1. Data Controller
BizVerify (“we”, “us”, “our”) is the data controller responsible for your personal data.
BizVerify
Email: legal@bizverify.co
2. Data Protection Officer
Our appointed Data Protection Officer is Aleksandr Adamyan. You can reach them at alex@bizverify.co for any data protection inquiries.
3. Data We Collect
We collect the following categories of personal data:
| Category | Data | Purpose |
|---|---|---|
| Account data | Email address, hashed password | Authentication, service delivery |
| Usage data | API call logs, endpoints accessed, timestamps | Billing, service improvement |
| Technical data | IP addresses, user agent strings | Rate limiting, abuse prevention, security |
| Billing data | Credit purchase history, Stripe customer ID | Payment processing, invoicing |
We do not collect sensitive personal data (racial or ethnic origin, political opinions, health data, etc.).
4. Legal Basis for Processing
We process your data under the following legal bases (GDPR Art. 6(1)):
- Contract performance (Art. 6(1)(b)) — Processing necessary to provide the BizVerify API service, manage your account, and handle credit-based billing.
- Legitimate interest (Art. 6(1)(f)) — Processing IP addresses and usage patterns for security, rate limiting, and abuse prevention. Our legitimate interest in maintaining a secure service does not override your fundamental rights.
5. How We Use Your Data
- Providing and operating the BizVerify API service
- Managing your account and authenticating API requests
- Processing credit purchases and tracking usage for billing
- Enforcing rate limits and preventing abuse
- Sending transactional emails (account confirmations, billing receipts, security alerts)
- Improving service reliability and performance
We do not sell your data. We do not share your data with third parties for marketing purposes.
6. Sub-processors
We use the following third-party sub-processors to deliver our service. Each processes data only as necessary for their stated purpose:
| Sub-processor | Purpose | Location |
|---|---|---|
| Fly.io | Application hosting and infrastructure | United States |
| Stripe | Payment processing | United States |
| Resend | Transactional email delivery | United States |
| Upstash | Redis caching and rate limiting | United States |
For transfers of personal data to the United States, we rely on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses as appropriate.
7. Data Retention
- Account data — Retained for the lifetime of your account. Deleted within 30 days of account deletion.
- API usage logs — Retained for 90 days, then automatically purged.
- IP addresses — Retained for 90 days for rate limiting and security purposes.
- Billing records — Retained as required by applicable tax and accounting laws (typically 7 years).
8. Your Rights Under GDPR
As a data subject, you have the following rights:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate or incomplete data.
- Erasure — Request deletion of your personal data (“right to be forgotten”).
- Restriction — Request that we limit processing of your data in certain circumstances.
- Data portability — Receive your data in a structured, machine-readable format.
- Objection — Object to processing based on legitimate interest.
To exercise any of these rights, email us at legal@bizverify.co. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.
9. Cookies and Analytics
We use Google Analytics 4 with Consent Mode v2 in cookieless mode. By default, analytics storage is denied and no tracking cookies are placed. We collect only anonymous, aggregated usage statistics to improve our service.
10. Security
We implement appropriate technical and organizational measures to protect your personal data, including encrypted data storage, HTTPS-only API access, hashed passwords, and regular security reviews. No method of transmission over the internet is 100% secure, but we work to protect your data within commercially reasonable means.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact
BizVerify
Email: legal@bizverify.co