Privacy Policy

Beez is owned and operated by BAC (BOOKING APPOINTMENT COWLENDAR), a company incorporated in France, registered under SIRET number 98928406200019, headquartered at 14 Rue Charles V, 75004 Paris, France. We are the data controller for the purposes of applicable data protection law, including the GDPR.

For any privacy-related inquiries, you may contact us at: hello@subscribee.app.

We collect different categories of data depending on how you interact with the Service:

• Merchant account data: Name, email address, Shopify store URL, billing information, and account preferences provided during onboarding.
• Subscription & order data: Products, pricing, billing intervals, subscription statuses, payment methods (tokenized), and order history processed through your Shopify store.
• Customer data (end-customers): Your store's customer names, emails, delivery addresses, and subscription preferences — processed on your behalf as a data processor.
• Usage data: App interactions, feature usage frequency, pages visited, device type, browser, and IP addresses.
• Support communications: Messages, requests, and attachments you send us through the contact form, email, or in-app chat.
• Cookies & analytics: We use cookies and similar technologies on our marketing website to understand traffic sources and improve our content. See Section 9 for details.

We process your data for the following purposes and legal bases:

• Contract performance: To provide, maintain, and improve the Beez app and process subscription transactions on your behalf.
• Legitimate interest: To analyze usage patterns, prevent abuse, improve product features, and send relevant product updates.
• Legal obligation: To comply with applicable French and EU laws, tax obligations, and law enforcement requests.
• Consent: To send marketing communications — you may withdraw consent at any time.

We do not sell your personal data. We share data only with trusted third-party providers who help us operate the Service:

• Shopify Inc. — our primary integration partner; they process data per their own policies.
• Stripe — payment tokenization and processing; card details are never stored on our servers.
• Supabase — secure cloud database hosted in the EU.
• Resend / Email providers — transactional email delivery.
• Analytics tools — anonymized usage analytics only.

All subprocessors are contractually bound by data processing agreements compliant with GDPR requirements.

We retain personal data for as long as necessary to provide the Service and comply with our legal obligations. Specifically:

• Merchant account data: retained for the duration of your subscription plus 3 years.
• Transactional data: retained for 10 years per French accounting regulations.
• Support conversations: retained for 3 years after the last interaction.
• Usage logs: anonymized after 13 months.

Upon account deletion, we purge identifiable personal data within 30 days, unless we are required by law to retain it longer.

We take data security seriously. Our measures include:

• All data in transit is encrypted via TLS 1.2+.
• Database data is encrypted at rest using AES-256.
• Access to production systems is restricted to authorized personnel with MFA.
• Regular security audits and vulnerability assessments.
• PCI-DSS compliant payment handling via Stripe — we never store raw card data.

Despite these measures, no system is 100% secure. We will notify you promptly of any data breach that materially affects your personal data, as required by GDPR Article 34.

If you are located in the European Union, you have the following rights:

• Right of access — request a copy of the data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data (“right to be forgotten”).
• Right to restriction — limit how we process your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interest or for direct marketing.

To exercise any of these rights, contact us at hello@subscribee.app. We will respond within 30 days. If you believe we have violated your rights, you may also lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés).

We are based in France and primarily process data within the European Economic Area (EEA). When data is transferred outside the EEA (e.g., to a subprocessor in the United States), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Our marketing website uses cookies to provide essential functionality, measure performance, and personalize content. You can manage your cookie preferences via the consent banner on your first visit. Strictly necessary cookies cannot be disabled as they are required for the Service to function.

We do not use cookies to track you across third-party websites for advertising purposes.

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us so we can delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notification at least 30 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

For any questions, concerns, or to exercise your data rights, please contact our Data Protection Officer at: