Legal
GDPR Compliance
Last updated: June 9, 2026
Our Commitment to GDPR
BizAt, a product of Technovicinity Limited, is fully committed to compliance with the European Union's General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). We extend these protections to all our users worldwide, regardless of their location.
This page outlines our GDPR compliance measures, your rights as a data subject, and how we fulfill our obligations as both a Data Controller and Data Processor.
Data Controller and Data Processor Roles
BizAt acts in dual capacities under GDPR:
- Data Controller: For personal data we collect directly from our merchant users (account information, billing details, usage data). We determine the purposes and means of processing this data.
- Data Processor: For personal data processed on behalf of our merchants (end customer conversations, leads, orders). We process this data solely according to our merchants' instructions.
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access (Article 15): Obtain confirmation of whether we process your data and access to that data.
- Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
- Right to Restriction (Article 18): Request limitation on how we process your data.
- Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format.
- Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing.
- Rights on Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing.
Data Protection Measures
We implement comprehensive technical and organizational measures to protect personal data:
- Data Minimization: We collect only data necessary for specified purposes
- Purpose Limitation: Data is processed only for stated purposes
- Storage Limitation: Data is retained only as long as necessary
- Integrity and Confidentiality: Encryption at rest (AES-256) and in transit (TLS 1.3)
- Access Controls: Role-based access with multi-factor authentication
- Audit Trails: Comprehensive logging of data access and modifications
- Incident Response: 72-hour breach notification procedure
- Data Protection Impact Assessments (DPIAs): Conducted for high-risk processing activities
Data Processing Agreement (DPA)
For our merchant customers who act as Data Controllers, we provide a Data Processing Agreement that outlines our obligations as a Data Processor. This DPA is incorporated into our Terms of Service and includes:
- Subject matter and duration of processing
- Nature and purpose of processing
- Types of personal data and categories of data subjects
- Obligations and rights of the controller
- Technical and organizational security measures
- Sub-processor engagement and notification
- Data breach notification procedures
- Data return and deletion upon contract termination
Sub-Processors
We engage the following sub-processors to deliver our Services. Each has been vetted for GDPR compliance:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Render | Cloud hosting | USA |
| Supabase | Database hosting | Singapore |
| OpenAI | AI language processing | USA |
| SSLCommerz | Payment processing | Bangladesh |
Data Protection Officer
Data Protection Officer — BizAt
Email: [email protected]
You also have the right to lodge a complaint with your local supervisory authority.