Privacy Policy

Biozy ("we", "us", "our") operates biozy.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

We are committed to privacy by default. We collect only what we need, we don't sell your data, and we give you control over what you share.

If you have questions about this policy, contact us at privacy@biozy.com.

We use your information to:

• Provide, operate, and improve the Biozy service
• Display your public profile at biozy.com/@username
• Send transactional emails (account confirmation, password reset)
• Send changelog updates if you subscribed (you can unsubscribe at any time)
• Detect and prevent fraud or abuse
• Comply with legal obligations

We do not use your data for advertising. We do not sell or rent your personal data to third parties. We do not share your data with third parties except as described in this policy.

Your data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure in the EU (Frankfurt). We use row-level security on all database tables to ensure users can only access their own data.

OAuth access tokens are stored encrypted using AES-256. Passwords are hashed using bcrypt with a cost factor of 10.

We use Vercel for hosting. Vercel's edge network may cache public profile pages for performance. No personal data is stored in edge caches.

We retain your data for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days.

We use the following third-party services to operate Biozy:

Supabase — database, authentication, and file storage. supabase.com/privacy

Vercel — hosting and edge network. vercel.com/legal/privacy-policy

Stripe — payment processing (Pro plan only). stripe.com/privacy

Resend — transactional email delivery. resend.com/privacy

Unsplash — background image presets (images are fetched from Unsplash's CDN when selected). unsplash.com/privacy

None of these services receive your data unless strictly necessary for the service they provide.

We use a single session cookie set by Supabase for authentication. This cookie is strictly necessary for the service to function and does not require consent under GDPR.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not use Google Analytics or Facebook Pixel.

See our full Cookie Policy for details.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request that we correct inaccurate data
• Deletion — request that we delete your account and all associated data
• Portability — request your data in a machine-readable format
• Restriction — request that we restrict processing of your data
• Objection — object to certain types of processing

To exercise any of these rights, email privacy@biozy.com. We will respond within 30 days. For EU/EEA residents, you may also lodge a complaint with your local Data Protection Authority.

You can delete your account at any time from your Dashboard → Settings.

Biozy is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it immediately.

If you believe a child has created an account, please contact us at privacy@biozy.com.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page.

Continued use of Biozy after any changes constitutes your acceptance of the updated policy.

For privacy-related questions or to exercise your rights:

Email: privacy@biozy.com Address: Biozy, Calle Gran Vía 28, 28013 Madrid, Spain

For general support, use our contact page.