Privacy Policy

1. Overview

Devoffice LLC, a Florida limited liability company ("Company," "we," "us," or "our"), operates BizSweep at bizsweep.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

This policy applies to all visitors, registered users, and anyone who interacts with the Service. By using BizSweep, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access or use the Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), the CAN-SPAM Act, and other applicable federal and state privacy laws.

2. Information We Collect

2.1 Personal Information You Provide

When you register, subscribe, or interact with the Service, we may collect:

• Identity Data: First name, last name, username
• Contact Data: Email address, phone number (optional), company name
• Financial Data: Payment card details (processed and stored securely by Stripe, Inc.; we do not store full card numbers on our servers)
• Profile Data: Profession, timezone, preferences, email signature, company logo
• Authentication Data: Password (stored as a bcrypt hash; we never store plaintext passwords), two-factor authentication secrets
• Communication Data: Support tickets, feedback, and correspondence with us

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical and usage information:

• Device Data: IP address, browser type and version, operating system, device type, screen resolution
• Usage Data: Pages visited, features used, actions taken, search queries, click patterns
• Log Data: Access timestamps, referring URLs, error logs
• Location Data: Approximate geolocation derived from your IP address (we do not collect precise GPS location)
• Cookie Data: Information collected through cookies and similar tracking technologies (see Section 6)

2.3 Information from Third Parties

• Social Login: If you sign in via Google or other social providers, we receive your name, email, and profile picture as authorized by you
• Payment Processor: Stripe may provide us with transaction status, subscription details, and payment confirmations

2.4 Publicly Available Business Data

The business information displayed in search results (names, addresses, phone numbers, ratings, reviews, website URLs) is obtained from publicly available sources including Google Maps. This data relates to businesses, not to individual consumers, and is publicly accessible. We do not collect private or non-public business data.

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Operations

• Provide, operate, maintain, and improve the Service
• Process transactions, manage subscriptions, and handle billing
• Authenticate users and manage account security
• Send transactional communications (receipts, password resets, account alerts, export notifications)

Communication

• Respond to customer support requests and inquiries
• Send marketing communications about new features and promotions (only with your consent; you can opt out at any time via Settings → Notifications or the unsubscribe link in any email)

Analytics & Improvement

• Analyze usage patterns and trends to improve features and user experience
• Conduct research and development for new features
• Monitor and analyze the effectiveness of our Service

Security & Legal

• Detect, prevent, and address fraud, abuse, security threats, and technical issues
• Enforce our Terms of Service and other policies
• Comply with legal obligations, court orders, and governmental requests
• Protect the rights, property, and safety of Devoffice LLC, our users, and the public

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Service, manage your account, and process payments
• Consent (Art. 6(1)(a) GDPR): Marketing communications, non-essential cookies, and analytics tracking — you may withdraw consent at any time
• Legitimate Interests (Art. 6(1)(f) GDPR): Fraud prevention, security monitoring, service improvement, and internal analytics — balanced against your rights
• Legal Obligation (Art. 6(1)(c) GDPR): Compliance with tax laws, financial regulations, court orders, and mandatory reporting requirements

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share data in the following limited circumstances:

Service Providers

We engage trusted third-party companies to perform services on our behalf, including:

• Stripe, Inc. — Payment processing (PCI DSS Level 1 certified)
• Google Analytics — Website analytics and usage tracking
• Google Cloud / Hosting providers — Infrastructure and data hosting
• Firebase — Social authentication services

All service providers are contractually obligated to protect your data, process it only for our specified purposes, and maintain confidentiality.

Legal Requirements

We may disclose your information when required to do so by law, court order, subpoena, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information with third parties when you explicitly authorize us to do so.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. You can manage your cookie preferences through our cookie consent banner or your browser settings.

Types of Cookies We Use

Managing Cookies

You can manage your cookie preferences at any time:

• Cookie Consent Banner: Use the cookie banner at the bottom of the page to accept or reject non-essential cookies
• Browser Settings: Most browsers allow you to block or delete cookies through their settings. Note that blocking strictly necessary cookies may prevent the Service from functioning properly.
• Google Analytics Opt-Out: Install the Google Analytics Opt-Out Browser Add-on

We do not use cookies for third-party behavioral advertising or retargeting.

7. Email Open Tracking

When you use BizSweep's outreach features to send emails, we may embed a small, invisible tracking pixel (a 1x1 pixel transparent image) in the email body. This pixel records when a recipient opens the email and may collect:

• The date and time the email was opened
• The recipient's IP address and approximate location
• The email client or device used to open the email

Important: You, as the sender, are responsible for ensuring your use of email tracking complies with applicable laws in your jurisdiction and the recipient's jurisdiction. Some jurisdictions may require disclosure of tracking pixels in your communications.

BizSweep provides this feature as a tool; we do not independently track recipients or use recipient data for any purpose other than providing open-tracking results to you.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

• Account data: Retained while your account is active, plus 30 days after account deletion to allow recovery
• Search results & lead data: Retained for up to 12 months from creation
• Outreach & email records: Retained for up to 24 months
• Transaction & billing records: Retained for 7 years as required by IRS tax compliance regulations (26 U.S.C. §6001)
• Server & access logs: Retained for 90 days
• Analytics data: Retained for 14 months (Google Analytics default retention)

After the retention period, data is permanently deleted or anonymized. You may request earlier deletion of your data by contacting us (subject to legal retention requirements).

9. Data Security

We implement industry-standard technical and organizational measures to protect your information:

• Encryption in Transit: TLS 1.2/1.3 encryption for all data transmitted between your browser and our servers
• Encryption at Rest: AES-256 encryption for sensitive data stored on our servers
• Password Security: Passwords are hashed using bcrypt with individual salts; we never store plaintext passwords
• Two-Factor Authentication (2FA): Optional TOTP-based 2FA for additional account security
• Access Controls: Role-based access controls and principle of least privilege for internal systems
• DDoS Protection: Infrastructure-level DDoS mitigation and rate limiting
• Payment Security: All payment processing handled by Stripe (PCI DSS Level 1 certified); we never store complete credit card numbers

While we strive to protect your information using commercially reasonable measures, no method of electronic transmission or storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law (including within 72 hours for GDPR-covered individuals and as specified by state breach notification laws).

10. Your Privacy Rights

Regardless of your location, we provide the following rights to all users:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Right to Data Portability: Request your data in a structured, commonly used, machine-readable format (JSON or CSV)
• Right to Opt-Out: Unsubscribe from marketing communications at any time
• Right to Restrict Processing: Request that we limit how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at [email protected]. We will verify your identity and respond within:

• 30 days for general requests
• 45 days for CCPA/CPRA requests (with possible 45-day extension upon notice)
• 30 days for GDPR requests (with possible 60-day extension for complex requests)

We will not discriminate against you for exercising your privacy rights.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

Your CCPA/CPRA Rights

• Right to Know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purposes for collecting the information, and the categories of third parties with whom we share it
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, completing transactions, security)
• Right to Correct: You can request that we correct inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as defined by the CCPA/CPRA. Therefore, this right is automatically fulfilled
• Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (if collected) for purposes permitted under the CPRA
• Right to Non-Discrimination: We will not deny you goods or services, charge you different prices, provide a different level of quality, or suggest you will receive any of the above for exercising your CCPA/CPRA rights

Categories of Personal Information Collected (Last 12 Months)

How to Submit a Request

California residents may submit CCPA/CPRA requests by:

• Emailing [email protected] with subject line "CCPA Request"
• Using the account deletion feature in Settings → Profile

We will verify your identity before processing any request. You may designate an authorized agent to submit requests on your behalf with proper written authorization.

California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. As stated above, we do not share personal information with third parties for their direct marketing purposes.

12. GDPR — European & International Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Your GDPR Rights

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and request a copy
• Right to Rectification (Art. 16): Have inaccurate data corrected without undue delay
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Art. 18): Request restriction of processing in certain circumstances
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used format
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local supervisory authority (data protection authority)

Data Controller

The data controller for your personal data is:

Automated Decision-Making

Our AI-powered lead scoring uses automated processing to assign scores to business leads based on publicly available data. This automated scoring does not produce legal effects concerning you as an individual user and is not used to make decisions about individuals. You may request human review of any automated decision by contacting us.

13. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. There is currently no uniform standard for interpreting DNT signals. We currently do not respond to DNT signals. However, you can manage tracking through our cookie consent banner and by using browser privacy settings or the Google Analytics Opt-Out Add-on.

California's Online Privacy Protection Act (CalOPPA) requires us to disclose how we respond to DNT signals. As stated above, we do not currently respond to DNT signals but provide alternative opt-out mechanisms.

14. Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising as defined under the CCPA/CPRA.

While we use Google Analytics for our own internal analytics purposes, we have configured it to anonymize IP addresses and do not use it to build individual user profiles for advertising purposes. Google Analytics data is used solely for aggregate statistical analysis.

15. Children's Privacy

BizSweep is a business-to-business (B2B) service designed exclusively for professionals and businesses. It is not intended for individuals under the age of 18 (or the applicable age of majority in your jurisdiction).

We do not knowingly collect personal information from children under 13 (or 16 in the EEA). If we become aware that we have collected personal data from a child under the applicable age, we will take immediate steps to delete that information. If you believe a child has provided us with personal information, please contact us at [email protected].

This policy complies with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§6501–6506).

16. Third-Party Links & Services

The Service may contain links to third-party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you visit.

We are not responsible for the content, privacy policies, or practices of any third-party websites or services. Inclusion of a link does not imply endorsement.

17. International Data Transfers

Our servers and operations are located in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States where data protection laws may differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved contractual safeguards for data transfers
• EU-U.S. Data Privacy Framework: Where applicable and certified by our service providers
• Explicit Consent: Where you have explicitly consented to the transfer of your data

By using the Service, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions where we operate.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes:

• We will update the "Last updated" date at the top of this page
• We will post a prominent notice on the Service
• We will send an email notification to registered users for significant changes
• For changes requiring consent under GDPR, we will request your explicit consent

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR complaints, you also have the right to lodge a complaint with your local data protection supervisory authority.