Privacy Policy
This Privacy Policy describes how Kibersoft Limited ("we", "us", "our") collects, uses, and discloses your personal data when you visit blazrlytics.com (the "Website") or subscribe to the Blazrlytics product.
We are committed to protecting your privacy and complying with our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of the UK GDPR, Kibersoft Limited is the data controller.
1. Important Notice: Product Telemetry
Blazrlytics operates entirely on your local machine. The diagnostic library, local dashboard, and browser extensions process all application performance, component logs, and rendering data completely within your local web browser and developer workstation.
We do not collect, transmit, or store any of your application's diagnostic data, logs, database queries, code symbols, or telemetry on our servers. All profiling activity is 100% private to you.
2. What Personal Data We Collect
When you interact with our Website or purchase a license, we collect and process limited personal data:
- Authentication Information (OAuth): We use third-party OAuth providers (such as Google, GitHub, or Microsoft) to verify your identity and manage logins. When you log in, the provider shares basic profile details with us (typically your name and email address) to enable access to your subscription console. We do not store or see your passwords.
- Billing and Transaction Details (Stripe): All payment processing is handled securely by Stripe. When you purchase a subscription, Stripe collects your email, billing address, and credit card information. Stripe provides us with a customer ID, confirmation of payment, VAT details, and the last 4 digits of your card for transaction lookup. We do not store credit card details on our servers.
- Communication Records: If you contact us directly via email (e.g. for support), we will retain copies of your correspondence and your email address to assist with your inquiry.
- Technical and Usage Data: We may collect details of your visits to our Website (including your IP address, browser type, operating system, and access times) via server logs and essential cookies to ensure the Website functions securely and correctly.
3. Legal Bases for Processing
We process your personal data under the following legal bases:
| Data | Purpose | Lawful Basis |
|---|---|---|
| Name, email (via OAuth) | Create and manage your account | Performance of a Contract (Art 6(1)(b)) |
| Email, billing address (via Stripe) | Process subscription payments | Performance of a Contract (Art 6(1)(b)) |
| Last 4 card digits, Stripe customer ID | Transaction lookup and billing support | Performance of a Contract (Art 6(1)(b)) |
| VAT details, invoices | UK tax and accounting compliance (HMRC) | Legal Obligation (Art 6(1)(c)) |
| Support correspondence | Respond to your queries | Legitimate Interests (Art 6(1)(f)) |
| IP address, browser, OS, access times | Website security and abuse prevention | Legitimate Interests (Art 6(1)(f)) |
4. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
| Data Category | Retention Period |
|---|---|
| Account data (name, email) | Duration of your account + 30 days after deletion |
| Billing and transaction records | 6 years after the transaction (HMRC requirement under UK tax law) |
| Support correspondence | 2 years after resolution of your query |
| Server logs (IP address, browser, access times) | 90 days |
5. Third-Party Service Providers
We share your data only with trusted third-party service providers (sub-processors) necessary to host the site, authenticate logins, and handle payments:
- Stripe, Inc.: For secure payment gateway operations, billing management, and transaction records.
- OAuth Providers (e.g., GitHub, Google): To handle authentication and secure user access.
- Microsoft Azure: For cloud hosting, infrastructure, and data storage. Data is processed within Microsoft Azure's UK and European data centres.
Stripe processes your payment data under a Data Processing Agreement (DPA) in accordance with Article 28 of the UK GDPR. Stripe is self-certified under the UK Extension to the EU-U.S. Data Privacy Framework.
6. Cookies
Our Website uses only essential cookies required for authentication and payment processing. We do not use third-party advertising or cross-site tracking cookies. For full details, including cookie names, purposes, and durations, please see our Cookie Policy.
7. Your Data Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can ask us to correct inaccurate or incomplete data.
- Right to Erasure (Right to be Forgotten): You can request that we delete your account and personal data, subject to legal retention rules (like HMRC financial logs).
- Right to Restrict Processing: You can request that we limit how we process your data in certain circumstances, for example while we verify its accuracy.
- Right to Object: You can object to processing based on legitimate interests. You have an absolute right to object to direct marketing at any time.
- Right to Data Portability: You can request that we transfer your profile data to another provider in a structured format.
8. Account Deletion
You may request deletion of your account at any time by contacting support@blazrlytics.com. Upon processing your request, your account data (name, email address, and login associations) will be deleted immediately. Billing and transaction records will be retained for 6 years in accordance with UK tax law. Server logs containing your IP address are automatically purged after 90 days.
9. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling.
10. Data Security and Transfers
All connections between your browser and our servers are encrypted via HTTPS. Our servers are hosted within Microsoft Azure's UK and European data centres. Where sub-processors such as Stripe process data in the United States, appropriate safeguards are in place, including the UK Extension to the EU-U.S. Data Privacy Framework (DPF), Standard Contractual Clauses (SCCs), and the UK International Data Transfer Addendum (IDTA).
11. Contact
For any data protection or privacy-related inquiries, please contact: support@blazrlytics.com.
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.