Privacy Policy

1. Introduction

Welcome to Business Impact Analyzer. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information in compliance with the General Data Protection Regulation (GDPR).

2. Data We Collect

We collect and process the following personal data:

• Account Information: Email address and encrypted password
• Usage Data: Scenarios you create, industries and regions you analyze
• Technical Data: IP address, browser type, and device information
• Consent Records: Your consent preferences and timestamps

3. How We Use Your Data

We use your personal data to:

• Provide and maintain our service
• Process and store your scenario analyses
• Improve and optimize our application
• Communicate with you about service updates
• Comply with legal obligations

4. Legal Basis for Processing

We process your personal data based on:

• Consent: You have given clear consent for us to process your data
• Contract: Processing is necessary to provide the service you requested
• Legal Obligation: Processing is necessary to comply with the law

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. You may request deletion of your data at any time through your account settings.

6. Your GDPR Rights

Under GDPR, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, and regular security assessments.

8. Third-Party Services

We use Supabase for data storage and authentication. Supabase is GDPR compliant and processes data in accordance with data protection regulations. Your data is stored securely and encrypted.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

10. Cookies

We use essential cookies to maintain your session and provide core functionality. These cookies are necessary for the service to function and do not require separate consent.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have any questions about this privacy policy or wish to exercise your GDPR rights, please contact us through your account settings or reach out to our data protection officer.