Privacy Policy¶
Effective date: [DATE] · Last updated: [DATE]
This Privacy Policy explains how [Budhil Ltd] ("Budhil", "we") handles personal data when you use Budhil (the "Service"). Contact us at [privacy@budhil.com].
Two roles — please read this first¶
- For merchant account data (your name, email, login, billing), Budhil is the data controller.
- For your store's customer data (the people who buy from your store), you, the merchant, are the controller and Budhil is your data processor — we process that data only to run your store on your behalf, under these terms and our Terms of Service.
Data we collect¶
From merchants (we control): - Account details — name, email, password hash, two-factor settings. - Billing details — plan, and payment metadata (card processing is handled by our payment provider; we don't store full card numbers). - Usage and technical data — log data, IP address, device/browser info, and actions in the admin, used to operate and secure the Service.
On behalf of merchants (we process): - Store and order data — products, orders, customer names, addresses, emails, and order contents a merchant's customers provide at checkout. - Marketing opt-ins — newsletter subscribers a store collects.
How we use data¶
- To provide, secure, and improve the Service.
- To process your subscription and communicate with you about your account.
- To send transactional emails (order confirmations, recovery emails) on a merchant's behalf.
- To comply with legal obligations and prevent fraud or abuse.
Legal bases (where GDPR/UK GDPR applies): performance of our contract with you; our legitimate interests in operating and securing the Service; your consent (where required, e.g. marketing); and legal obligations.
Sharing & sub-processors¶
We don't sell personal data. We share it only with service providers who help us run the Service, under appropriate safeguards:
| Sub-processor | Purpose |
|---|---|
| Stripe | payment processing & merchant payouts |
| [Resend] | sending transactional email |
| [Hosting provider] | server hosting / infrastructure |
We may also disclose data where required by law, or to protect rights, safety, and the integrity of the Service.
International transfers¶
Where data is transferred across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses) as required by applicable law.
Security¶
We protect data with measures including encryption at rest, mandatory two-factor authentication for admin accounts, rate limiting, and strict tenant isolation (each store is a separate database). No system is perfectly secure, but we work to protect your data and will notify you of breaches as required by law.
Retention¶
We keep merchant account data while your account is active and as needed for legal, tax, and accounting purposes. Store/customer data is retained while your store is active; after account closure we make data available for export for a reasonable period, then delete it.
Data portability & export¶
Your store is a single portable database. You can export your store data at any time — we don't lock you in.
Your rights¶
Depending on where you live (e.g. under GDPR/UK GDPR or CCPA), you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing or withdraw consent.
- Merchants: exercise your rights by emailing [privacy@budhil.com].
- A store's customers: contact the merchant/store you purchased from — they control that data. We'll assist the merchant in responding.
We'll respond within the timeframe required by law.
Cookies¶
The Service uses cookies that are necessary to operate (e.g. login sessions and cart state) and limited analytics to keep the Service working. You can control non-essential cookies through your browser or any cookie banner shown.
Children¶
The Service isn't directed to children under 16, and we don't knowingly collect their data.
Changes¶
We may update this Policy and will post the new effective date here; material changes will be notified to merchants.
Contact¶
[privacy@budhil.com] · [Budhil Ltd, registered address]. [If required in your region, name your Data Protection Officer / EU representative here.]