detect and prevent fraud, abuse, and security incidents
Comply with legal obligations — respond to lawful requests from authorities
AI-powered features — conversation context is sent to Anthropic's Claude API to generate suggested replies; this data is subject to Anthropic's Privacy Policy

We do not sell your personal information to third parties, and we do not use it for behavioral advertising.

4. How We Share Information

We share information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party providers to operate the Service:

Provider	Purpose	Data shared
Supabase	Database, authentication, realtime	All customer and workspace data
Anthropic (Claude API)	AI suggested replies	Conversation message text
Google Fonts	Typography	IP address (font load requests)

4.2 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect rights, safety, or property.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, customer data may be transferred. We will notify affected users prior to any such transfer.

4.4 With Your Consent

We may share information with third parties when you explicitly request or consent to it.

5. Cookies & Tracking

BizCore uses a minimal set of cookies and browser storage:

Type	Purpose	Expiry
Authentication session	Keeps you logged in to your BizCore account	Session / up to 7 days
Widget visitor ID	Identifies returning visitors in the chat widget (stored in visitor's browser)	30 days
Preferences	Stores UI preferences (theme, language)	1 year

We do not use third-party advertising cookies or cross-site tracking technologies. You can clear cookies through your browser settings at any time; this will log you out of the Service.

6. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service:

Active accounts — data is retained for the lifetime of your account
Deleted accounts — data is permanently deleted within 30 days of account deletion
Conversation logs — retained indefinitely unless deleted by the workspace owner
Server logs — retained for up to 90 days for security and debugging purposes
Billing records — retained for 7 years as required by financial regulations

7. Security

We take data security seriously and implement the following measures:

Encryption in transit — all data transmitted between your browser and our servers uses TLS 1.2+
Encryption at rest — databases and backups are encrypted at rest
Access controls — Row Level Security (RLS) ensures each workspace can only access its own data
Authentication — passwords are hashed with bcrypt; we support secure session tokens
Infrastructure — hosted on Supabase, which maintains SOC 2 Type II compliance

No method of transmission over the internet is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@bizcorehq.com.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Correction

Request that we correct inaccurate or incomplete data.

Deletion

Request erasure of your personal data ("right to be forgotten").

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing of your data for certain purposes.

Restriction

Request that we restrict processing while a dispute is resolved.

To exercise any of these rights, please email privacy@bizcorehq.com. We will respond within 30 days. For GDPR requests, we may ask you to verify your identity before processing the request.

If you are a California resident, you have additional rights under the CCPA, including the right to know, delete, and opt out of the sale of personal information (note: we do not sell personal information).

9. International Transfers

BizCore is operated globally. Your information may be processed in countries other than your own, including the United States, where our infrastructure providers are located.

By using the Service, you consent to the transfer and processing of your data in countries that may have different data protection laws than your country. We ensure that transfers outside the EEA are subject to appropriate safeguards (such as Standard Contractual Clauses) where required.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with their personal information, please contact us at privacy@bizcorehq.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by displaying a prominent notice in the Service at least 14 days before changes take effect. We encourage you to review this policy periodically.

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy inquiries: privacy@bizcorehq.com
Security reports: security@bizcorehq.com
General support: support@bizcorehq.com
Website: bizcorehq.com

We aim to respond to all privacy-related inquiries within 5 business days.