Privacy Policy

Privacy Policy 

Last Updated: 15 August 2025

1) Who We Are & Scope

This Privacy Policy describes how BLUEB TECH UK LTD (“we/us”) processes personal data in connection with the BlueB ERP web application (the “Service”). It does not cover unrelated websites unless stated.

Controller:
BLUEB TECH UK LTD, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Company Number: 15522090 — ICO Registration: ZB782232 — [Tax Office No.: 623]
Privacy/DSAR contact:  Privacy@bluebtech.net

Processor role: For Customer Data in the ERP (e.g., invoices, suppliers, customers, files within your tenant), we act as a processor under your instructions and a Data Processing Agreement (DPA).

2) Personal Data We Collect

  • Account Data: name, email, phone, company, country/address (as needed), account settings.
  • Billing Data: billing address, VAT number (if any), payment identifiers from Stripe; we do not store full card data.
  • Usage/Diagnostics: IP address, device/browser type, session identifiers, crash/error/performance logs.
  • Support Data: communications and attachments.
  • Customer Data in ERP (within your private tenant): content you upload and process in the Service.
  • Sensitive Personal Information: not collected under CPRA definitions.

We do not use analytics/advertising trackers (no Google Analytics; no ad SDKs).

3) Cookies & Similar Technologies

Our web app may use strictly necessary cookies only (e.g., session/authentication). We do not set analytics or advertising cookies by default.

4) Purposes & Legal Bases (UK GDPR)

  • Provide and administer the Service: contract.
  • Billing, tax, compliance: legal obligation.
  • Security, fraud prevention, stability: legitimate interests (with right to object).
  • Transactional communications: contract/legal obligation.
  • Marketing emails (only if you opt in): consent (withdrawable anytime).

5) Emails We Send

  • Transactional/Service: account verification, password resets, security alerts, invoices, support updates.
  • Marketing/Newsletters: only with your explicit consent (opt-in). Unsubscribe links are provided.
    We use Brevo (Sendinblue) to deliver emails.

6) Disclosures to Service Providers

We share data with providers solely to operate the Service:

  • Hosting/Servers: Contabo.
  • Email delivery: Brevo (Sendinblue).
  • Payments: Stripe (card data processed and stored by Stripe).
    We may also share data with professional advisors or to comply with law/requests.

7) Locations & International Transfers

Your data may be processed on infrastructure provided by Contabo [in the UK/EEA]. Where a restricted transfer occurs outside the UK/EEA, we rely on appropriate safeguards (e.g., UK IDTA / UK Addendum) and conduct transfer risk assessments where appropriate.

8) Retention & Deletion

  • Account Data: retained for the subscription term; upon termination we retain it for 1 month for legitimate purposes (accounting/support) and then delete or anonymize it.
  • Backups: may persist for up to 3 months before automated purge.
  • Customer Data in ERP: deleted/returned per the DPA and deletion schedule after termination, subject to backup cycles above.

9) Security & Incident Notice

We implement reasonable technical and organizational safeguards (encryption in transit, access controls, log monitoring). If a breach triggers notification duties, we will notify the ICO and affected individuals as required (e.g., within 72 hours where applicable).

10) Your Rights (UK GDPR)

You have rights to access, rectify, erase, restrict, object, data portability, and not to be subject to solely automated decisions. Contact  Privacy@bluebtech.net. You may also lodge a complaint with the UK ICO.

11) California Privacy (CCPA/CPRA)

  • Notice at Collection: We collect identifiers (name, email, phone), professional information (company), commercial info (subscription/billing), and internet activity (app/web logs). Purposes and retention are described above.
  • Consumer rights: know/access, correct, delete, non-discrimination, and opt out of sale/share.
  • Sale/Share: We do not sell or share personal information for cross-context behavioral advertising; therefore, we do not display a “Do Not Sell or Share…” link.
  • Sensitive PI: not collected/used.
  • GPC: We honor Global Privacy Control (where applicable to our web interface) as a valid opt-out signal.

12) CalOPPA & Do Not Track (DNT)

We do not engage in third-party behavioral tracking. There is no industry standard for DNT signals today; we will update this section if that changes.

13) Children

The Service is for adults only. We do not allow users under 16 and do not knowingly collect children’s data.

14) Changes to This Policy

We will post updates here and adjust the “Last Updated” date. Continued use indicates acceptance of the updated policy.

15) Contact Us

Privacy/DSAR:  Privacy@bluebtech.net
Address: BLUEB TECH UK LTD, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK.

Scroll to Top