Privacy Policy

1. Information We Collect

Account & Workspace Data

When you create a workspace or user account, we collect:

• Name, email address, and password (stored as a bcrypt hash — never in plaintext)
• Workspace name (slug) and the role assigned to your account
• Optional: TOTP 2FA secret (stored encrypted; used solely for authentication)

CRM Data You Enter

The Service allows you to store business information including contacts, companies, deals, leads, tasks, support tickets, notes, and activity logs. This data belongs entirely to your organization. We store it to provide the Service and do not use it for advertising or profiling.

Usage & Technical Data

We may collect limited technical data to operate and improve the Service, including:

• IP address and browser/device type at login (for security and rate-limiting purposes)
• API request logs for debugging and audit purposes
• Timestamps of significant actions (login, record creation, deletion)

Payment Information

Billing is handled by our payment processor. We do not store full credit card numbers on our servers. We retain only the plan type, subscription status, and billing cycle associated with your workspace.

2. How We Use Your Information

We use collected information to:

• Provision and operate your workspace
• Authenticate users and enforce access controls
• Send transactional communications (account confirmation, password reset)
• Provide customer support when you contact us
• Detect and prevent fraud, abuse, and unauthorized access
• Comply with legal obligations
• Improve the platform's reliability and performance

We do not sell your data. We do not use your CRM data to train machine learning models or for any purpose unrelated to delivering the Service to you.

3. Data Isolation & Multi-Tenancy

Each workspace uses a dedicated database named with a unique identifier. There is no shared data layer between tenants. Even Beezifi employees accessing the infrastructure for support purposes can only do so through audited, role-gated processes.

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

• Service providers: Infrastructure, hosting, and payment processors who operate under confidentiality agreements and are permitted to use data only to perform services for us.
• Legal requirements: If required by law, subpoena, or court order, we will notify you where legally permitted before disclosing your data.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify affected users and provide options where feasible.
• With your consent: Any other sharing will only occur with your explicit written consent.

5. Data Retention

We retain your data for as long as your workspace is active and your subscription is in good standing. Upon termination of your account:

• Active workspace data is retained for 30 days after cancellation to allow for recovery or export.
• After 30 days, the workspace database is permanently deleted. This deletion is irreversible.
• Backup snapshots are purged within 90 days of workspace deletion.
• Authentication logs and billing records may be retained for up to 7 years to satisfy legal and financial compliance obligations.

You may request early deletion by contacting us at privacy@beezifi.com.

6. Security

We take data security seriously. Technical safeguards in place include:

• All passwords hashed using bcrypt with a work factor of 10 or higher
• All data transmitted over HTTPS (TLS 1.2+)
• JSON Web Tokens (JWT) with short expiry windows for session management
• Optional TOTP-based two-factor authentication for all accounts
• Rate limiting on all authentication endpoints to prevent brute force
• HTTP security headers (Content-Security-Policy, HSTS, X-Frame-Options) via Helmet.js
• Fully isolated per-tenant databases — no shared schema
• Role-based access controls enforced at the API layer

Despite our efforts, no system is 100% secure. In the event of a breach affecting your data, we will notify you within 72 hours of discovery as required under applicable law. For more detail, see our Security Policy.

7. Cookies & Tracking

The CRM platform uses minimal cookies and local storage:

• Authentication token: Stored in localStorage to maintain your session. This is essential for the Service to function.
• No advertising cookies: We do not place third-party advertising or tracking cookies.
• No analytics pixels: We do not embed third-party analytics scripts that profile individual behavior.

You may clear your browser's local storage at any time, which will sign you out of the Service.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data (subject to legal retention requirements).
• Portability: Export your CRM data at any time via the built-in CSV export on every module.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@beezifi.com. We will respond within 30 days.

9. Children's Privacy

The Service is intended for business use and is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us immediately at privacy@beezifi.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For material changes, we will provide at least 14 days' notice via email to the workspace admin on file before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact Us