Privacy Policy

Belvak, operated by WzTechno Company ("we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our all-in-one business operations platform and related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

We collect information in the following ways:

Information you provide directly:

• Account information such as your name, email address, and password when you register for an account
• Business data you enter into the platform, including client details, project information, invoices, employee records, and other operational data
• Payment information when you subscribe to a paid plan. Paddle.com is our Merchant of Record and processes all payment information directly. We do not collect or store credit card numbers or payment card details. All payment data is handled entirely by Paddle under their own privacy policy.
• Communications you send to us, including support requests and feedback

Information collected automatically:

• Usage data such as pages visited, features used, and actions taken within the platform
• Device information including browser type, operating system, and IP address
• Cookies and similar technologies used to maintain your session and improve your experience

We use the information we collect to:

• Provide, maintain, and improve the Service, including all business operations features
• Process your transactions and manage your subscription
• Send you service-related communications, including updates, security alerts, and administrative messages
• Respond to your support requests and provide customer service
• Monitor and analyze usage patterns to improve platform performance and user experience
• Detect, prevent, and address technical issues, fraud, and security vulnerabilities
• Comply with legal obligations and enforce our terms of service

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We are committed to respecting your communication preferences. Your data is used solely for service provision, customer support, and fraud prevention.

• We do not share buyer data with third parties for marketing purposes
• Marketing communications require your explicit opt-in consent before we send them
• You can opt out of marketing communications at any time by following the unsubscribe link in any marketing email or by contacting us directly
• Service-related communications (such as security alerts, billing notices, and account updates) are not affected by marketing opt-out preferences, as they are necessary for the operation of your account

Your data is stored on secure servers with industry-standard protections. We implement a variety of security measures to maintain the safety of your personal information:

• Encrypted sessions with HttpOnly, SameSite, and Secure cookie flags
• Role-based access control ensuring only authorized users can access specific data
• Automated daily backups with 60-day retention to geographically separate cloud storage
• Rate limiting and security headers on all API endpoints to prevent abuse
• Regular security reviews and updates to address emerging threats

For self-hosted deployments, your data remains entirely on your own infrastructure and never passes through our servers.

We use the following third-party services to operate the platform:

• Paddle.com: our Merchant of Record for payment processing, tax calculation, and subscription management. Paddle collects and processes your payment information under their own privacy policy.
• Firebase Authentication: for secure user authentication and identity management
• Cloud hosting providers: for infrastructure and data storage
• Groq: for powering the AI assistant feature (queries are processed but not stored by the provider)

Each third-party service is bound by their own privacy policies and data handling practices. We only share the minimum information necessary for each service to function.

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Rectification: request correction of inaccurate or incomplete data
• Deletion: request deletion of your personal data, subject to legal retention requirements
• Data portability: request your data in a structured, machine-readable format
• Objection: object to certain processing activities
• Restriction: request restriction of processing in certain circumstances
• Complaint: lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated

To exercise any of these rights, please contact us using the information provided in the Contact section below.

For payment-related data, please note that Paddle processes this information independently as our Merchant of Record. To exercise your data rights regarding payment information, you should also contact Paddle directly. Please refer to Paddle's privacy policy for details on how they handle and protect your payment data.

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal data within 90 days, except where we are required by law to retain certain information.

Business data you have entered into the platform (projects, invoices, client records, etc.) will be deleted along with your account. We recommend exporting your data before closing your account.

Automated backups that may contain your data are retained for up to 60 days and are then permanently deleted.

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws in your jurisdiction.

We ensure that appropriate safeguards are in place to protect your personal data during any international transfer, in compliance with applicable data protection regulations.

As our Merchant of Record, Paddle may process payment data internationally under their own data protection measures. For details on how Paddle handles international transfers, please refer to Paddle's privacy policy.

Our Service is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

If you believe we have inadvertently collected data from a child under 16, please contact us immediately using the information in the Contact section below.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Belvak is operated by WzTechno Company. If you have any questions about this Privacy Policy, your personal data, or would like to exercise your rights, please contact us:

• Through our contact page
• By email at ...

We aim to respond to all privacy-related requests within 30 days.