Privacy Policy

This Privacy Policy sets out the rules for the processing and protection of personal data of users of the web application used for task and project management. We place great importance on protecting privacy, transparency, security, and compliance with applicable laws.

I. DATA CONTROLLER

The controller of personal data is:

BIZMI sp. z o.o., Poland, St. Gliwicka 177A, 44-207 Rybnik, NIP: 6423261047, REGON: 541481124.

Contact with the Controller:

Correspondence address: Poland, St. Gliwicka 177A, 44-207 Rybnik

E-mail address: kontakt@bizmi.pl

II. DEFINITIONS

Personal Data – information about an identified or identifiable natural person, such as one who can be identified directly or indirectly by one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, online identifier, and information collected through cookies or other similar technologies.

Policy – this Privacy Policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.

User – a natural person visiting the website or using the services or functionalities described in this Privacy Policy.

Application – the web application operated by the Controller at: https://bizmi.app

Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2020, item 344), sent by the Controller electronically to the User; receiving it is voluntary and requires the User’s consent.

Account – a collection of data stored in the Application and in the Controller’s IT system relating to a given User, created after registration and authentication via e-mail and password or using the Google login mechanism (OAuth).

III. DATA COLLECTION AND PROCESSING

Depending on how the User interacts with the Application, we may collect the following personal data:

Information about the User’s device to ensure proper operation of the services: computer IP address, information contained in cookies or other similar technologies, session data, browser data, device data, and activity data on the Website (including specific subpages);

Geolocation data, if the User has consented to provide access to it;

User’s personal data: first name, last name, e-mail address, business tax data (NIP, company name, address), telephone number (optional), payment data;

Data from integrated services – Google OAuth;

Organizational data – organization name, selected industry, interface personalization preferences;

Payment and fiscal data – information necessary to process payments and billing (processed and stored mainly by Stripe);

Login and security data – login history, session data, authorization tokens;

Analytical data regarding the use of the Application;

Content entered by the User in the Application (e.g., notes, tasks, attachments);

Marketing data – consents, communication preferences (newsletter, notifications).

IV. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

We process your data for the following purposes:

Enabling the use of the Application’s functionalities (registration, login);

Providing task/project management services;

Account management;

Processing payments and subscriptions;

Informing Users about activity within the Application (notifications, e-mails);

Communication and technical support – handling inquiries, technical issues, or complaints;

Diagnosing and resolving problems with customer support assistance;

Developing and improving the Application – evaluating and implementing new features, technologies, and improvements;

Ensuring IT security and protection against abuse;

Sending marketing content (newsletters, commercial information). Such actions are taken only if the User has given consent, which may be withdrawn at any time.

Data is processed based on:

Art. 6(1)(a) GDPR – consent for the use of certain cookies or similar technologies through browser settings in accordance with telecommunications law;

Art. 6(1)(b) GDPR – to perform electronic services, including creating and managing an Account;

Art. 6(1)(c) GDPR – to fulfill legal obligations incumbent on the Controller (e.g., accounting, tax);

Art. 6(1)(f) GDPR – for analytical and statistical purposes, ensuring security, and tailoring content to user needs based on the Controller’s legitimate interests.

V. DATA RECIPIENTS

The Controller discloses personal data only to entities processing data under data processing agreements concluded with the Controller, solely for the purpose of providing services to the Controller. Personal data may be disclosed to:

Hosting and server service providers;

Analytical tool providers;

Online payment operators;

Accounting service providers;

Newsletter and marketing automation providers;

IT service providers.

As part of using IT service providers (e.g., Google, Stripe), data may be transferred outside the European Economic Area, subject to appropriate safeguards under GDPR, such as standard contractual clauses.

VI. DATA RETENTION PERIOD

The retention period depends on the type of service and the purpose of processing.

As a rule, data is processed for as long as the User actively uses the Application, until consent is withdrawn or an effective objection is made when processing is based on the Controller’s legitimate interest.

After Account deletion, data will be retained for a maximum of 12 months.

This period may be extended if processing is necessary to establish, pursue, or defend legal claims. After that, data will be deleted or anonymized.

VII. USER RIGHTS

Every User has the right to:

Request access to their data (Art. 15 GDPR);

Request rectification of inaccurate or incomplete data (Art. 16 GDPR);

Request erasure of their data (Art. 17 GDPR) if there is no legal basis for further processing;

Request restriction of processing (Art. 18 GDPR) in specific cases, e.g., disputing data accuracy or pending verification;

Request data portability (Art. 20 GDPR);

Object to processing based on legitimate interests (Art. 21 GDPR);

Withdraw consent at any time, without affecting prior lawful processing;

Lodge a complaint with the President of the Personal Data Protection Office (PUODO).

To exercise these rights, the User should contact the Controller using the contact details provided above and specify which right they wish to exercise.

VIII. PAYMENT DATA PROCESSING AND STRIPE INTEGRATION

Payments are handled by Stripe, an external payment service provider. The data shared with Stripe includes:

Payer’s name,

E-mail address,

Payment data (e.g., card number, bank account),

Fiscal data (e.g., VAT number, billing address).

The Application and Stripe act as independent data controllers for payment data. Stripe stores data according to its own privacy policy and accounting regulations.

Subscription models and paywall system:

We support the following subscription plans: Solo, Team, Pro, and Max.

Lack of an active payment results in restricted access to some or all application features. Subscription status information is linked to the user account and organization.

IX. GOOGLE INTEGRATION (OAuth)

The Application uses Google OAuth to allow Users to log in and integrate selected Google services, such as Google Calendar and Drive.

Only the data necessary to perform integration functions is stored, including: e-mail, Google ID, name, surname, access tokens, and related calendar or file data authorized by the User.

Data scopes used:

email – access to the User’s Google email address,

profile – access to basic profile data (name, surname, photo, Google ID),

calendar – reading and synchronizing calendar events,

drive – accessing and uploading files to Google Drive.

During authorization, the Application displays the exact scopes requested. Each scope is used solely for the functionality it supports. No data outside the granted scopes is accessed or stored.

Data storage:

OAuth tokens are encrypted. The Application does not permanently store Calendar or Drive data unless explicitly saved as part of a project. Data is retained only for as long as necessary or until consent is withdrawn.

Data sharing:

Data obtained from Google is not shared with third parties without explicit consent unless required by law or essential for the Application’s operation. All transfers are secured under confidentiality and compliance agreements.

Security:

Connections to Google services and all transmitted data are encrypted (HTTPS/SSL). Technical and organizational measures are applied to protect against unauthorized access or modification.

X. COOKIES AND TRACKING

When visiting our website, you are informed that we use cookies and other technologies (including tracking or profiling) to ensure proper functionality, personalize content and ads, and analyze traffic.

You can consent to all cookies or customize your preferences through the “Cookie Settings” banner shown upon your first visit.

You may withdraw consent at any time by reopening the banner via the “Cookie Settings” link in the website footer.

Purposes and types of cookies:

We use two main types of cookies:

Necessary cookies – essential for the operation and stability of the website; these are stored automatically.

Optional cookies – analytical and marketing, used only with your consent.

Types used:

Necessary cookies – ensure proper functioning of the website and basic features. (No consent required under Polish telecommunications law.)

Analytical cookies – measure performance and help us understand visitor interactions.

Marketing cookies – personalize displayed content and advertisements.

When you click “Allow all”, you consent to all cookies.

Clicking “Reject all” disables all but the technically essential cookies.

XI. DATA SECURITY

The Controller ensures personal data is protected against unauthorized disclosure, acquisition, destruction, loss, damage, or alteration, and against unlawful processing.

Technical and organizational measures meeting GDPR requirements (especially Articles 24 and 32) are applied to guarantee confidentiality, integrity, and availability of processing systems and services.

XII. CHANGES TO THE PRIVACY POLICY

This Privacy Policy and Cookie Policy may be supplemented or updated as necessary to ensure up-to-date and accurate information for Users.

XIII. NEWSLETTER

The User may consent to receive commercial information electronically by selecting the appropriate option during registration or later via their Account settings.

Upon consent, the User will receive the Application’s Newsletter and other commercial information to the provided e-mail address.

The User may unsubscribe at any time by deselecting the option in their Account settings or contacting Customer Support.

XIV. FINAL PROVISIONS

In matters not covered by this Policy, relevant provisions of EU and national data protection law shall apply.