Privacy Policy

SecureBiz Solutions ("we", "us", or "our") operates FinLens.AI and LegalBlindSpot.AI (collectively, the "Services"). This Privacy Policy explains how we collect, use, process, and protect information when you use our Services. We are committed to compliance with applicable data protection laws, including the Nigeria Data Protection Act 2023 (NDPA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and where applicable, the European Union General Data Protection Regulation (GDPR). By using our Services, you agree to the collection and use of information in accordance with this Policy.

We collect the following categories of information: Account Information: When you register, we collect your name, email address, and password (stored in encrypted form via Clerk Authentication). Payment Information: When you subscribe to a paid plan, payment details are processed by Stripe. We do not store your full card number, CVV, or banking credentials. Stripe's privacy policy governs their handling of your payment data. Document Content (LegalBlindSpot.AI): You may upload legal documents for analysis. These documents are transmitted to our AI processing engine for analysis and are NOT permanently stored on our servers after analysis is complete. Transaction Descriptions (FinLens.AI): You may submit descriptions of financial transactions for standards identification. This text is transmitted for analysis and is stored to display your analysis history and dashboard statistics. Analysis Results (FinLens.AI & LegalBlindSpot.AI): When you use our Services, we store your analysis results (including identified standards, confidence levels, risk assessments, and related metadata) to display your history and statistics on your dashboard. This data is retained for as long as your account is active. Usage Data: We automatically collect information about how you interact with our Services, including pages visited, features used, timestamps, and device/browser information. Communications: If you contact us for support, we retain the content of those communications.

Our Services use Claude, an AI model developed by Anthropic PBC, to analyse documents and financial transaction descriptions. When you submit content for analysis: — Your content is transmitted to Anthropic's API over encrypted connections (TLS). — Anthropic does not use API-submitted data to train their AI models by default, pursuant to their API Data Usage Policy. — Content submitted via the API is not retained by Anthropic beyond what is necessary to provide the immediate response. — You can review Anthropic's Privacy Policy at https://www.anthropic.com/privacy and their API Data Usage Policy at https://www.anthropic.com/api-data-privacy. You should NOT submit documents or text containing: — Personally identifiable health information (PHI) covered by HIPAA or similar legislation — Highly sensitive personal data such as government identification numbers, biometric data, or financial account credentials — Classified or state-secret information — Information you are legally prohibited from sharing with third parties SecureBiz Solutions is not responsible for the data handling practices of Anthropic, Clerk, or Stripe beyond what is described in their respective privacy policies.

We process your personal data on the following legal bases: Contract Performance: Processing necessary to provide the Services you have subscribed to, including account management and analysis delivery. Legitimate Interests: Processing for fraud prevention, security, service improvement, and analytics, where these interests are not overridden by your rights. Consent: Where required by law (for example, for non-essential cookies or marketing communications), we will request your explicit consent before processing. Legal Obligation: Processing required to comply with applicable laws, regulations, or court orders. For users in Nigeria, our processing is carried out in accordance with the lawful processing grounds under Section 25 of the Nigeria Data Protection Act 2023. For users in Canada, our processing complies with the accountability, consent, and limiting-use principles under PIPEDA Schedule 1.

We retain your personal data only for as long as necessary: Account Data: Retained for the duration of your account and for up to 12 months after account deletion, to comply with legal obligations and resolve disputes. Uploaded Documents (LegalBlindSpot.AI): Documents submitted for analysis are processed in memory and are NOT stored persistently on our servers after analysis is returned to you. Analysis results (risk scores, clause summaries) associated with your account may be retained for your reference within your account dashboard. Financial Transaction Descriptions (FinLens.AI): Transaction text submitted for analysis is stored to provide your analysis history and dashboard statistics. This data is retained for the duration of your account and deleted upon account closure. Analysis History (Both Services): Stored for the duration of your account to provide dashboard statistics and history. You may request deletion of your analysis history by contacting us at privacy@securebiztech.com. Payment Records: Retained for 7 years in accordance with applicable financial record-keeping requirements. Support Communications: Retained for 3 years from the date of the last communication.

Depending on your jurisdiction, you have the following rights regarding your personal data: Right of Access: You may request a copy of the personal data we hold about you. Right to Rectification: You may request correction of inaccurate or incomplete personal data. Right to Erasure: You may request deletion of your personal data, including your analysis history, subject to our legal retention obligations. Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances. Right to Data Portability: You may request your personal data in a structured, machine-readable format. Right to Object: You may object to processing based on legitimate interests. Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. Nigeria (NDPA) users: You have the above rights pursuant to Part V of the Nigeria Data Protection Act 2023, enforceable with the Nigeria Data Protection Commission (NDPC). Canada (PIPEDA) users: You have rights of access and correction under PIPEDA, enforceable with the Office of the Privacy Commissioner of Canada (OPC). EU/EEA (GDPR) users: You have the full suite of rights under Articles 15–21 of the GDPR, enforceable with your national data protection authority. To exercise any of these rights, contact us at privacy@securebiztech.com. We will respond within 30 days.

We do not sell your personal data to third parties. We share your data only in the following circumstances: Service Providers: We share data with carefully selected third-party providers who process data on our behalf, including: — Anthropic PBC (AI processing) — bound by their API Terms of Service — Clerk (authentication) — bound by their Data Processing Agreement — Stripe (payment processing) — bound by their Data Processing Agreement — Supabase (database infrastructure) — bound by their Data Processing Agreement — Vercel (frontend hosting) — bound by their Data Processing Agreement — Railway (backend hosting) — bound by their Data Processing Agreement Legal Requirements: We may disclose your data where required by law, court order, or government authority, provided we notify you where legally permitted to do so. Business Transfers: If SecureBiz Solutions is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you and ensure equivalent protections apply. We require all third-party service providers to implement appropriate technical and organisational security measures and to process data only on our documented instructions.

Our Services are operated globally. Your data is transferred to and processed in countries outside your country of residence. CURRENT DATA STORAGE LOCATION: Your account data, analysis results, and usage information are stored on servers physically located in the United States (Oregon region, us-west-2) via our database provider Supabase (AWS). SPECIFIC DATA TRANSFERS: — Database storage (Supabase/AWS): United States (Oregon) — Authentication (Clerk): United States (multiple regions) — AI processing (Anthropic Claude): United States — Application hosting (Vercel, Railway): United States For users in Nigeria: Transfers outside Nigeria are made in accordance with Section 43 of the NDPA 2023. For users in Canada: Transfers to the United States are made in accordance with PIPEDA Principle 4.1 (Accountability) and Principle 4.3 (Consent). By using our Services, you consent to your data being stored and processed on servers located in the United States. For users in the EU/EEA: Where we transfer personal data outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. We do not store user data in any other countries at this time.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including: — Encryption of data in transit using Transport Layer Security (TLS) — Encryption of data at rest — Access controls limiting data access to authorised personnel only — Regular security assessments of our infrastructure — Authentication via Clerk, which provides secure session management However, no method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and will notify affected individuals without undue delay, as required by applicable law.

We use cookies and similar tracking technologies to operate and improve our Services. Strictly Necessary Cookies: Required for the Services to function (e.g., authentication session cookies via Clerk). These cannot be disabled. Analytics Cookies: Used to understand how users interact with our Services. These are only set with your consent where required by applicable law. You can control non-essential cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services. We do not use advertising cookies or sell your browsing data to advertisers.

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@securebiztech.com and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (if you have an account) and by posting a prominent notice on our Services at least 30 days before the changes take effect. Your continued use of the Services after the effective date of the updated Policy constitutes your acceptance of the changes.

SecureBiz Solutions is the data controller responsible for your personal data. For privacy enquiries, data subject rights requests, or to report a concern: Email: privacy@securebiztech.com Website: https://securebiztech.com For users in Nigeria, you may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng. For users in Canada, you may lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca. For users in the EU/EEA, you may lodge a complaint with your national data protection authority.