B
BizBrew

Privacy Policy

Last updated: February 2026

1. Introduction

BizBrew ("we," "us," or "our") operates a white-label multi-tenant SaaS platform that helps service businesses manage scheduling, bookings, payments, CRM, and operations. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our website at bizbrew.org and any tenant applications hosted on our platform.

By accessing or using BizBrew, you agree to the practices described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, and business information. If you register as a tenant administrator, we also collect your business name, industry type, and preferred configuration.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, timestamps, browser type, device information, and IP addresses. This data helps us improve the platform and diagnose technical issues.

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. Stripe provides us with a tokenised reference, the last four digits of your card, and transaction metadata for billing and invoicing purposes.

3. How We Use Your Information

  • Service Delivery: Provide, maintain, and improve the BizBrew platform, including tenant provisioning, booking management, and payment processing.
  • Communication: Send transactional emails (booking confirmations, password resets, invoices), service announcements, and optional marketing communications you can opt out of at any time.
  • Analytics: Analyse aggregated, anonymised usage patterns to improve features, optimise performance, and develop new functionality.
  • Security: Detect and prevent fraud, abuse, and unauthorised access to your account and data.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. Data Storage & Security

Your data is stored in PostgreSQL databases managed through Supabase. We enforce Row-Level Security (RLS) policies at the database level, ensuring that each tenant's data is strictly isolated and accessible only to authorised users within that tenant.

All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption. We use industry-standard authentication mechanisms, including JWT-based session tokens and secure password hashing. Access to production infrastructure is restricted to authorised personnel with multi-factor authentication.

5. Third-Party Services

We use the following third-party services that may process your data in accordance with their own privacy policies:

  • Stripe — Payment processing, subscription management, and invoicing.
  • Resend — Transactional email delivery for authentication emails, confirmations, and notifications.
  • Bird API — WhatsApp and SMS messaging for booking confirmations, reminders, and phone verification.
  • Cloudflare — DNS management, CDN, SSL provisioning, and Turnstile CAPTCHA for bot protection.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Export: Request a machine-readable export of your data. BizBrew supports CSV export for client records, booking history, and transaction data.
  • Objection: Object to processing of your data for direct marketing purposes.

To exercise any of these rights, please contact us through our contact page.

7. Cookies

BizBrew uses minimal cookies that are essential for the operation of the platform. These include session cookies for authentication and preference cookies for settings such as language and theme.

We may also use analytics cookies to understand how our marketing site is used. These cookies collect anonymised, aggregated data and do not track you across other websites. You can disable non-essential cookies through your browser settings.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you close your account or request deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial records for tax compliance).

Tenant data, including client records and booking history, is retained for the duration of the tenant's active subscription. Upon subscription cancellation, tenant data is retained for 90 days to allow for reactivation, after which it is permanently deleted.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on our platform at least 14 days before the changes take effect.

Your continued use of BizBrew after the effective date of any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out through our contact page.

Privacy Policy — BizBrew — BizBrew