Privacy Policy
This Privacy Policy describes how BizTransit Sdn Bhd, operating as bcz.co ("we", "us", "our"), collects, uses, and protects information when you use our services at bcz.co (the "Service").
Our Privacy Commitment: We are committed to protecting your privacy. We collect only the minimum information necessary to provide our website creation service and never sell your personal data to third parties.
1. Information We Collect
1.1 Information You Provide
- Account information: When you sign in via OAuth (Google, Apple, GitHub, Facebook, or WeChat), we receive your name, email address, and profile picture from the identity provider. We do not receive or store your password from any provider.
- Site content: When you create websites, link pages, or online stores on bcz.co, we store your site content, media uploads, product listings, and configurations on our servers to host and serve your sites to visitors.
- E-commerce data: If you use our e-commerce features, we store product information, order details, and customer information necessary to process transactions. Payment card data is handled exclusively by Stripe and PayPal — we never see or store card numbers.
- Feedback and correspondence: If you contact us via email, we retain the contents of your messages and our responses.
1.2 Information Collected Automatically
- Usage analytics: We collect anonymous usage data such as page views, feature usage, and site performance metrics to improve our service. This data is aggregated and cannot identify individual users.
- Standard web server logs: Cloudflare Pages may log IP addresses, browser type, and request timestamps as part of standard CDN operations.
1.3 Information We Do Not Collect
- We do not use third-party advertising or tracking services.
- We do not use tracking pixels or advertising beacons.
- We do not set cross-site tracking cookies.
- We do not sell, rent, or trade your personal information to advertisers or data brokers.
- We do not collect device identifiers, fingerprints, or persistent tracking IDs.
2. How We Use Your Information
- Service delivery: To host and serve your websites, link pages, and online stores to visitors worldwide.
- Account management: To create and maintain your account, authenticate sessions, and provide customer support.
- E-commerce: To process orders, manage inventory, and facilitate transactions on your online stores.
- Communications: To respond to your inquiries and send essential service notifications (e.g., terms updates, billing notices).
- Improvement: To analyze anonymous usage data and improve the Service's features, performance, and user experience.
- Security: To detect and prevent abuse, unauthorized access, and policy violations.
3. Data Storage and Security
- Your site content and account data are stored on secure servers operated by Cloudflare and our infrastructure providers.
- Authentication session tokens (JWTs) are stored in your browser and expire after 24 hours.
- All connections use HTTPS/TLS encryption.
- We use Cloudflare for hosting, which provides DDoS protection and WAF (Web Application Firewall).
- Payment processing is handled by Stripe and PayPal, both PCI DSS compliant. We do not store credit card numbers or payment details.
4. Multi-Provider OAuth Authentication
We support sign-in through multiple identity providers. The data received from each provider is limited to what is necessary for account creation and identification:
| Provider | Data Received |
|---|---|
| Name, email, profile picture, Google user ID | |
| Apple | Name (first sign-in only), email (may be relay address), Apple user ID |
| GitHub | Username, email, avatar URL, GitHub user ID |
| Name, email, profile picture, Facebook user ID | |
| Nickname, avatar URL, WeChat OpenID/UnionID |
We store only the minimum data needed to identify your account (provider ID, name, email, avatar URL). We do not access your contacts, posts, files, or other data from any provider.
5. Data Sharing
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
- Identity providers: OAuth authentication requires communication with Google, Apple, GitHub, Facebook, or WeChat during sign-in.
- Payment processors: Stripe and PayPal process subscription payments and e-commerce transactions on our behalf.
- Infrastructure: Cloudflare provides CDN, DDoS protection, and DNS services to host and serve your websites.
- Legal requirements: We may disclose information if required by law, regulation, or legal process.
6. Cookies and Local Storage
We use minimal cookies for essential functionality only. See our Cookie Policy for full details.
bcz-session: Authentication session (24-hour expiry)bcz-prefs: User preferences (persistent)- No advertising, analytics, or third-party tracking cookies
7. Your Rights
- Access: You can view all your data through your account dashboard, including site content, analytics, and account settings.
- Deletion: You can delete individual sites or your entire account from account settings. Deleting your account removes all associated data from our servers.
- Portability: Export your site data at any time from your account settings.
- Restriction: You can disable specific features or data collection through your account privacy settings.
- Account deletion: Contact privacy@bcz.co to request full deletion of your account and all associated data.
8. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@bcz.co.
9. International Data Transfers
BizTransit Sdn Bhd is based in Malaysia. Your data may be processed in Malaysia and in jurisdictions where our infrastructure providers (Cloudflare, payment processors) operate. By using the Service, you consent to the transfer of your data to these jurisdictions.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on the Service. The "Effective" date at the top indicates when this policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.
Contact
For privacy-related inquiries, contact us at:
Privacy Officer
BizTransit Sdn Bhd
Level 28, Lingkaran Syed Putra
Mid Valley City, Kuala Lumpur 59200, Malaysia
Email: privacy@bcz.co