1. Introduction

Bynyz ("we", "us", "our", "Company") operates the business intelligence platform at bynyz.com (the "Service"). This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of information obtained through your use of the Service.

Controller Information: Bynyz is the data controller responsible for your personal information. Contact details are provided in Section 12.

2. Information We Collect

We collect minimal information necessary to provide and improve our Service:

2.1 Information You Provide Directly

• Account Information: When you create an account using Google Authentication, we collect and store your email address and name from your Google account
• Payment Information: Billing details processed through Stripe (we do NOT store full credit card numbers)
• Communications: Information you provide when contacting customer support at support@bynyz.com

2.2 Information Collected Automatically

• Authentication Data: Session tokens to keep you logged in (managed by Supabase authentication)
• Device Information: Basic browser type and operating system information for compatibility purposes
• Log Data: Server logs including timestamps and errors for troubleshooting

2.3 Information from Third Parties

• Google OAuth: Email address and name from your Google account
• Stripe: Payment confirmation and subscription status

3. How We Use Your Information

We use collected information only for the following purposes:

3.1 Service Provision

• Create and manage your account
• Authenticate your identity and maintain login sessions
• Process payments and manage your subscription through Stripe
• Deliver business intelligence data and features
• Track your subscription status and tier

3.2 Communication

• Respond to customer support inquiries sent to support@bynyz.com
• Send service-related notifications if necessary (account issues, security alerts)

3.3 Security & Legal Compliance

• Detect and prevent fraud or unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations and court orders
• Protect rights, property, and safety of Bynyz and users

4. How We Share Your Information

We do NOT sell your personal information to third parties.

We only share information with the following service providers necessary to operate the Service:

Service Provider	Purpose	Data Shared
Google OAuth	User authentication	Email, name (for login only)
Stripe	Payment processing	Email, billing details, subscription status
Supabase	Database hosting & authentication	Email, name, subscription data

Legal Disclosures: We may disclose information if required by law, court order, or to protect our rights and users' safety.

5. Data Security

We implement reasonable technical and organizational safeguards to protect your information:

5.1 Security Measures

• Encryption: HTTPS/TLS encryption for data in transit
• Authentication: Secure OAuth tokens managed by Google and Supabase
• No Password Storage: We never store or have access to your passwords
• Secure Infrastructure: Data hosted on Supabase with enterprise-grade security
• Payment Security: All payment data handled by PCI-compliant Stripe

5.2 Your Security Responsibilities

• Keep your Google account credentials secure
• Use a strong, unique password for your Google account
• Enable two-factor authentication on your Google account
• Do not share your account access with others
• Report suspected unauthorized access to support@bynyz.com

6. Data Retention

We retain your information as follows:

Data Type	Retention Period
Account Data (email, name)	While account is active + 30 days after deletion request
Payment Records	7 years (required by tax law)
Server Logs	90 days (rotating basis)
Support Communications	1 year after resolution

6.1 Account Deletion

To delete your account, email support@bynyz.com with the subject "Account Deletion Request"

When you delete your account:

• We will delete your email and name from our database within 30 days
• Payment records will be retained for 7 years (required by law)
• Your subscription will be cancelled immediately

7. Your Privacy Rights

Depending on your location, you have the following rights:

7.1 General Rights (All Users)

• Access: Request a copy of your personal data (email, name, subscription status)
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account
• Portability: Request your data in a machine-readable format (JSON/CSV)

7.2 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have additional rights:

• Right to Access: Confirm what data we process about you
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion ("right to be forgotten")
• Right to Restriction: Limit processing in certain circumstances
• Right to Data Portability: Receive data in structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge Complaint: File complaint with your data protection authority

7.3 CCPA Rights (California Users)

• Right to Know: Request disclosure of data collected and shared
• Right to Delete: Request deletion of personal information
• Right to Non-Discrimination: We will not discriminate for exercising rights

7.4 How to Exercise Your Rights

8. Cookies & Session Storage

We use minimal cookies and browser storage for essential functionality only:

8.1 Essential Cookies/Storage

Our Service uses session tokens stored in your browser to keep you logged in. These are:

• Managed by: Supabase authentication system
• Purpose: Keep you authenticated between page visits
• Type: Essential/Functional (required for the Service to work)
• Duration: Expires when you log out or after session timeout

8.2 What We Don't Use

• No analytics cookies
• No marketing/advertising cookies
• No tracking cookies
• No third-party cookies (except Google OAuth and Stripe for their services)

9. International Data Transfers

Your information may be stored and processed in data centers operated by Supabase, which may be located outside your country of residence.

We ensure appropriate safeguards through:

• Supabase's compliance with GDPR and international data protection standards
• Standard Contractual Clauses (SCCs) for EU data transfers
• Encryption and security measures during data transfer and storage

10. Children's Privacy

We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected data from a minor, contact us immediately at support@bynyz.com, and we will promptly delete it.

11. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Google OAuth: Review Google's Privacy Policy
• Stripe: Review Stripe's Privacy Policy
• Supabase: Review Supabase's Privacy Policy

We are not responsible for the privacy practices of these third-party services.

12. Contact Information

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

• The "Last Updated" date at the top will be revised
• Material changes will be communicated via email
• Updated policy will be posted on bynyz.com
• Continued use after changes constitutes acceptance