Privacy policy

bsns.cc is a multi-app business operating system run by bsns.cc, Inc. — a Delaware C-corporation headquartered in California. This page explains what we collect when you use the service, how we use it, who we share it with, and how to get it deleted.

We are a small operation. The policy reflects that — short, specific, and honest about the limits.

What we collect

• Account info. Email, name, hashed password, MFA settings, passkey credentials, tenant memberships, and the apps you have access to.
• Business profile. Tenant name, legal name, employer identification number (EIN), address, phone, and primary contact when you provide them.
• Billing. If you pay us, our payment processor (Stripe) stores card details on your behalf; we see the last 4, expiration, brand, and subscription state.
• App content. Anything you enter into the apps your tenant subscribes to: tasks, comments, invoices, contracts and uploaded files, bookings, expenses and receipts, contacts, and related notes. Vertical apps you enable add their own categories (e.g. employee or applicant records, messages and call metadata, vehicle and trip records). The current set of apps available under your plan is listed on the pricing page. Encrypted in transit and at rest; sensitive fields (e.g. tax IDs, payment tokens, OAuth refresh tokens, MFA secrets, and selected contact details) are additionally application-level encrypted.
• Integration data. When you connect a third-party service (Google Calendar, QuickBooks, Plaid, Stripe, Telnyx/Twilio, Resend, Checkr, etc.), we receive only the data you explicitly authorize or that is needed to provide the feature you turned on. Specifically, for Google Calendar (scope calendar.events), we technically receive permission to create, read, update, and delete events on the calendar you connect. bsns.cc uses that permission only for events you create or manage through rsvp. We do not browse unrelated calendar events, and we do not use Google user data for advertising, credit decisions, or any non-rsvp purpose. We store an encrypted OAuth refresh token so we can push subsequent bookings without prompting again. Similarly, for Zoom (scopes user:read:user + meeting:write:meeting) we receive your Zoom account name, email, and user ID, and permission to create and cancel meetings on your account. We use that only to attach a Zoom meeting to bookings taken through rsvp— we do not read your meetings, recordings, chats, or contacts — and we store an encrypted OAuth refresh token plus the created meeting's ID and join link.
• Operational telemetry. Standard server logs (request paths, status codes, IP address, user-agent) for debugging and abuse detection. Retention 30 days unless attached to an incident investigation.
• Support data. Bug reports, support requests, diagnostic details you submit, and audited staff access when you explicitly ask us to help investigate an issue.

We do not run advertising, embed third-party trackers, sell personal information, share it for cross-context behavioral advertising, or use your content to train AI models.

How we use it

• Run the service you signed up for.
• Send transactional messages (sign-in links, invoice reminders, booking confirmations) using vendor email/SMS providers.
• Push events to a third-party calendar you connected, with the scope you granted.
• Investigate bugs, security incidents, and abuse.
• Comply with legal requests when we have a good-faith basis to do so, scoped as narrowly as we can.

Who we share it with

We use these vendors and service providers. Each receives only what they need to do their job, and only for the feature involved. All are bound by their own data-processing terms or equivalent contractual commitments.

• Vercel — hosting, edge delivery, blob/file storage, deployment logs, and serverless execution.
• Neon — managed Postgres for all app data.
• Stripe — payment processing and subscription billing.
• Intuit / QuickBooks — when you connect QuickBooks for accounting sync.
• Google (Calendar API) — when you connect a Google Calendar to push rsvp events.
• Zoom — when you connect Zoom to rsvp, to create the video meeting attached to a booking.
• Resend — transactional email delivery.
• Telnyx / Twilio — SMS and voice, when you subscribe to an app that uses them.
• Plaid — bank connections for cash/AR/AP dashboards.
• Checkr — background checks, when you subscribe to an app that uses them, with applicant consent.
• Anthropic — receipt OCR and structured extraction when you use tabs receipt scanning, and any other AI-backed features you opt in to.
• Mapping and routing providers — route distance, duration, and map-related features when enabled.

We will update this list when we add a new sub-processor. Material changes are noted in the "Changes to this policy" section below.

Google API services — limited use

bsns.cc's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for serving ads, do not use it to determine credit-worthiness, do not let humans read it (except where you explicitly ask us to for support, or where necessary for security or legal compliance), and do not transfer or sell it except as needed to provide the rsvp calendar feature you authorized.

Zoom — data handling

When you connect Zoom to rsvp, you authorize bsns.ccdirectly; your use of Zoom remains governed by Zoom's own terms and privacy statement. Here is exactly how we handle the Zoom data we receive:

• What we access. Via the user:read:userscope, your Zoom account's name, email, and stable user ID; via meeting:write:meeting, permission to create and cancel meetings on your account. We never request or access meeting recordings, transcripts, chat, participants, or contacts.
• What we store. An encrypted OAuth refresh/access token, your Zoom user ID, account email, and granted scope; and, per booking, the Zoom meeting ID and join URL. Tokens are a sensitive data type and get an additional application-level encryption layer (envelope keys held outside the database) on top of encryption at rest.
• How we use it. Solely to create and cancel the Zoom meeting attached to a booking taken through rsvp. We do not use Zoom data for advertising, do not sell or share it, do not let humans read it (except where you ask us to for support or where required for security or law), and do not use it to train AI models.
• How to revoke & delete. Disconnect Zoom anytime at rsvp /settings (we revoke the token at Zoom and delete the stored connection), or remove the app from the Zoom App Marketplace. When you uninstall from Zoom, Zoom notifies our deauthorization endpoint and we hard-delete your stored Zoom tokens and connection.

Security

We hold data on managed infrastructure (Vercel + Neon) with encryption in transit (TLS) and encryption at rest. Sensitive fields — tax IDs, OAuth refresh tokens, MFA secrets, certain contact details — get an additional application-level encryption layer with envelope keys held outside the database. We design the system around tenant isolation, including Postgres row-level security for tenant-scoped tables, MFA support, least-privilege runtime database roles, and audit logs for administrative actions.

No system is perfectly secure. If you discover a vulnerability, email security@bsns.cc and we'll respond within two business days.

Retention

• Account info — kept for the life of the account. Deleted or de-identified within 30 days of account cancellation, except where we need to retain it for billing, tax, audit, security, dispute-resolution, backup, or legal-hold reasons.
• App content — kept for the life of the account. Soft-deleted records are purged 30 days after deletion where the product supports purge. Deleted or de-identified within 30 days of account cancellation, except for backups, audit logs, executed contracts, billing/tax records, legal holds, security incidents, and other records we must preserve to operate the service or comply with law.
• Integration tokens — kept until you disconnect the integration. Revoked and deleted on disconnect.
• Operational logs — 30 days, longer if attached to a security incident.
• Audit logs — seven years (regulatory + dispute-resolution window).
• Billing records — seven years for tax compliance.
• Backups — retained on the backup schedule, then overwritten or destroyed in the ordinary course. Deletion requests are applied to the live system first and flow out of backups as they expire.

Your rights

Regardless of where you live, you can do all of the following by emailing hello@bsns.cc — we'll respond within seven days:

• Export a copy of your data (JSON + CSV where it makes sense).
• Delete your account and everything associated.
• Disconnect a third-party integration (you can also do this in the app: rsvp /settings, etc.).
• Correct anything that's wrong.

California privacy rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you specific rights. This section uses the statutory terminology so regulators can audit it.

Categories of personal information we collect

In the past 12 months we have collected the following categories of personal information about consumers, sourced directly from you, from your authorized integrations, from your employer or business tenant when it invites you, or generated by your use of the service:

• Identifiers (name, email, account IDs, IP address).
• Customer records (account credentials hashed; phone; mailing address).
• Commercial information (subscription, billing state).
• Internet or network activity (request logs, user-agent, page interactions in our apps).
• Geolocation or route-related information when you use booking, dispatch, map, or routing features (where available in your plan).
• Audio, electronic, visual, or similar information when you upload files, send messages, attach images, or use SMS/voice features.
• Professional or employment information when you subscribe to HR or workforce apps and enter it.
• Background-check information when background-check features are enabled in your plan and used with applicant consent.
• Inferences drawn from the above to operate the product (e.g. which apps you use).

Sensitive personal information

We collect the following categories of sensitive personal information, used only to provide the service you requested and to verify identity, prevent fraud, and ensure security — never for inferences about your characteristics:

• Account log-in credentials (hashed).
• Government identifiers when you provide them (e.g. EIN for a business tenant; tax IDs entered into accounting features).
• Financial account information you connect (Stripe customer ID, Plaid bank linkage, payment tokens, and accounting integration tokens).
• Precise geolocation if a feature you enable collects precise route or dispatch location.
• Message contents when you use communication features to send or receive SMS, email, voice, notes, or support messages.
• Biometric information only if you choose to register a passkey; we store the passkey credential metadata, not your fingerprint or face data.

Purposes & retention

Each category above is collected to operate the service, secure accounts, process payments, comply with legal obligations, and respond to support requests. Retention follows the schedule in the retention section.

Sale or sharing of personal information

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. Because we do not engage in either, no "Do Not Sell or Share My Personal Information" opt-out is required. If this ever changes, we will update this policy and post a clear opt-out link.

Your California rights

• Right to know — what personal information we have collected about you, the sources, the purposes, and the categories of third parties we share it with.
• Right to delete — request deletion of personal information we have collected.
• Right to correct — request correction of inaccurate personal information.
• Right to limit use — restrict use of sensitive personal information to the purposes necessary to provide the service.
• Right to non-discrimination — we will not discriminate against you for exercising any of these rights. We do not offer financial incentives in exchange for personal information.

To exercise any of these rights, email hello@bsns.cc. We will verify the request by confirming control of the email associated with the account, and respond within 45 days (the statutory window). Authorized agents may submit requests on your behalf with written permission.

Children's privacy

bsns.cc is a business product. It is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us personal information, email hello@bsns.cc and we will delete it.

International transfers

bsns.cc is operated from the United States and our infrastructure (Vercel, Neon) is hosted in the United States. We do not currently market the service to residents of the European Economic Area, United Kingdom, or Switzerland, and we do not maintain a GDPR-specific compliance program. If you are located outside the United States and choose to use the service, you understand your information will be transferred to and stored in the United States.

Data processing agreements

Business customers who need a signed data processing agreement can request one by emailing hello@bsns.cc. Our DPA covers the standard processor obligations: scope of processing, sub-processor commitments, security measures, breach notification, audit rights, and deletion at termination.

Changes to this policy

We may update this policy as the product changes, vendors change, or law changes. Material changes will bump the "Last updated" date at the top, and for changes that affect what we collect or who we share it with we will email the primary contact on each paid tenant. Continued use of the service after the change date means you accept the updated policy.

Contact

General privacy questions: hello@bsns.cc. Security reports: security@bsns.cc. Graham handles every privacy request personally — there is no ticketing system to hide behind.