Controller and scope
Codetics, publisher of the Biznetics service, determines the purposes and means of the processing described in this policy and acts as the data controller. You can contact Biznetics at codetics@outlook.com.
This policy applies to the Biznetics website, public professional cards, workspaces, QR codes, scan analytics, artificial-intelligence features, billing, and custom domains. Websites reached through links added by users apply their own privacy policies.
Business customers and professional users
Data we process
We collect data directly from you, your organization, your browser, Stripe, and, when you use Google Sign-In, from Google through Firebase Authentication.
- Account and authentication: Firebase identifier, display name, email address, sign-in method, session tokens, and technical security data. Passwords are handled by Firebase Authentication and are not available to Biznetics in plain text.
- Professional profile: first and last name, display name, role, company, headline, biography, location, contact details, avatar, websites and social profiles, skills, services, industries, projects, offers, needs, goals, languages, availability, and visibility choices.
- Scans and interactions: card viewed, date, scan source, vCard download, profile creation following a scan, referring URL, browser, and approximate country and city supplied by the hosting infrastructure. To deduplicate an anonymous scan, the IP address and browser are used temporarily to create a salted hash; Biznetics does not store the raw IP address in the scan event.
- Identified scans: if you are signed in and have a profile, your identifier, display name, role, and company may be linked to the scan and shown to the card owner.
- AI insights: relevant professional fields from both profiles, the analysis request, score, confidence, summary, common ground, opportunities, and suggested messages. Email addresses, phone numbers, and URLs are not included in the profile sent to the model.
- Workspaces and domains: members, roles, access rights, plan, public slug, domain names, DNS verification status, and Vercel configuration.
- Billing: Stripe customer and subscription identifiers, plan, status, billing periods, invoices, and payment events. Stripe processes card numbers and banking details; Biznetics does not store full payment credentials.
- Preferences and support: language, theme, analytics consent, and the content of communications with Biznetics.
Purposes and legal bases
Each processing activity relies on a defined legal basis. Where data is contractually required, not providing it may prevent account creation or use of the relevant feature.
| Purpose | Main data | Legal basis |
|---|---|---|
| Create accounts, authenticate users, and secure access | Account, session, and security logs | Performance of the contract; legitimate interest in preventing fraudulent access |
| Create, publish, and share a card, QR code, and vCard | Profile, visibility, slug, and domain | Performance of the contract and action requested by the user |
| Measure scans, downloads, and conversions | Scan events, technical data, and identified profile | Performance of the contract for the card owner; legitimate interest in measuring use and professional introductions |
| Generate a professional compatibility analysis | Professional fields from both profiles and generated output | Performance of the contract at the user's request |
| Manage plans, subscriptions, payments, and invoices | Account, workspace, and Stripe references | Performance of the contract and accounting or tax obligations |
| Connect domains and manage workspace permissions | Domain, DNS, roles, and access rights | Performance of the contract |
| Provide support, prevent abuse, and defend legal rights | Account, communications, technical data, and evidence | Legitimate interest; legal obligation where applicable |
| Optional audience measurement | Firebase Analytics identifiers and events | Prior consent where required |
Public cards, scans, and visibility
A card set to “public” may be viewed without an account through its URL, QR code, slug, subdomain, or custom domain. Profile data intended for the card is then available to anyone with the link and may be indexed, copied, or shared by third parties. You can make the card private and separately hide your email address or phone number in profile settings.
Opening a card creates a scan event to provide the owner with usage analytics. A signed-out visitor appears as anonymous. A signed-in visitor with a profile may appear as identified with their display name, role, and company. This information is presented on the card before sign-in or profile-creation actions.
Card owner responsibility
Artificial intelligence and profiling
When a user requests an analysis, Biznetics sends Google Gemini a selection of professional information from both profiles. The model produces an indicative score, confidence level, possible synergies, collaboration ideas, and suggested messages. The result is stored in both participants' areas so they can review the context of the introduction.
These insights do not result in a decision that produces legal or similarly significant effects. They do not verify identity, qualifications, creditworthiness, or suitability for employment. The user must review the output, correct errors, and exercise independent judgment before contacting, hiring, funding, or contracting with anyone.
Recipients and service providers
Data is available to authorized Codetics personnel, authorized members of your workspace, and service providers required to operate Biznetics. We do not sell personal data.
| Provider | Role | Relevant data |
|---|---|---|
| Google Firebase and Google Cloud | Authentication, database, infrastructure, and, with consent, audience measurement | Account, profile, scans, analyses, and technical identifiers |
| Google Gemini / Firebase AI Logic | Generation of networking insights | Selected professional fields and analysis instructions |
| Stripe | Payments, subscriptions, invoicing, fraud prevention, and customer portal | Billing identity, customer references, subscription, and payment data |
| Vercel | Hosting, delivery, security, routing, and custom domains | Requests, technical logs, approximate country/city, and domains |
We may also disclose data to advisers, auditors, a potential acquirer, or a public authority where necessary to comply with law, protect the service, enforce our rights, or complete a corporate transaction subject to confidentiality obligations.
International transfers
Some providers are established or operate outside the European Economic Area, including in the United States. Depending on the service and country, transfers rely on an adequacy decision, the EU–U.S. Data Privacy Framework where the recipient participates, European Commission standard contractual clauses, or another GDPR safeguard.
You may request more information about the applicable safeguards by emailing codetics@outlook.com.
Retention periods
We retain data for the time needed for the purposes above, then delete or anonymize it unless law requires retention or evidence must be preserved.
| Category | Reference period |
|---|---|
| Account, profile, and workspace | For the life of the account, then operational deletion within 30 days after a valid request; isolated backups for no more than 90 days |
| Scans, vCard downloads, and conversions | 24 months from the event, unless an Enterprise agreement specifies another period |
| AI insights and networking history | 24 months after last use or until account deletion, if earlier |
| Subscription data, invoices, and accounting records | For the relationship, then 10 years for records subject to accounting duties; contractual evidence for applicable statutory periods |
| Support and rights requests | 3 years after closure; identity evidence deleted after verification unless needed for a dispute |
| Technical and security logs | Up to 12 months, subject to provider-specific periods and longer preservation following an incident |
| Language, theme, and consent choices | 12 months for language, 6 months for the analytics choice, or until local preferences are deleted by the user |
Your rights
Subject to legal conditions, you may request access, correction, deletion, restriction, or portability of your data, and object to processing based on legitimate interests. You may withdraw consent at any time without affecting earlier lawful processing. Where French law applies, you may also give instructions about your data after death.
Send requests to codetics@outlook.com from the email address linked to your account. We may ask for reasonable information to verify identity. We normally respond within one month; this may be extended by two months for a complex request, in which case we will notify you.
You may lodge a complaint with the French data protection authority, www.cnil.fr, or with the supervisory authority where you live or work in the European Union.
Security and confidentiality
Biznetics uses measures proportionate to the risks, including Firebase authentication, user and workspace access controls, Firestore rules, server-side entitlement checks, signed Stripe webhooks, server-only secrets, salted scan deduplication, and HTTPS encryption in transit.
No system is risk-free. You must use a unique password, secure your device, limit information made public, and promptly report suspicious activity.
Children, changes, and contact
Biznetics is intended for professional use by people aged 18 or older. We do not knowingly seek data from children. If you believe a child has created an account, contact us so we can investigate.
We may update this policy to reflect changes to the service, providers, or applicable law. The effective date appears at the top. For material changes, we will provide reasonable notice in the service or by email before they take effect where required.
For questions or requests about this policy, email codetics@outlook.com.
Legal question or personal-data request
Email us with your account email address and the subject of your request.
Contact Biznetics