Privacy Policy
1. Controller
Nils Andres & Bayer Maximilian Luca GbR
Lehmgrubenstr. 11, 86932 Pürgen
Email: contact@bizzconnect.org
2. Data we process
Depending on how you use BizzConnect, we may process the following categories of data:
- Account and registration data: for example name, email address, login data, user ID, company or workspace assignment and authentication information.
- Content and usage data: for example spaces, groups, tasks, notes, files, chat messages, calendar data, comments, attachments and related metadata.
- AI-related data: prompts, responses, selected models, tool calls, provided context, file and image attachments, and content you include for AI processing. This can include tasks, notes, files, chats, calendar context and other platform content where needed to answer your request.
- Payment and billing data: for example company name, plan, invoice and transaction references, Stripe customer IDs, checkout IDs or subscription IDs. We do not receive full payment card numbers ourselves.
- Integration data: for example Google or Microsoft calendar connections, OAuth tokens, synchronized calendar events or optional WhatsApp numbers.
- Technical data: for example IP address, browser and device information, timestamps, error logs, security logs and infrastructure metadata.
3. Purposes and legal bases
- Providing the platform and fulfilling user requests: We process data to create accounts, authenticate users, store content, enable collaboration, process payments where applicable and provide requested features. The legal basis is Article 6(1)(b) GDPR.
- Public beta testing: We process data to test and improve stability, security, quality and functionality of a product that is still in public developer beta. The legal basis is Article 6(1)(f) GDPR.
- Optional integrations: If you actively use Google Calendar, Outlook/Microsoft, WhatsApp or similar integrations, we process the data required to connect, synchronize and operate those services. The legal basis is Article 6(1)(b) GDPR and, where required, Article 6(1)(a) GDPR.
- AI features: If you use AI features, the required inputs, contexts and attachments are processed to answer, generate, edit or automate the requested action. The legal basis is Article 6(1)(b) GDPR.
- Legal obligations and abuse prevention: Where necessary, we process data to comply with legal obligations, prevent abuse, secure the service and enforce our rights. The legal bases are Article 6(1)(c) and Article 6(1)(f) GDPR.
4. Google Calendar and Google API Services
If you actively connect or use the Google Calendar integration, BizzConnect processes data from your connected Google Calendar through Google API Services where this is necessary for calendar and planning features. This section also describes our use of Google user data under the Google API Services User Data Policy.
- Google permissions currently requested: For the current Google Calendar integration, we mainly request access to your Google account email address (userinfo.email) and calendar events (calendar.events). In connection with Google login or identity matching, Google identity and OpenID scopes such as openid may also be visible. These permissions allow us to assign the connection to your account and to read, synchronize, create, update and delete calendar events where triggered by you or required by the feature you use.
- Google data that may be processed: your Google account email address, technical OAuth information, access and refresh tokens, calendar connection data, calendar IDs, calendar events and event content such as title, description, start and end time, all-day status, location, external event ID and synchronization timestamps.
- How we use this data: to establish and maintain the Google Calendar connection, retrieve and synchronize calendar events in BizzConnect, display them in calendar and planning views, and create, update or delete calendar events in your connected Google Calendar where triggered by you or provided by the relevant feature.
- Use limited to requested product features: We use Google user data only to provide or improve user-facing BizzConnect features requested or clearly initiated by you, especially calendar display, synchronization, planning logic and calendar-related product features.
- Google User Data Policy and Limited Use: Our use of information received from Google Workspace APIs is intended to comply with the Google User Data Policy, including its Limited Use requirements.
- What we do not do: We do not sell Google user data and do not use it for advertising, profiling, data brokerage or unrelated secondary purposes. Use is limited to visible BizzConnect calendar and productivity features, security, abuse prevention and legal compliance.
- Token storage and protection: Connection and token data is stored server-side in our systems, not in browser local storage. Access is limited to technical processes and permissions required for operation, maintenance, troubleshooting and security. We store this data while the calendar integration is active or while technically required to maintain, renew and troubleshoot the connection.
- Sharing and access: Google Calendar data is transmitted to Google itself or to our technical service providers only where necessary for providing, storing, processing, securing and synchronizing the feature. Further disclosure occurs only where legally required, needed to enforce rights or separately initiated by you.
- AI-related use: Calendar data may be included in AI features if you actively use an AI feature with calendar context or submit a request that requires calendar data. In that case, the AI provisions in this Privacy Policy also apply.
- Disconnecting: You can disconnect the Google Calendar integration at any time. From that point, no new Google Calendar data is retrieved through the connection. Connection and token data is generally deleted or technically disabled once it is no longer needed for the integration and no statutory retention duties or legitimate technical reasons, such as abuse prevention, troubleshooting, backups or recovery, apply.
The legal basis for processing in connection with the Google Calendar integration you actively use is generally Article 6(1)(b) GDPR and, where required in individual cases, Article 6(1)(a) or Article 6(1)(f) GDPR.
Where Google-related data is transferred to countries outside the EU/EEA, this takes place under the transfer mechanisms and contractual safeguards provided for the relevant service. The privacy and contractual documents of the relevant provider apply.
5. Recipients, processors and international transfers
To provide BizzConnect technically and organizationally, we currently use in particular the following services or providers:
- Supabase: authentication, database, realtime functions and parts of application data.
- Vercel: hosting of the web frontend and server-side web functions.
- Google Cloud: parts of backend and infrastructure processing.
- Cloudflare R2: file storage and delivery of files and attachments.
- Stripe: payment processing, checkout, subscriptions, invoices and billing processes.
- OpenRouter and the selected model provider: processing of AI requests. Depending on the selected model, inputs may be routed to different model providers.
- Google and Microsoft: only when login or calendar integrations are used.
- Meta/WhatsApp: only when WhatsApp functionality is used.
- Google Fonts: loading of fonts from Google domains on some pages.
Data may be transferred to countries outside the European Union or the EEA, especially the United States. Such transfers are typically based on adequacy decisions, standard contractual clauses or comparable safeguards of the relevant provider. The specific AI providers involved may depend on the selected model and routing.
6. Cookies, Local Storage and Session Storage
We currently do not use tracking or advertising cookies. We do use technically necessary cookies and browser storage to enable login, security and functional convenience.
- Technically necessary cookies: especially for authentication, session management, OAuth/login flows, password reset, security mechanisms and, where applicable, hosting or deployment protection.
- Local Storage: for example theme, language, sidebar widths, file explorer cache, knowledge views, recently opened notes, selected spaces or chats, assistant drafts, assistant and inbox chat history, scroll positions, chat backgrounds, local sidebar and explorer caches and other functional UI states.
- Session Storage: for short-lived navigation or return states, for example in calendar or settings flows.
7. Retention
We generally store personal data only for as long as necessary for the relevant purposes. This includes the duration of your account, active team memberships, statutory retention periods, open payment or abuse cases and technical requirements of the public beta.
Connection and token data for integrations is generally stored only for the duration of the active connection and a technically required follow-up period for renewal, troubleshooting, backups and recovery. Billing and tax records may be retained longer due to commercial and tax law obligations. Content and account data after deletion or termination is deleted, anonymized or blocked once no longer required for operation, security, abuse prevention, backups, recovery or legal duties.
Browser storage such as cookies, Local Storage or Session Storage generally remains on your device until it expires automatically, is overwritten or is deleted by you.
8. Your rights
You have the following rights against us in particular:
- Right of access, rectification and erasure.
- Right to restriction of processing.
- Right to data portability.
- Right to object to processing based on Article 6(1)(f) GDPR.
- Right to withdraw consent with effect for the future where processing is based on consent.
- Right to lodge a complaint: You may complain to a data protection supervisory authority.
9. Current development status
BizzConnect is in public developer beta. Features, integrations, data flows and service providers may still change during this phase. We update this Privacy Policy as needed.