Privacy Policy

bioflyr ("we", "our", "us") operates the website bioflyr.com and the related services that let creators and small sellers publish an online store as a bio link. Our registered contact e-mail is privacy@bioflyr.com.

a) Information you give us directly

• Account data — name, e-mail address, and password when you register.
• Store data — store name, slug, logo, product titles, prices, and images you upload.
• Contact information — WhatsApp number or phone number you add to your store.
• Payment data — PayPal e-mail address. We never store full card numbers; payments are processed by PayPal.
• Messages — any support requests you send us.

b) Information collected automatically

• Usage data — pages viewed, time spent, actions taken inside the dashboard.
• Store visit counts — how many times your store page is visited (no personal data of the visitor is stored).
• Device & browser info — IP address, browser type, operating system, referrer URL, and language preference.
• Cookies & local storage — session tokens, theme preference, and language preference. See our Cookie Policy for details.

c) Images uploaded to Cloudinary

Product and store logo images are uploaded to and hosted by Cloudinary, Inc. Their privacy policy applies to image storage.

• Provide, operate, and improve the bioflyr service.
• Authenticate your identity and protect your account.
• Render your public store page to visitors.
• Send you transactional e-mails (password reset, account notifications). We do not send marketing e-mails without your explicit consent.
• Analyse aggregate usage to improve features (data is anonymised before analysis).
• Comply with legal obligations and enforce our Terms of Service.

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contract — processing necessary to provide the service you signed up for.
• Legitimate interests — analytics and fraud prevention, where our interests are not overridden by your rights.
• Consent — where we explicitly request it (e.g. marketing communications).
• Legal obligation — when required by law.

We do not sell your personal data. We share it only with:

• Vercel — hosting and serverless functions (EU and US regions).
• Cloudinary — image storage and delivery.
• PayPal — payment processing when you enable PayPal on your store.
• Upstash / Redis — rate-limiting and session caching.
• Legal authorities — when required by applicable law or valid legal process.

All third-party processors are contractually bound to handle your data securely and only for the purposes we specify.

We keep your personal data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required by law to retain it longer (e.g. financial records for 5 years).

Anonymised, aggregated analytics data may be retained indefinitely.

Depending on your location you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data ("right to be forgotten").
• Restrict or object to certain processing.
• Receive your data in a portable, machine-readable format.
• Withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, e-mail us at privacy@bioflyr.com. We will respond within 30 days.

bioflyr is operated from Morocco. Your data may be transferred to and processed in the United States and the European Union by our infrastructure providers. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.

We use industry-standard measures including HTTPS/TLS encryption in transit, bcrypt password hashing, JWT session tokens, and regular dependency audits. No system is 100% secure; in the event of a data breach we will notify affected users within 72 hours as required by applicable law.

bioflyr is not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify you by e-mail or a prominent banner on the site. Continued use of bioflyr after the effective date constitutes acceptance of the updated policy.

Questions or concerns about this policy? Contact us:

• E-mail: privacy@bioflyr.com
• Website: bioflyr.com/contact