Privacy Policy
Last updated: 2026-06-27
B-connex Pty Ltd (“B-connex”, “we”, “our”) operates the B-connex platform. This policy explains what personal information we collect, why we collect it, and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Information we collect
- Account details — name, email, password hash, role, organisation.
- Business identifiers — ABN, business name, KYC documents you upload for verification.
- Usage data — pages visited, click events, feature usage, IP address, user-agent (used for security and product analytics).
- Authentication metadata — login attempts, last IP, last user-agent, lockout state (used for fraud / abuse prevention).
- Customer leads and outreach data you import or generate within the platform.
- Connected-account tokens — OAuth access tokens for LinkedIn, Email, X and similar (always stored encrypted at rest).
- Billing data — plan, invoice history, GST. Card data is processed by Stripe and never stored by B-connex.
2. How we use it
- To provide the service you signed up for.
- To send transactional and security emails.
- To detect and prevent abuse, fraud, and unauthorised access.
- To produce ATO/BAS-aligned tax invoices.
- To improve product quality (aggregate analytics).
3. Sub-processors
We use the following third parties to operate the service. By using B-connex you agree to data being shared with them as required for the feature you are using:
- OVH shared hosting (production web tier)
- Stripe (payments)
- OpenAI / Anthropic / local on-device model — only used when AI features are invoked
- OVH SMTP
- Xero (if you push invoices)
4. Data retention
Account and billing data are retained for the life of your account plus 7 years for tax records. Authentication and usage events are retained for 90 days and then aggregated.
5. Your rights
You may request access to or correction of your personal information at any time by emailing hello@b-connex.com. We will respond within 30 days. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
6. International transfer
We host data in Australia where possible. AI sub-processors may process prompts outside Australia — see the sub-processor list above. We rely on contractual safeguards consistent with APP 8.
7. Security
We use Argon2id password hashing, encrypted-at-rest token storage (AES-256-GCM with a per-install APP_KEY), TLS in transit, account lockout after repeated failed logins, and audit logging. We monitor IP and user-agent changes for suspicious activity.
8. Breach notification
We comply with the Notifiable Data Breaches scheme. You will be notified at the email on file within the timeframes required by law if a breach is likely to cause serious harm.
9. Changes to this policy
We may update this policy from time to time. Material changes will be announced via in-app notification and email at least 14 days before they take effect.
10. Contact
Privacy contact: hello@b-connex.com · Postal address available on request.
This page was generated as a scaffold by the B-connex installer. Have it reviewed by Australian legal counsel before publishing. All [REPLACE: …] markers must be removed.