RefactorBiz
Your Privacy is Our Priority

Privacy Policy

We're committed to protecting your privacy and being transparent about how we collect, use, and protect your business information. This policy explains our practices in clear, professional terms designed for enterprise decision-makers.

Last Updated: September 1, 2025

Privacy At-a-Glance

What We Collect

Only essential business information: account data, business context for analysis, and usage analytics. No sensitive personal data.

How We Secure

Enterprise-grade encryption, Firebase infrastructure, and strict access controls. Your data is never used to train our AI models.

What We Never Do

We never sell your data, share with competitors, or use for advertising. Your business intelligence stays confidential.

Your Rights

Full control over your data: access, modify, export, or delete anytime. GDPR and CCPA compliant with enterprise-grade support.

Policy Navigation

1

Information We Collect

Essential data for providing enterprise AI services

Account & Profile Information

Email Address

Used for account creation, authentication, security notifications, and essential service communications. Never used for marketing without explicit consent.

Profile Information

Name, username, and optional profile picture you provide. Used for account personalization and professional interaction within the platform.

Subscription Details

Current tier (Core, Pro, Enterprise), billing information (handled by Stripe), and usage limits for feature access management.

Business & Usage Data

Business Context

Strategic information you provide for AI analysis including industry, company size, market context, and business challenges. Kept strictly confidential.

Conversation History

AI interactions stored based on your tier level (Core: none, Pro: 20, Enterprise: 150). Used solely for context continuity and your reference.

Platform Analytics

Feature usage patterns, generation counts, and performance metrics. Aggregated and anonymized for service improvement and capacity planning.

What We DON'T Collect

Credit card or payment information (processed by Stripe, never stored by us)
Passwords (managed securely by Firebase Authentication)
Browsing history outside our platform
Personal files or documents from your devices
Location data or GPS coordinates
Social media profiles or connections
Employee or customer personal data
Business Confidentiality Commitment
We understand that business context contains sensitive strategic information. All business data is treated as confidential and is never used to train our AI models or shared with other users.
2

How We Use Information

Legitimate business purposes for data processing

Core Service Delivery

  • AI Analysis Generation: Process your business context to generate role-specific insights and strategic recommendations
  • Feature Access Management: Control access to Core, Pro, and Enterprise features based on your subscription
  • Context Continuity: Maintain conversation history for intelligent chaining and follow-up analysis
  • Professional Reports: Generate PDF exports and structured analysis documents

Account & Security Management

  • Authentication: Verify your identity and maintain secure access to your account
  • Usage Monitoring: Track generation limits and prevent abuse of service resources
  • Security Alerts: Notify you of suspicious activity or security-related account changes
  • Support Services: Provide technical assistance and troubleshooting when requested

Service Improvement

  • Performance Analytics: Analyze aggregated usage patterns to optimize platform performance
  • Feature Development: Understand which tools provide the most value to prioritize enhancements
  • Capacity Planning: Ensure adequate infrastructure to handle user demand
  • Quality Assurance: Monitor system performance and identify technical issues

Essential Communications

  • Service Updates: Notify you of new features, maintenance, or service changes
  • Security Notices: Alert you to important security updates or policy changes
  • Billing Information: Send subscription confirmations, invoices, and payment status updates
  • Account Management: Respond to your requests for support, data access, or account changes
What We Never Use Your Data For
We never use your business information for: Training our AI models, marketing to competitors, advertising purposes, selling to third parties, or any purpose not directly related to providing you with RefactorBiz services.
3

Data Security & Protection

Enterprise-grade security measures and protocols

Infrastructure Security

  • Firebase Infrastructure: Built on Google's enterprise-grade security architecture with 99.95% uptime SLA
  • Data Encryption: AES-256 encryption at rest and TLS 1.3 encryption in transit for all data
  • Secure Authentication: Multi-factor authentication support and OAuth integration
  • Regular Security Audits: Continuous monitoring and security assessments

Access Controls

  • Principle of Least Privilege: Staff access limited to minimum necessary for job functions
  • Role-Based Permissions: Strict access controls based on employee roles and responsibilities
  • Activity Logging: Complete audit trails of all system access and data operations
  • Data Isolation: Your data is completely isolated from other users in our system

Data Protection Measures

  • Backup & Recovery: Automated backups with geographic redundancy and disaster recovery procedures
  • Intrusion Detection: 24/7 monitoring for suspicious activity and potential security threats
  • Vulnerability Management: Regular security updates and patch management
  • Incident Response: Established procedures for security incident handling and user notification
AI Model Training Policy
Critical Commitment: Your business data, conversation history, and strategic context are NEVER used to train our AI models. Each analysis is processed independently with complete data isolation between users.
4

Data Sharing & Third Parties

Limited, secure sharing only when necessary

Service Providers We Work With

  • Stripe (Payment Processing): Handles all payment transactions with PCI-DSS compliance. We never see your payment details.
  • Firebase (Google Cloud): Provides authentication, database, and hosting services with enterprise security standards.
  • AI Service Providers: Process your business context to generate analysis, with strict confidentiality agreements.
  • Support Tools: Limited access for customer service and technical support when you request assistance.

Legal Requirements

We may disclose information only when required by law:

  • Response to valid legal process (subpoenas, court orders)
  • Protection of our legal rights and property
  • Investigation of fraud or security violations
  • Compliance with regulatory requirements

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the business, but only with:

  • Advance notice to all users
  • Commitment from acquiring party to honor this privacy policy
  • Option for users to delete their data before the transfer
Third-Party Agreements
All third-party service providers sign comprehensive data processing agreements (DPAs) with strict confidentiality clauses, security requirements, and limitations on data use.
5

Data Retention & Storage

How long we keep your information and why

Retention Periods by Data Type

  • Account Information: Retained while your account is active, plus 30 days after deletion for recovery
  • Conversation History:
    • Core Tier: Not stored
    • Pro Tier: Up to 20 conversations, deleted when limit exceeded
    • Enterprise Tier: Up to 150 conversations, deleted when limit exceeded
  • Usage Analytics: Aggregated data retained for 2 years for service improvement
  • Financial Records: 7 years for tax and regulatory compliance (handled by Stripe)

Data Storage Locations

  • Primary Storage: Google Cloud Platform data centers in the United States
  • Backup Storage: Geographically distributed backups for disaster recovery
  • Processing Locations: AI analysis may occur in multiple regions for performance optimization
  • Data Sovereignty: All data processing complies with applicable data protection laws

Automatic Data Deletion

  • Conversation Limits: Oldest conversations automatically deleted when tier limits exceeded
  • Account Deletion: All personal data permanently deleted 30 days after account closure
  • Expired Sessions: Temporary session data cleared after 24 hours of inactivity
  • Error Logs: System logs automatically purged after 90 days
Data Deletion Guarantee
When you request account deletion, ALL personal data is permanently and irreversibly deleted within 30 days. This includes all conversations, business context, and profile information. After deletion, data cannot be recovered.
6

Your Rights & Controls

Complete control over your personal and business data

Access Your Data

Request a complete copy of all personal data we hold about you in a machine-readable format.

Update Information

Modify your profile, email, subscription preferences, or other account details anytime through your settings.

Export Your Data

Download your conversation history, analysis reports, and account information in portable formats.

Delete Your Account

Permanently delete your account and all associated data with complete removal within 30 days.

Restrict Processing

Limit how we process your data while maintaining your account access and core functionality.

Object to Processing

Object to certain types of data processing while continuing to use RefactorBiz services.

How to Exercise Your Rights

  • Account Settings: Most data management can be done directly in your account dashboard
  • Email Request: Contact privacy@refactorbiz.com for complex requests or assistance
  • Support Portal: Submit requests through our enterprise support system
  • Identity Verification: We may require identity verification for security purposes
Response Timeframes
Data Requests: Acknowledged within 72 hours, fulfilled within 30 days. Account Deletion: Completed within 30 days. Access Requests: Provided within 14 days for active accounts.
7

Cookies & Tracking

How we use cookies and tracking technologies

Essential Cookies

  • Authentication Cookies: Maintain your login session and account security
  • Security Cookies: Protect against cross-site request forgery and other attacks
  • Preference Cookies: Remember your dashboard settings and user interface preferences
  • Session Cookies: Enable core platform functionality and conversation continuity

Analytics Cookies

  • Usage Analytics: Understand how users interact with different features
  • Performance Monitoring: Track page load times and system performance
  • Error Tracking: Identify and resolve technical issues
  • Feature Analytics: Measure effectiveness of new features and improvements

What We Don't Use

  • Advertising Cookies: No tracking for advertising or marketing purposes
  • Social Media Pixels: No tracking pixels from social platforms
  • Cross-Site Tracking: No following your activity on other websites
  • Third-Party Analytics: No Google Analytics or similar external tracking

Cookie Management

You can control cookies through:

  • Your browser settings to block or delete cookies
  • Our cookie preferences center (accessible in your account settings)
  • Opting out of non-essential cookies while maintaining core functionality
Cookie Policy Summary
We use minimal, essential cookies for platform functionality and security. No advertising or behavioral tracking cookies are used. You can disable non-essential cookies without affecting core RefactorBiz features.
8

International Data Transfers

How we handle data across borders

Data Transfer Framework

  • Primary Processing: United States (Google Cloud Platform infrastructure)
  • EU Data Protection: GDPR compliance with appropriate safeguards for EU users
  • UK Data Protection: UK GDPR compliance for users in the United Kingdom
  • Standard Contractual Clauses: Use of approved SCCs for international transfers

Regional Protections

  • European Union: Full GDPR compliance with data subject rights and processing lawfulness
  • California (CCPA): California Consumer Privacy Act compliance for California residents
  • Canada (PIPEDA): Personal Information Protection and Electronic Documents Act compliance
  • Other Jurisdictions: Local data protection law compliance as applicable

Transfer Safeguards

  • Encryption: All data encrypted in transit and at rest during transfers
  • Access Controls: Strict limitations on who can access transferred data
  • Legal Protections: Contractual safeguards with all data processors
  • Regular Audits: Compliance monitoring for all transfer mechanisms
Global Compliance Commitment
RefactorBiz operates with the highest global data protection standards, ensuring your data is protected regardless of processing location through appropriate legal safeguards and security measures.
9

Policy Updates

How we handle changes to this privacy policy

When We Update This Policy

We may update this Privacy Policy to reflect:

  • Changes in our data processing practices
  • New features or services we offer
  • Changes in applicable privacy laws
  • Feedback from users and privacy advocates
  • Security improvements or best practice updates

How We Notify You

For any material changes, we will:

  • Email Notification: Send advance notice to all registered users
  • Platform Notice: Display prominent notifications when you log in
  • Website Updates: Post changes on our website with highlighting
  • Archive Versions: Maintain historical versions for reference

Your Options

When we make significant changes:

  • 30-Day Notice: Advance notification for substantial policy changes
  • Opt-Out Period: Time to object or delete your account before changes take effect
  • Continued Use: Using RefactorBiz after changes constitutes acceptance
  • Account Deletion: Option to delete your account if you disagree with changes
Change Notification Promise
We commit to transparent communication about privacy policy changes with clear explanations of what's changing, why, and how it affects you. No surprises or hidden changes.

Privacy Questions & Support

Our privacy team is committed to transparency and responsive support. Contact us with any questions about your data, privacy rights, or this policy.

Contact Support team@refactorbiz.com
RefactorBiz, Inc. • Delaware, United States
72-hour response guarantee for all privacy inquiries