Privacy Policy

Last updated: April 8, 2026
Protecting your privacy is important to us.

Business in a Box is a product of Biztree Inc., a company incorporated in Canada. References to “Business in a Box,” “we,” “us,” or “our” in this policy refer to Biztree Inc. operating under the Business in a Box brand. Biztree Inc. is the data controller for the personal information described in this policy.

This Privacy Policy explains how we collect, use, share, and protect personal information when you visit our website or use the Business in a Box cloud platform (the “Service”). By using the Service, you agree to the practices described below.

1. Information We Collect

We collect information in the following ways:

Information you provide directly. When you create an account, place an order, contact support, or fill out a form, we collect information such as your name, email address, phone number, company name, billing address, and payment details (processed by our payment provider — we do not store full card numbers on our servers).

Content you create in the Service. Documents, templates, tasks, messages, files, and other content you upload or generate while using the platform. This content belongs to you; we process it only to provide the Service.

Usage and device information. We automatically collect information about how you interact with the Service, such as IP address, browser type, operating system, device identifiers, language, pages visited, features used, and timestamps. This helps us operate, secure, and improve the platform.

Communications. When you contact us by email, chat, or phone, we keep a record of the conversation to help resolve your issue and improve our support.

2. How We Use Your Information

• To provide, operate, and maintain the Service
• To process transactions and send you related information (receipts, invoices, account notifications)
• To provide customer support and respond to your requests
• To send product updates, security alerts, and administrative messages
• To send marketing communications (only where permitted — you can opt out at any time)
• To personalize your experience and recommend relevant templates or features
• To monitor and analyze usage trends to improve the Service
• To detect, prevent, and address fraud, abuse, security incidents, and technical issues
• To comply with legal obligations and enforce our Terms of Service

3. Legal Bases for Processing (EU/UK Users)

If you are in the European Union, European Economic Area, or United Kingdom, we rely on the following legal bases under the GDPR:

• Contract: to provide the Service you signed up for.
• Legitimate interests: to secure the platform, prevent fraud, analyze usage, and improve our products.
• Consent: for marketing emails and non-essential cookies (you may withdraw consent at any time).
• Legal obligation: to comply with tax, accounting, and other laws.

4. How We Share Information

We do not sell your personal information. We share it only in these limited situations:

• With your consent or at your direction.
• With sub-processors and service providers who help us run the Service (see Section 5).
• With your team or workspace administrators if you use the Service under a business or team account.
• In a business transfer (merger, acquisition, financing), subject to confidentiality protections.
• For legal reasons if required by law, subpoena, or to protect the rights, safety, or property of Biztree, our users, or the public.

5. Sub-processors & Service Providers

We use trusted third-party providers to deliver parts of the Service. Each is bound by contractual confidentiality and data-protection obligations. Current categories include:

• Cloud hosting & storage (e.g., Amazon Web Services)
• Payment processing (e.g., Stripe, PayPal) — they handle card data under PCI-DSS compliance
• Email delivery (transactional and marketing email providers)
• Analytics (privacy-conscious web and product analytics)
• Customer support tools (helpdesk, chat, ticketing)
• Security services (reCAPTCHA, fraud prevention, DDoS protection)

A current list of sub-processors is available on request from privacy@business-in-a-box.com.

6. International Data Transfers

Biztree Inc. is based in Canada, and some of our sub-processors are located in the United States and other countries. When we transfer personal data outside your country of residence, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or adequacy decisions (Canada has an adequacy decision from the European Commission for commercial data).

7. Data Retention

We keep your personal information only as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account data: for as long as your account is active.
• Content you create: for as long as your account is active, or until you delete it.
• Billing and transaction records: retained for the period required by tax, accounting, and commercial law (typically 6–7 years).
• Support records: retained for a reasonable period after resolution.
• Backups: automatically purged on a rolling schedule.

When you close your account, we delete or anonymize your personal information within a reasonable period, except where longer retention is required by law.

8. Security

We take the security of your information seriously and use industry-standard safeguards, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Secure cloud infrastructure with network isolation and firewalls
• Role-based access control and least-privilege principles for employees
• Regular security reviews, monitoring, and vulnerability testing
• Strict authentication, logging, and auditing

No system is ever 100% secure, but we continually invest in protecting your data. Learn more on our Security page.

9. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, understand usage, and — where you consent — measure marketing performance. Cookie categories we use:

• Strictly necessary (login sessions, security, load balancing) — these cannot be disabled.
• Functional (remembering language, theme, and UI preferences).
• Analytics (understanding which features are used and how to improve them).
• Marketing (only set with your consent; used to measure campaign effectiveness).

You can control cookies through your browser settings or our cookie banner (where available). This site also uses Google reCAPTCHA, which is subject to Google's Privacy Policy and Terms of Service.

10. Your Rights & Choices

No matter where you live, you can:

• Access, update, or correct your account information from your account settings.
• Export your data in a portable format.
• Delete your account and associated personal data (subject to legal retention requirements).
• Opt out of marketing by clicking unsubscribe in any email we send, or by contacting us.
• Contact our Privacy Officer for any privacy-related question at privacy@business-in-a-box.com.

11. GDPR & CCPA

Depending on where you live, you have additional statutory rights.

EU / EEA / UK residents (GDPR & UK GDPR): You have the right to access, rectify, erase, restrict, or object to the processing of your personal data, as well as the right to data portability and the right to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete it, the right to correct inaccurate information, the right to limit the use of sensitive personal information, and the right to opt out of the sale or sharing of personal information. We do not sell personal information and do not “share” it for cross-context behavioral advertising as defined by the CPRA. You have the right not to be discriminated against for exercising any of these rights.

To exercise any of these rights, contact privacy@business-in-a-box.com. We will respond within the timeframe required by applicable law (generally 30–45 days). We may need to verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

12. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without verifiable parental consent, we will delete that information as quickly as possible. If you believe a child has provided us with personal information, please contact us at privacy@business-in-a-box.com.

13. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you and the relevant supervisory authorities without undue delay, in accordance with applicable law (within 72 hours where required by the GDPR).

14. Third-Party Links

Our website and Service may contain links to third-party websites or services. This Privacy Policy applies only to Business in a Box. We are not responsible for the privacy practices of third parties, and we encourage you to read their policies before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice in the Service before the changes take effect. The “Last updated” date at the top of this page always reflects the most recent version.

16. Contact Us

If you have questions or comments about this Privacy Policy or our data practices, contact our Privacy Officer:

Biztree Inc. — Privacy Officer
4805 Lapinière Blvd., Suite 1200
Brossard, Quebec, J4Z 0G2, Canada
Email: privacy@business-in-a-box.com