Privacy Policy
How Bitbase Technologies Inc collects, uses, shares, and safeguards personal information across our website, apps, and client engagements.
1. Who we are
Bitbase Technologies Inc ("Bitbase", "we", "us") is a U.S. C‑Corporation incorporated in the State of Texas (Secretary of State File No. 806426299; EIN 41‑4105913), with its registered office at 17350 State Highway 249, Suite 220, Houston, TX 77064, USA. This policy applies to bitbase.tech, our authenticated products (Command Center, Operations Console, Control Plane, Document Studio), and the services we deliver to clients.
Where we build and operate systems on behalf of a client, that client is typically the data controller and Bitbase acts as a processor under a separate Data Processing Agreement (DPA). For our own website and business operations, Bitbase is the controller.
2. Information we collect
Information you provide
- Contact and account details — name, work email, phone, company, role.
- Engagement content — project briefs, documents, messages, and approvals submitted through our products.
- Billing details — invoice recipients, purchase orders, and (for crypto settlement) public wallet references. We do not store card numbers; card payments are handled by our PCI-compliant processor.
Information collected automatically
- Device and usage data — IP address, browser type, pages viewed, and session activity.
- Cookies and similar technologies — see §9.
- Security logs — authentication events and audit records used to protect accounts.
Information from third parties
We may receive information from SSO/identity providers (e.g. Okta, Google, Microsoft Entra ID) when you sign in, and from integrations you or your organization connect.
3. How we use information
- To provide, operate, and secure our website, products, and services.
- To deliver engagements, generate documents, issue invoices, and process payments.
- To authenticate users, enforce role-based access, and detect abuse.
- To communicate about projects, support, and service updates.
- To improve our products and comply with legal, tax, and accounting obligations.
4. Legal bases (EEA/UK)
Where GDPR or UK GDPR applies, we rely on: performance of a contract; our legitimate interests in operating and securing the business; your consent (where requested, e.g. non-essential cookies); and compliance with legal obligations.
5. How we share information
We do not sell personal information. We share it only with:
- Sub-processors that power the platform — hosting and edge (Vercel), managed databases and caching, email/notification delivery, identity (Okta), and payment/settlement providers (Stripe, Circle, BTCPay Server).
- Clients, where you are a user within a client organization's workspace.
- Authorities or advisors, where required by law or to protect our rights.
- Successors, in connection with a merger, acquisition, or asset sale.
6. International transfers
We operate globally and may transfer information to the United States and other countries. Where required, we use appropriate safeguards such as Standard Contractual Clauses and equivalent mechanisms.
7. Data retention
We keep personal information for as long as needed to provide services and to meet legal, tax, and accounting requirements. Engagement records and audit logs are retained for the duration of the engagement plus the period required by applicable law; you may request earlier deletion subject to those obligations.
8. Security
We apply defense-in-depth: encryption in transit (TLS 1.3) and at rest (AES-256), enforced two-factor authentication for administrative roles, least-privilege access, continuous audit logging, and periodic penetration testing. No system is perfectly secure, but we work to industry standards and are progressing toward SOC 2 Type II.
9. Cookies
We use strictly necessary cookies for authentication and security, and — with consent where required — analytics cookies to understand usage. You can control cookies through your browser settings; disabling essential cookies may break sign-in.
10. Your rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to object or withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know and to opt out of "sales" or "sharing" (we do neither). To exercise any right, contact us at privacy@bitbase.tech. Where Bitbase is a processor, we will refer your request to the relevant client controller.
11. Children
Our services are intended for businesses and are not directed to children under 16. We do not knowingly collect information from children.
12. Changes to this policy
We may update this policy from time to time. Material changes will be posted here with a revised "Last updated" date and, where appropriate, notified to account holders.
13. Contact
Questions or requests: privacy@bitbase.tech · Bitbase Technologies Inc, 17350 State Highway 249, Suite 220, Houston, TX 77064, USA. See also our Terms of Service.