Privacy Policy

At bSure, we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we, bSure, a professional digital engineering company founded and led by Brian Shirley in Wichita, Kansas ("bSure", "we", "us", "our"), collect, use, share, and protect personal information when you interact with our professional digital engineering services, including web application development, network infrastructure design, cloud solutions, DevOps automation, mobile development, cybersecurity, and 24/7 technical support ("Services"). This Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1 Information We Collect

We collect information necessary to provide, improve, and secure our Services. The types of information we collect include:

1.1 Information You Provide to Us

• Contact Information: Name, email address, phone number, mailing address, and company name when you register for our Services, request a consultation, or contact us.
• Account Credentials: Username, password, and authentication information for accessing our Services, client portals, or project management systems.
• Payment Information: Billing address, payment card information (processed securely through Stripe), tax identification numbers, and transaction history.
• Business Information: Company name, industry, business size, project requirements, technical specifications, and other information you provide in consultations, proposals, or Statements of Work.
• Communications: Content of emails, support tickets, chat messages, phone conversations (with consent), and feedback you provide to us.
• Project Materials: Documents, files, content, data, images, and other materials you upload or provide for project development.

1.2 Information We Collect Automatically

• Usage Data: Information about how you access and use our web applications, including pages visited, features used, links clicked, time spent, referring URLs, and interaction patterns.
• Device Information: IP address, browser type and version, operating system, device type, screen resolution, language preferences, time zone, and unique device identifiers.
• Server and Network Monitoring Data: For clients using our network monitoring services, we collect server performance metrics, network traffic data, uptime statistics, security events, system logs, and infrastructure diagnostics.
• Location Information: Approximate geographic location derived from IP address for service optimization and fraud prevention.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to track user activity and enhance user experience (see Section 7 for details).

1.3 Information from Third Parties

• Service Providers: Information from payment processors (Stripe), email services (SendGrid), cloud infrastructure providers (Google Cloud Platform), communication services (Twilio), and analytics tools.
• Referral Partners: Business contact information from referral partners or technology partners (Ubiquiti, Apple Developer, WordPress ecosystem).
• Publicly Available Sources: Professional information from business websites, LinkedIn, and other publicly available sources for business development purposes.

2 How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and deliver our professional digital engineering Services, including web development, network infrastructure design, cloud solutions, DevOps automation, mobile development, cybersecurity, and 24/7 technical support.
• Account Management: To create and manage your account, authenticate your identity, and enable access to client portals and project management tools.
• Payment Processing: To process payments securely through our third-party payment processor (Stripe), invoice for Services, and maintain financial records.
• Communication: To respond to inquiries, provide customer support, send project updates, deliver technical notifications, and communicate about Services.
• System Monitoring and Maintenance: To monitor server performance, detect security threats, troubleshoot technical issues, perform maintenance, and ensure system uptime and reliability.
• Service Improvement: To analyze usage patterns, gather feedback, conduct research, develop new features, and improve the quality and functionality of our Services.
• Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, unauthorized access, abuse, and other harmful activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, government requests, tax reporting, financial audits, and industry standards.
• Marketing (with consent): With your consent, to send newsletters, promotional materials, case studies, and information about new Services. You may opt out at any time.

Legal Basis for Processing (GDPR): For EU residents, our legal bases for processing personal information include: (a) performance of a contract with you; (b) our legitimate business interests in providing and improving Services; (c) your consent (which you may withdraw at any time); and (d) compliance with legal obligations.

3 How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We share information with trusted third-party service providers who perform services on our behalf, including payment processing (Stripe), email communications (SendGrid), cloud hosting (Google Cloud Platform), telecommunications (Twilio), analytics, and technical infrastructure support. These providers are contractually obligated to protect your information and use it only for specified purposes.
• Technology Partners: We may share limited information with technology partners (Ubiquiti, Apple Developer, WordPress ecosystem) when necessary to provide integrated Services or technical support.
• Business Transfers: If bSure is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and your rights regarding your information.
• Legal Requirements: We may disclose information when required by law, court order, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, investigate fraud, or comply with government requests.
• With Your Consent: We may share information with third parties when you give us explicit permission to do so, such as when you authorize integrations with third-party platforms.
• Aggregated and Anonymized Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, marketing, or other business purposes.

4 Data Security

Under the leadership of Founder and President Brian Shirley, our Digital Application Engineering Director, bSure implements comprehensive security measures to protect your personal information from unauthorized access, loss, misuse, alteration, or disclosure. Our security practices include:

• Encryption: All data transmitted between your device and our servers is encrypted using HTTPS with TLS 1.3 protocol. Sensitive data at rest is encrypted using industry-standard encryption algorithms (AES-256).
• Access Controls: We implement role-based access controls, multi-factor authentication, and principle of least privilege to ensure only authorized personnel can access personal information.
• 24/7 Security Monitoring: Our systems are continuously monitored for security threats, suspicious activity, and anomalies. We maintain intrusion detection systems and conduct regular security audits.
• Secure Infrastructure: We host our Services on Google Cloud Platform, which provides enterprise-grade physical and network security. We regularly update and patch our systems to address vulnerabilities.
• Payment Security: All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We do not store full credit card numbers on our servers.
• Employee Training: Our team receives regular security awareness training and is bound by confidentiality obligations.
• Incident Response: We maintain a comprehensive incident response plan to quickly identify, contain, and remediate security breaches.

Important Notice: While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to continuously improving our security posture and responding promptly to any security incidents.

5 Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Active Accounts: Account information and project data retained while your account is active and for a reasonable period afterward for record-keeping purposes.
• Financial Records: Payment and billing information retained for seven (7) years to comply with tax and accounting regulations.
• Server and Network Logs: System logs, security logs, and monitoring data retained for three (3) years for security auditing, troubleshooting, and compliance purposes.
• Communications: Email correspondence and support tickets retained for three (3) years for customer service and dispute resolution purposes.
• Marketing Data: Contact information for marketing purposes retained until you opt out or unsubscribe.

When we no longer need your information, we securely delete or anonymize it. You may request deletion of your information subject to legal retention requirements (see Section 6 for your rights).

6 Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 General Rights (All Users)

• Right to Access: Request access to the personal information we hold about you and receive a copy in a structured, commonly used format.
• Right to Correction: Request correction of inaccurate or incomplete personal information.
• Right to Deletion: Request deletion of your personal information, subject to legal retention requirements and legitimate business needs.
• Right to Opt-Out: Unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in emails or contacting us.

6.2 GDPR Rights (EEA/UK Residents)

If you are located in the European Economic Area (EEA) or United Kingdom (UK), you have additional rights under the GDPR:

• Right to Data Portability: Receive your personal information in a machine-readable format and transmit it to another controller.
• Right to Restriction: Request restriction of processing in certain circumstances (e.g., while we verify accuracy of data).
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (does not affect lawfulness of prior processing).
• Right to Lodge a Complaint: Lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

6.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of categories and specific pieces of personal information we collect, use, and disclose about you.
• Right to Delete: Request deletion of personal information we collected from you, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. Should this change, we will provide a "Do Not Sell My Personal Information" link.
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your CCPA rights.
• Shine the Light: Once annually, request information about personal information we disclose to third parties for their direct marketing purposes (if applicable).

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at connect@b-sureonline.com or +1 (316) 290-9461. We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA). We may request additional information to verify your identity before fulfilling your request. You may designate an authorized agent to make a request on your behalf by providing written authorization.

7 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, prevent fraud, and improve our Services. Cookies are small text files stored on your device.

7.1 Types of Cookies We Use

• Essential Cookies: Required for Services to function. Enable authentication, security features, session management, and core functionality. Duration: Session or up to 1 year.
• Performance/Analytics Cookies: Collect information about how you use our Services to help us improve. We use Google Analytics (anonymized IP). Duration: Up to 2 years.
• Functionality Cookies: Remember your preferences and settings to enhance your experience. Duration: Session or up to 1 year.
• Marketing Cookies (with consent): Track your activity for targeted advertising and marketing purposes. You can opt out. Duration: Up to 2 years.

7.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive alerts when cookies are being set. Note that disabling cookies may affect functionality of our Services. You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. For GDPR-covered incidents, we will notify the appropriate supervisory authority within 72 hours of becoming aware of the breach. We will notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms. Notifications will include: the nature of the breach, categories and approximate number of affected individuals, likely consequences, measures taken or proposed to address the breach, and contact information for inquiries.

9 International Data Transfers

bSure is based in the United States (Wichita, Kansas). If you are accessing our Services from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence. For transfers from the EEA/UK, we rely on Standard Contractual Clauses approved by the European Commission and implement appropriate safeguards to protect your personal information. By using our Services, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

10 Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by bSure. We are not responsible for the privacy practices or content of these third parties. We recommend reviewing the privacy policies of any third-party services you access through our Services. Third-party service providers we work with include: Stripe (payment processing), Google Cloud Platform (infrastructure), SendGrid (email delivery), Twilio (communications), Ubiquiti (network equipment), Apple Developer (mobile development), WordPress (content management), and various other technology partners.

11 Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at connect@b-sureonline.com.

12 Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Due to lack of industry consensus on DNT standards, our Services do not currently respond to DNT signals. However, you can control tracking through your browser settings and opt out of targeted advertising through industry opt-out mechanisms such as the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA).

13 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, legal requirements, or business operations. We will notify you of material changes by posting the updated Policy on our website with a new "Last Updated" date and, for significant changes, by sending an email to the address associated with your account or posting a prominent notice on our website. Your continued use of our Services after such modifications constitutes your acknowledgment and acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically to stay informed about our privacy practices.

14 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: