Privacy policy

1. Scope

This Privacy Policy applies to BayStore websites, public documentation, sales intake, customer account administration, support communications, and product-instance services. It does not replace a customer agreement, Data Processing Addendum, or product-specific privacy terms approved in writing.

2. Information we collect

Depending on your interaction with BayStore, we may collect:

• Identifiers: name, work email, company, role, account identifiers, and billing contact details.
• Commercial information: selected products, plans, orders, subscriptions, invoices, payment status, and sales communications.
• Service metadata: product key, instance id, lifecycle state, access metadata, credential reference, audit correlation id, backup metadata, and operator-action records.
• Technical information: IP address, device and browser data, logs, timestamps, diagnostic events, and security signals.
• Support and communications: messages, demo requests, procurement details, security questions, and feedback.
• Customer content: content or configuration you choose to place in a product instance, where BayStore operates the service for you.

3. Sources

We collect information directly from you, from your organization, from service usage, from payment and infrastructure providers, from security and observability tools, and from public or business-contact sources used for sales and support.

4. How we use information

BayStore uses information to:

• respond to demo, sales, support, legal, and security requests;
• create accounts, process orders, manage subscriptions, and provide customer access;
• provision, operate, monitor, recover, suspend, resume, upgrade, or retire product instances;
• maintain audit trails, correlation identifiers, billing records, and lifecycle evidence;
• secure the service, investigate abuse, prevent fraud, and enforce terms;
• comply with legal, tax, accounting, security, and contractual obligations;
• improve product quality, documentation, support, and reliability.

5. Legal bases where required

Where GDPR-style legal bases apply, BayStore may process personal information to perform a contract, take steps before entering a contract, comply with legal obligations, protect legitimate interests such as service security and business operations, or with consent where required.

6. Disclosures

We may disclose information to:

• infrastructure, hosting, database, security, observability, email, support, payment, and authentication providers;
• professional advisors, auditors, insurers, and legal representatives;
• affiliates, acquirers, or successors in a merger, financing, acquisition, restructuring, or sale of assets;
• government, law-enforcement, or regulatory authorities where required by law or necessary to protect rights, safety, or security;
• customer administrators or authorized users according to account permissions.

7. Sale, sharing, and targeted advertising

The current static marketing bundle does not load third-party advertising pixels or behavioral advertising scripts, and BayStore does not sell personal information as a business model. If production analytics, advertising, or cross-context behavioral advertising are introduced, this policy and consent controls must be updated before deployment.

8. Cookies and local storage

The current public site stores one local preference for the cookie notice. Production authentication, payment, dashboard, support, or analytics systems may require additional cookies. See the Cookie Policy for the current static-site behavior.

9. Retention

BayStore retains information for as long as needed to provide services, maintain audit and lifecycle records, satisfy legal or accounting obligations, resolve disputes, enforce agreements, and protect the service. The final production policy should attach a detailed retention schedule for account, billing, audit, support, and product-instance records.

10. International transfers

BayStore may process information in countries where BayStore, its affiliates, or subprocessors operate. Where required, transfers should be supported by an approved transfer mechanism such as standard contractual clauses, a data-transfer addendum, or another lawful mechanism.

11. Security

BayStore uses administrative, technical, and organizational measures designed to protect personal information, including access controls, audit trails, tenant-isolation boundaries, service monitoring, and lifecycle-state tracking. No method of transmission or storage is completely secure.

12. Your privacy rights

Depending on your location and relationship to BayStore, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about disclosures. California residents may have rights to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and be free from discrimination for exercising rights. BayStore will respond according to applicable law and may need to verify your request.

13. Customer-controlled data

If BayStore processes personal information on behalf of a customer, the customer may be the controller or business and BayStore may be the processor or service provider. End users should contact the relevant customer first when exercising privacy rights about customer-controlled data.

14. Children

BayStore services are intended for business use and are not directed to children. BayStore does not knowingly collect personal information from children through the public site.

15. Changes

BayStore may update this Privacy Policy by posting a revised version with a new effective date. Material changes should be communicated through reasonable channels where customer accounts are affected.

16. Contact

Send privacy requests to [email protected]. Security reports should go to [email protected]. Legal notices should go to [email protected].