Privacy Policy

Beezifi Inc. ("Beezifi," "we," "us," or "our") operates Beezifi Accounting, a cloud-hosted accounting software platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you access or use our Service. By using the Service, you agree to the practices described in this policy. If you do not agree, you must discontinue use of the Service immediately.

This policy applies to all users of the Service including workspace administrators, invited team members, and any individual or entity accessing the Service on behalf of an organization ("Workspace").

1. Information We Collect

1.1 Account and Registration Information

When you create a Workspace or user account, we collect:

• Full name and email address
• Company or organization name
• Password (stored as a bcrypt hash — we never store plaintext passwords)
• Optional two-factor authentication (TOTP) secrets, stored encrypted at rest
• User role and permission level within a Workspace

1.2 Accounting and Business Data

As part of operating the Service, we store the financial and business records you enter, including but not limited to:

• Customer and vendor contact information
• Invoices, estimates, purchase orders, and bills
• Chart of accounts, journal entries, and ledger data
• Bank transaction records you import or reconcile
• Receipts and attached documents
• Payment records and transaction history

You own this data. We store it solely to deliver the Service to you and do not use it for any other purpose, including advertising or machine learning model training.

1.3 Technical and Usage Data

We automatically collect limited technical information necessary to operate and secure the Service:

• IP address and general geographic region at login
• Browser type, operating system, and device type
• API request logs including endpoints accessed, timestamps, and HTTP status codes
• Audit trail records (who did what, when, and from which IP)
• Error logs and crash reports

1.4 Billing and Payment Information

We do not store full credit card numbers or banking credentials on our servers. Payment processing is handled entirely by Stripe, Inc. We retain only:

• Subscription tier and status
• Purchase history (amounts, dates, durations)
• Stripe payment intent and session identifiers for reconciliation

For payments made via bank account (ACH), your banking details are handled exclusively by Stripe and are never transmitted to or stored by Beezifi.

2. How We Use Your Information

We use the information we collect exclusively to:

• Provide, operate, and maintain the Service
• Process transactions and manage your subscription
• Authenticate users and enforce access controls
• Generate audit logs and maintain data integrity
• Send transactional emails (invoices, password resets, subscription confirmations)
• Detect, investigate, and prevent security incidents, fraud, and abuse
• Comply with applicable legal obligations
• Respond to your support requests and communications
• Improve the reliability and performance of the Service through anonymized, aggregated analytics

We do not use your accounting data, business records, or customer/vendor information for advertising, profiling, resale, or any purpose other than delivering the Service to you.

3. Data Storage, Isolation & Security

3.1 Workspace Isolation

Every Workspace operates in a fully isolated data environment. All database queries are scoped to your Workspace's tenant ID at the application level. No data is shared between organizations under any circumstances. There is no shared data layer between Workspaces.

3.2 Security Measures

We implement the following technical and organizational safeguards:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Password security: Passwords are hashed using bcrypt with a high work factor and are never stored in plaintext or recoverable form.
• Authentication: Sessions are managed via signed JWT tokens. Optional TOTP-based two-factor authentication is available and strongly recommended.
• Access controls: Role-based permissions restrict which users can access, modify, or delete data within a Workspace.
• Security headers: HTTP security headers including Content Security Policy (CSP), HSTS, X-Frame-Options, and others are enforced.
• Rate limiting: API rate limits are enforced to prevent brute force and abuse.
• Audit logging: All significant actions are logged with user identity, timestamp, and IP address.

3.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, to the extent required by applicable law.

3.4 No Absolute Security Guarantee

While we implement commercially reasonable security measures, no system is completely secure. We cannot guarantee that unauthorized third parties will never be able to defeat our security measures. You provide information at your own risk, and you are responsible for maintaining the confidentiality of your access credentials.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data or business records to third parties. We may share your information only in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party service providers who assist us in operating the Service, subject to confidentiality obligations:

• Stripe, Inc. — Payment processing
• Cloud infrastructure and hosting providers — Data storage and compute
• Transactional email providers — Sending account-related notifications

These providers access data only as necessary to perform their functions and are contractually prohibited from using it for any other purpose.

4.2 Legal Obligations

We may disclose your information if required to do so by law, court order, subpoena, or other governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Beezifi, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify affected users via email and/or a prominent notice on the Service prior to your data being transferred and becoming subject to a different privacy policy.

4.4 With Your Consent

We may share your information for any other purpose with your explicit prior consent.

5. Cookies and Tracking Technologies

The Service uses strictly necessary cookies and session tokens to authenticate users and maintain login state. We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral analytics services.

The authentication token stored in your browser is a signed JWT. Disabling cookies will prevent you from logging in. We do not use cookies for advertising or behavioral profiling purposes.

6. Data Retention

• Active Workspace data is retained for the duration of your subscription and for 30 days following cancellation or expiration, after which it is permanently deleted.
• Backup snapshots are purged within 90 days.
• Audit and security logs are retained for up to 24 months for security and compliance purposes.
• Billing records are retained for up to 7 years in accordance with financial recordkeeping requirements.
• Deleted user accounts are removed promptly, with authentication logs retained per the schedule above.

You may request earlier deletion of your data by contacting us at privacy@beezifi.com, subject to our legal obligations to retain certain records.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Request an export of your data in a machine-readable format.
• Objection: Object to certain processing of your data.
• Restriction: Request restriction of processing in certain circumstances.

To exercise these rights, contact us at privacy@beezifi.com. We will respond within 30 days. We may require verification of your identity before fulfilling any request. We reserve the right to deny requests that are manifestly unfounded, excessive, or repetitive.

Workspace administrators control data access for users within their organization and may export or delete Workspace data directly from within the Service.

8. Third-Party Services and Integrations

The Service offers optional integrations with third-party services including Stripe, Plaid, Shopify, Square, PayPal, Gusto, QuickBooks, and Xero. When you enable an integration, you authorize the Service to exchange data with that third party in accordance with your configuration.

Each third-party service operates under its own privacy policy and terms of service, which are independent of this policy. Beezifi is not responsible for the privacy practices of third-party services. You are solely responsible for reviewing and accepting the terms of any third-party service you connect to the Service.

Beezifi will never access third-party service credentials beyond what is required to perform the integration function you have explicitly authorized.

9. Children's Privacy

The Service is intended for use by businesses and individuals aged 18 or older. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has provided us with personal information, we will promptly delete it. If you believe a minor has submitted information to us, please contact us at privacy@beezifi.com.

10. International Data Transfers

Beezifi Inc. is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to such transfer. We take steps to ensure that any such transfers comply with applicable law and that your data remains protected in accordance with this policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by sending an email to the address associated with your account and/or by posting a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically. The "Last Updated" date at the top of this page reflects the most recent revision.

12. Contact Information

For privacy-related inquiries, data requests, or to report a concern, please contact us:

• Email: privacy@beezifi.com
• Legal matters: legal@beezifi.com
• Mailing address: Beezifi Inc., Legal Department, United States

We are committed to resolving privacy complaints promptly and transparently.