Privacy Policy

1. Introduction

Build Beyond Hightech LLC ("BBH," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at bbhightech.com, use our client portal, or engage our services.

By using our website or services, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

Data Controller: Build Beyond Hightech LLC, operated by Thamer Baccouch. For any privacy-related inquiries, contact us at support@bbhightech.com.

2. Information We Collect

2.1 Information You Provide Directly

When you register for an account through our client portal or contact us, we may collect the following personal information:

• Full name — required for account creation and communication
• Email address — required for account authentication, communication, and service delivery
• Phone number — optional, collected only if you provide it for communication purposes
• Business name — collected to identify your project and tailor our services
• Website URL — collected when relevant to the services we provide for you

2.2 Information Collected Automatically

We do not use analytics tracking tools or third-party analytics services on our website. We do not track your browsing behavior, set advertising cookies, or build behavioral profiles.

Our web server may automatically log standard access information, including your IP address, browser type, referring URL, and timestamps. These server logs are used solely for security monitoring and infrastructure maintenance, and are not used for tracking or profiling purposes.

2.3 Authentication Data

When you log in to the client portal, a JSON Web Token (JWT) is stored in your browser's localStorage. This token is used solely to authenticate your session and does not contain sensitive personal data beyond what is necessary for identification. The token expires automatically and is removed upon logout.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• Service delivery: To design, develop, host, and maintain your website as agreed upon
• Account management: To create and manage your client portal account, process orders, and provide customer support
• Communication: To respond to your inquiries, send service-related updates, and provide technical support via email or WhatsApp
• Billing and payments: To process payments for hosting, premium upgrades, and source code purchases through our payment processor
• Legal compliance: To comply with applicable laws, regulations, and legal obligations
• Security: To detect, prevent, and address technical issues, fraud, or security threats

We do not use your information for automated decision-making or profiling. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Third-Party Service Providers

We share your personal information only with the following third-party service providers, and only to the extent necessary to deliver our services:

• LemonSqueezy (payment processing) — When you make a payment for hosting, premium upgrades, or source code purchases, your payment information is processed by LemonSqueezy. We do not store your credit card details or full payment information on our servers. LemonSqueezy's handling of your data is governed by their own privacy policy, available at lemonsqueezy.com/privacy.
• DigitalOcean (hosting infrastructure) — Your website and account data are hosted on EU-based Virtual Private Servers (VPS) provided by DigitalOcean. DigitalOcean acts as a data processor on our behalf. Their privacy policy is available at digitalocean.com/legal/privacy-policy.
• Namecheap / privateemail.com (email service) — Our email communications are sent through privateemail.com (operated by Namecheap) from support@bbhightech.com. Emails you send to us are processed through this service.

We do not share your personal information with any other third parties unless required by law or with your explicit consent.

5. Cookies and Local Storage

Our website does not use tracking cookies, advertising cookies, or third-party cookies.

We use browser localStorage solely for the following purpose:

• Authentication token (JWT): Stored when you log in to the client portal to maintain your authenticated session. This token is removed when you log out or when it expires.

localStorage is not a cookie and is not sent to our server with every request. It is accessible only by our website's client-side code and is used exclusively for session management.

6. Data Storage and Security

Your data is stored on EU-based servers provided by DigitalOcean. We implement appropriate technical and organizational measures to protect your personal information, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• Secure password hashing for account credentials
• Access controls limiting who can view or modify client data
• Regular server security updates and monitoring

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your personal information.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data (name, email, business name): Retained for the duration of your active account and for up to 12 months after account closure or service termination, to allow for reactivation or follow-up.
• Website files and content: Retained for the duration of your active hosting subscription. Upon cancellation, website files are retained for 30 days before deletion to allow for data retrieval.
• Payment records: Retained as required by applicable tax and accounting laws (typically 7 years).
• Communication records: Retained for up to 24 months for customer support and service quality purposes.
• Server logs: Retained for up to 90 days for security and operational purposes.

You may request earlier deletion of your data at any time by contacting us (see Section 9).

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or if your data is processed on EU-based servers, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten"): You have the right to request that we delete your personal data, subject to certain legal exceptions (such as data required for legal compliance).
• Right to restriction of processing: You have the right to request that we limit how we use your data in certain circumstances.
• Right to data portability: You have the right to request your personal data in a structured, commonly used, machine-readable format.
• Right to object: You have the right to object to our processing of your personal data for specific purposes.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at support@bbhightech.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

9. International Data Transfers

Your personal data is primarily stored and processed on EU-based servers. In cases where data may be accessed from outside the EEA (for example, during service delivery by our team), we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete that information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

For significant changes that materially affect how we handle your personal data, we will make reasonable efforts to notify you via email or through a notice on our website.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your personal information is handled, please contact us:

• Email: support@bbhightech.com
• WhatsApp: +216 92 915 767

We aim to respond to all privacy-related inquiries within 30 days.