Effective Date: 21 June 2026 | Last Updated: 21 June 2026
This Privacy Policy explains how Bizlumo ERP ("Company", "we", "our", "us") collects, uses, discloses, retains and protects personal data when you use our websites, applications and related services (the "Services"), and the rights and choices available to you. We act as a data controller for personal data relating to our website visitors, account holders and billing contacts, and as a data processor for personal data contained in Customer Data that our customers process using the Services (see our Data Protection declaration).
This Policy applies to personal data we process about (a) visitors to our marketing sites; (b) account administrators and Authorized Users; and (c) billing and support contacts. Where we process Customer Data on behalf of a customer, that customer's own privacy notice and our data-processing terms govern.
We collect data directly from you (registration, use of the Services, communications), automatically (cookies, logs, analytics), and from third parties such as payment processors and, where applicable, referral partners.
Where we send marketing communications, you can opt out at any time via the unsubscribe link or by contacting us. Opting out does not affect service or transactional messages necessary to operate your Account.
We do not sell your personal data. We disclose personal data only to: (a) service providers and sub-processors who process it on our behalf under contract (hosting, payment, email/SMS, analytics, support); (b) professional advisers and auditors; (c) authorities or parties where required by law, legal process, or to protect rights, safety and security; and (d) a successor entity in connection with a merger, acquisition or asset sale, subject to confidentiality.
We use vetted sub-processors to deliver the Services. They are bound by data-protection obligations and may only process data per our instructions. A current list is available on request; see our Data Protection declaration.
Your personal data may be processed in countries other than your own, which may have different data-protection laws. Where we transfer personal data internationally, we use appropriate safeguards such as adequacy decisions or standard contractual clauses.
We retain personal data for as long as your Account is active and thereafter only as needed to provide the Services, comply with legal, tax and accounting obligations, resolve disputes and enforce our agreements. Retention criteria include the nature of the data, the purpose of processing, and legal requirements. You may request deletion as described below; Customer Data is handled per your instructions and our data-processing terms.
We maintain administrative, technical and organisational measures designed to protect personal data, including encryption in transit (TLS), hashing of credentials, access controls and least-privilege access, network protections, logging and monitoring, and regular backups. No system is completely secure; we cannot guarantee absolute security but will notify you of material breaches affecting your data as required by law.
Subject to applicable law, you may have the right to: access your personal data; rectify inaccurate data; erase data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time. To exercise these rights, contact us through your dashboard; we will respond within the timeframe required by law (generally within 30 days). You may also lodge a complaint with your local data-protection supervisory authority.
If you are a California resident, you have rights to know the categories and specific pieces of personal information collected, to delete personal information, to correct inaccurate information, and to opt out of "sale" or "sharing" of personal information. We do not sell personal information. You may exercise these rights as described above and will not be discriminated against for doing so.
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing without appropriate safeguards.
The Services are intended for business use and are not directed to children under 16. We do not knowingly collect personal data from children; if you believe a child has provided data, contact us and we will delete it.
The Services may link to third-party websites or services that we do not control. This Policy does not apply to them; please review their privacy notices.
We may update this Policy from time to time. We will post the revised version with a new "Last Updated" date and, for material changes, provide additional notice through the Services or by email.
For privacy questions, requests, or to contact our data-protection contact, use the support options in your account dashboard. If you are in the EEA/UK, you also have the right to complain to your supervisory authority.
The integrated CRM and POS features are a game changer. We no longer juggle multiple systems, and the reporting tools give us instant insights into sales and customer trends.