Legal

Privacy Policy

We take your privacy seriously. This policy explains what we collect, why, and the choices you have.

Last updated · July 8, 2026

1. Who we are

Bcasfintech SL ("Bcasfintech", "we", "our") operates the Bcasfintech platform and this website. We act as the data controller for personal data processed through your account and as a data processor for content you submit into your AI workspaces.

2. Data we collect

  • Account data: first name, last name, email, hashed password.
  • Billing data: credit purchases, invoices, payment method (e.g. bank transfer reference). We do not store full card numbers.
  • Usage data: conversations you run through our assistant, prompts, responses, credit usage, timestamps, and IP address.
  • Device data: browser, OS, and diagnostic information needed to keep the service secure.

3. How we use your data

  • Provide, secure, and improve the platform.
  • Process credit purchases and send transactional emails (order confirmation, bank details, receipts).
  • Detect abuse and fraud, and comply with legal obligations.
  • With your consent, send product updates. You can unsubscribe at any time.

4. Legal bases (GDPR)

We process personal data under one or more of: performance of a contract with you, our legitimate interests in operating a secure product, your consent (for marketing and non-essential cookies), and compliance with legal obligations.

5. Sharing and subprocessors

We share data only with vetted subprocessors that help us run the service (hosting, email delivery, analytics, payment processing). We do not sell personal data. A current list of subprocessors is available on request at [email protected].

6. Retention

Account data is retained while your account is active and for up to 24 months after closure, unless a longer period is required by law (e.g. tax records for invoices). You can request earlier deletion at any time.

7. Your rights

You can access, correct, export, restrict, or delete your personal data, and withdraw consent where processing is based on consent. Contact [email protected] and we will respond within 30 days.

8. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is limited to authorized personnel with MFA. No system is perfectly secure — report vulnerabilities to [email protected].

9. International transfers

Where personal data is transferred outside your region, we rely on Standard Contractual Clauses or equivalent safeguards.

10. Contact

Questions or requests: [email protected].

This page is maintained by Bcasfintech to answer common questions about our service. It is not a legal certification and does not create a contract beyond our Terms of Service. For legal questions contact [email protected].