Privacy Policy
Your privacy matters to us. This policy explains how we handle your information.
Last Updated: January 1, 2026
Table of Contents
1. Introduction
Blessed Bits ("we," "our," or "us") is a technology company that provides business software solutions and billing services for affiliated SaaS applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with applications that use our billing platform.
Our Commitment: We collect only the data we need, protect it with industry-standard security, and respect your rights to access, correct, and delete your information.
This policy applies to:
- Visitors to blessed-bits.com
- Users who contact us or make donations
- Users of affiliated SaaS applications that use Blessed Bits for authentication and billing
We comply with applicable privacy laws including the General Data Protection Regulation (GDPR) for EU residents and the California Consumer Privacy Act (CCPA) for California residents.
2. Data We Collect
Personal Data
Information you provide directly:
- Contact Information: Name, email address, phone number (via contact forms)
- Account Information: Username, email, password (hashed), phone number for 2FA
- Billing Address: State, postal code (for tax calculation purposes)
Payment Data
Payment processing is handled securely through Stripe. We do not store your full credit card number, CVV, or other sensitive payment details. Stripe tokenizes this information and we only receive:
- Last 4 digits of your card (for display purposes)
- Card type and expiration date
- Billing postal code
- Stripe customer and subscription IDs
Usage Data
Information collected automatically:
- IP address (for security and fraud prevention)
- Browser type and version
- Pages visited and time spent
- Referring website
- Device information
Third-Party Data
When you use affiliated applications that integrate with our billing platform, we may receive:
- Basic profile information (name, email)
- Subscription and entitlement status
- Usage metrics for billing purposes
3. How We Use Your Data
| Purpose | Legal Basis | Opt-Out Available |
|---|---|---|
| Service delivery and account management | Contractual necessity | No |
| Billing and payment processing via Stripe | Contractual necessity | No |
| Security and fraud prevention | Legitimate interest | No |
| Legal compliance and audits | Legal obligation | No |
| Service improvements and analytics | Legitimate interest | Yes |
| Email communications (updates, support) | Legitimate interest / Consent | Yes |
| SMS notifications (2FA, alerts) | Consent | Yes |
| Marketing communications | Consent | Yes |
4. Sharing Your Data
With Stripe (Payment Processor)
We share billing information with Stripe for payment processing, fraud prevention, and compliance. Stripe acts as a data processor under a Data Processing Agreement (DPA) and is PCI DSS certified. See Stripe's Privacy Policy for details.
With Affiliated Applications
When you subscribe to an application that uses our billing platform, we share:
- Subscription status and entitlements
- Basic account information (as authorized)
- Usage metrics relevant to billing
With Service Providers
- SendGrid: Email delivery services
- Twilio: SMS delivery for 2FA
- Cloud Infrastructure: Secure data hosting
Legal Requirements
We may disclose information if required by law, court order, or to protect our rights, property, or safety.
We do not sell your personal data. We only share data as described above for legitimate business purposes.
5. Our Role as Billing Partner
Blessed Bits provides centralized billing and authentication services for affiliated SaaS applications. When you subscribe to one of these applications:
- Blessed Bits processes payments on behalf of the application
- Your card statement will show "BLESSED BITS" as the merchant
- We manage subscription billing, usage-based charges, and credit systems
- The affiliated application remains responsible for their own privacy practices regarding app-specific data
Each affiliated application should have its own privacy policy covering app-specific data collection and usage. Our role is limited to billing, authentication, and account management services.
6. Data Retention and Deletion
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of account + 30 days after deletion request |
| Billing and transaction records | 7 years (tax/legal compliance) |
| Security logs | 270-365 days |
| Contact form submissions | 2 years |
| Session tokens | 7-30 days |
GDPR Right to Erasure
We support your right to be forgotten under GDPR Article 17. When you request account deletion:
- We initiate a 30-day grace period during which you can withdraw the request
- We send reminder emails at 14 days and 7 days
- We coordinate deletion across all affiliated applications
- After 30 days, personal data is permanently purged (except legally required records)
- We maintain an anonymized audit trail using hashed identifiers
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete data
- Deletion: Request erasure of your data (see above)
- Portability: Receive your data in a structured format
- Objection: Object to processing based on legitimate interests
- Restriction: Request limited processing of your data
- Opt-out of Sale: California residents can opt out of data "sales" (we do not sell data)
To exercise these rights, contact us at privacy@blessed-bits.com. We will respond within 30 days and may request identity verification.
8. Security Measures
We implement industry-standard security measures:
- Encryption: TLS/SSL for data in transit, AES-256 for sensitive data at rest
- Access Controls: Role-based permissions, mandatory 2FA for admin accounts
- Password Security: Bcrypt hashing with high work factor
- Payment Security: PCI DSS compliance via Stripe (we never store card numbers)
- Threat Detection: IP reputation checking, rate limiting, honeypot systems
- Regular Audits: Security reviews and vulnerability assessments
In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by GDPR.
9. Cookies and Tracking
Essential Cookies
Required for site functionality (authentication, session management). These cannot be disabled.
Analytics Cookies
Help us understand how visitors use our site. You can opt out via your browser settings or our cookie consent banner.
Third-Party Scripts
Stripe's fraud detection scripts may collect device fingerprint data to prevent fraudulent transactions. See Stripe's privacy policy for details.
Cloudflare Turnstile
We use Cloudflare Turnstile for bot protection on forms. This may collect limited device data. See Cloudflare's Privacy Policy.
10. International Transfers
Your data may be transferred to and processed in the United States, where our servers and service providers are located. For EU residents, we rely on:
- EU-U.S. Data Privacy Framework certifications of our service providers
- Standard Contractual Clauses where applicable
11. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes:
- We will update the "Last Updated" date at the top
- We will notify registered users via email
- Significant changes will be highlighted on our website
Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
Questions About Your Privacy?
If you have questions about this Privacy Policy or want to exercise your rights, please contact us:
Email: privacy@blessed-bits.com
General Inquiries: Contact Form