Privacy Policy

1. Who we are

BizEnzo (“we”, “our”, or “us”) operates the BizEnzo platform at bizenzo.com — a business management SaaS that provides online booking, CRM, invoicing, and marketing tools for local businesses across Canada. This Privacy Policy describes how we collect, use, store, and disclose personal information about visitors to our marketing website, administrators who sign up for a BizEnzo account (“Business Owners”), and their end customers who interact with booking pages or communications (“End Users”).

2. Information we collect

We collect information you provide directly (name, email address, phone number, business details) when you create an account or make a booking. We also collect information automatically through cookies, server logs, and similar technologies — including IP address, browser type, pages visited, and referring URLs. Payment information is collected by our payment processor (Stripe) and we receive only tokenised references; we never store raw card numbers.

Business Owners may import or enter data about their own customers. In those cases the Business Owner is the data controller for that customer data, and BizEnzo processes it solely on their behalf as a data processor.

3. How we use your information

We use personal information to: operate and improve the BizEnzo platform; send transactional emails such as booking confirmations, invoices, and password resets; respond to support requests; analyse aggregate usage patterns to inform product decisions; and, where consent has been obtained, send marketing communications. We do not sell personal information to third parties.

4. Sharing and disclosure

We share personal information with trusted third-party service providers that help us deliver the platform — including Stripe (payments), Resend (transactional email), Twilio (SMS), Vercel (hosting), and Neon (database hosting). Each provider is bound by appropriate data processing agreements. We may disclose information if required by law, to protect legal rights, or in connection with a merger or acquisition (with notice to affected users).

5. Data retention

We retain account data for as long as your subscription is active and for up to 90 days after termination (to allow reactivation). Booking and invoice records are retained for seven years to satisfy Canadian tax and accounting obligations. You may request deletion of personal data by contacting us at privacy@bizenzo.com; we will action requests within 30 days subject to any legal retention requirements.

6. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, regular vulnerability scanning, and role-based access controls. All database credentials and API keys are stored as environment secrets and never committed to source control. For more details, see our Security page.

7. Cookies

We use strictly necessary cookies to maintain your authenticated session, and optional analytics cookies (Plausible Analytics — privacy-preserving, no cross-site tracking) to understand how visitors use the site. You can opt out of analytics cookies at any time without affecting your ability to use the platform. We do not use advertising or third-party tracking cookies.

8. CASL consent & commercial electronic messages

Canada's Anti-Spam Legislation (CASL) requires that we obtain express or implied consent before sending commercial electronic messages (CEMs) — including marketing emails and SMS — to Canadian recipients.

Express consent is obtained when you explicitly check an opt-in box at sign-up or subscription. We record a timestamp, the consent mechanism used, and the IP address at the time of opt-in. This record is retained for the duration of the relationship plus three years.

Implied consent may apply where you have an existing business relationship with us (e.g., you are a current subscriber) or where you have conspicuously published your contact information. Implied consent expires after two years of no business relationship or upon an unsubscribe request.

Every CEM we send includes a clear sender identification, our postal address, and a prominent one-click unsubscribe link that takes effect within 10 business days. To unsubscribe immediately, click “Unsubscribe” in any email we send, or email privacy@bizenzo.com with “Unsubscribe” in the subject line.

Business Owners using BizEnzo to send marketing messages to their own customers are independently responsible for CASL compliance. BizEnzo provides CASL-compliant unsubscribe infrastructure and consent-tracking tools but does not assume the role of sender for Business Owner campaigns.

9. Your rights

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, you have the right to access, correct, and request deletion of your personal information. To exercise these rights, or to lodge a privacy complaint, contact our Privacy Officer at privacy@bizenzo.com. If you are unsatisfied with our response you may escalate to the Office of the Privacy Commissioner of Canada.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a prominent notice in the dashboard at least 14 days before they take effect. Your continued use of BizEnzo after changes take effect constitutes acceptance of the revised policy.