BizAlert.me

Privacy Policy

Last Updated: November 2024

1. Introduction

BizAlerts ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our daily company alerts service (the "Service"). We are based in the United Kingdom and comply with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you subscribe to our service, we collect:

  • Email address (used for delivering alerts and account communications)
  • Subscription preferences (SIC codes, regions, charity inclusion settings)
  • Optional webhook configuration (URL and format preferences)
  • Unique access tokens for managing preferences and unsubscribing

2.2 Payment Information

For subscriptions (£7.50/month with 7-day free trial), we collect payment information through our payment processor (Stripe). We do not store your full credit card details on our servers. Stripe handles payment processing and stores payment information securely in accordance with PCI-DSS standards.

2.3 Company Data Processing

We process publicly available company registration data from Companies House and the Charities Commission to provide the Service. This data includes:

  • Company names, numbers, and registration dates
  • SIC codes and business descriptions
  • Registered addresses and postcodes
  • Charity registration status

This data is filtered based on your preferences and delivered via email or webhook. We may cache this data temporarily to improve service performance, but we do not sell or share this data with third parties.

2.4 Email and Webhook Delivery Logs

We maintain logs of email and webhook deliveries for service quality and troubleshooting purposes, including:

  • Delivery timestamps and status (success/failure)
  • Number of companies included in each alert
  • Error messages for failed deliveries
  • Webhook response times and status codes

2.5 Technical Information

We automatically collect certain technical information when you use the Service:

  • IP address and geographic location (country level)
  • Browser type and version
  • Device information (operating system)
  • Pages visited and features used
  • Date and time of access

3. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To deliver daily email alerts and webhook notifications with company data matching your preferences
  • Account Management: To manage your subscription and provide customer support
  • Payment Processing: To process subscription payments and manage billing
  • Data Filtering: To apply your SIC code, region, and charity filters to company registration data
  • Communication: To send you service-related emails, trial reminders, and notifications
  • Improvement: To analyze usage patterns and improve the Service (using anonymized data)
  • Security: To detect, prevent, and address technical issues and security threats
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract: Processing necessary to perform our contract with you (providing daily alerts)
  • Legitimate Interests: Processing necessary for our legitimate interests in operating, improving, and securing the Service
  • Legal Obligation: Processing necessary to comply with legal requirements
  • Consent: Where you have provided consent for specific processing activities (e.g., webhook delivery)

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

5.1 Service Providers

We work with third-party service providers who assist us in operating the Service:

  • Stripe: Payment processing
  • Resend: Email delivery
  • Railway: Infrastructure hosting and database
  • Companies House: Public company registration data
  • Charities Commission: Public charity registration data
  • Sentry: Error monitoring (no personal data in logs)

These providers are contractually obligated to protect your data and only use it for the purposes we specify.

5.2 Webhook Delivery

If you configure a webhook URL, we will deliver filtered company data to your specified endpoint. You are responsible for ensuring the security and privacy of data sent to your webhook URL. We support delivery to platforms including Slack, Discord, Microsoft Teams, Zapier, and custom endpoints.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Account Information: Retained while your subscription is active and for a reasonable period after cancellation to comply with legal obligations
  • Payment Information: Retained by Stripe in accordance with their retention policies and regulatory requirements
  • Company Data Cache: Cached temporarily (typically 24-48 hours) to improve service performance
  • Email/Webhook Logs: Retained for 90 days for troubleshooting and service quality monitoring
  • Technical Logs: Typically retained for 90 days for security and operational purposes

7. Your Data Protection Rights

Under UK data protection laws, you have the following rights:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request restriction of processing your data in certain circumstances
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Token-based access controls for preferences and unsubscribe links
  • Regular security assessments and updates
  • Secure hosting infrastructure with Railway
  • Stripe webhook signature verification

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the United Kingdom. Some of our service providers are based in the United States and other countries. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions recognizing equivalent data protection standards
  • Service providers certified under recognized data protection frameworks

10. Cookies and Tracking Technologies

We use minimal cookies and tracking technologies. Essential cookies are used for authentication and session management. You can control cookie preferences through your browser settings. However, disabling cookies may affect some features of the Service.

11. Children's Privacy

The Service is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us. If we discover that a child under 16 has provided us with personal data, we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will also notify you via email for significant changes. You are advised to review this Privacy Policy periodically for any changes.

13. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Support: [email protected]

← Back to Home