Privacy Policy

1. Who We Are

Bloxova ("we", "us", "our") operates the Bloxova platform at https://plum-finch-172699.hostingersite.com. We act as the data controller for personal data you provide when creating an account or using our services.

2. What Data We Collect

Category	Data	Source
Account data	Name, email address, hashed password, plan type	Provided by you at registration
Billing data	Payment method details (tokenised), billing address, invoice history	Collected by Stripe on our behalf
Widget data	Widget names, configurations, embed slugs	Created by you in the builder
Analytics data	Aggregate daily counts of widget views, interactions, and email captures (no IPs stored)	Collected automatically when widgets are used
Usage data	Pages visited, actions taken within the dashboard, timestamps	Collected automatically via server logs

3. How We Use Your Data

We use collected data to:

Provide, operate, and improve the Service
Process payments and manage your subscription
Send transactional emails (account creation, password reset, billing receipts)
Show you analytics about your widgets' performance
Enforce our Terms of Service and prevent abuse
Comply with legal obligations

We do not sell your personal data. We do not use your data for advertising profiling.

4. Data Collected via Embedded Widgets

When your widgets are embedded on third-party websites, our embed script:

Records a view event when the widget loads
Records an interaction event when a visitor interacts with the widget
Records an email address if a visitor submits the email capture form (Pro/Studio plans)

We do not store IP addresses, cookies, or fingerprints from end users of embedded widgets. Analytics are aggregate counts only.

If you use the email capture feature, the email addresses collected from your widget end users are stored in your account and governed by your own privacy obligations toward those users. You are the data controller for those email addresses.

5. Data Sharing

We share your data only with trusted sub-processors necessary to run the Service:

Stripe — payment processing. Stripe Privacy Policy
Hosting provider — infrastructure and server storage

We may disclose your data if required to do so by law or if we believe such action is necessary to comply with a legal obligation, protect our rights, or prevent fraud.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, all associated data (widgets, analytics, captured emails) is permanently deleted immediately.

Billing records (invoices) may be retained for up to 7 years to comply with tax and accounting obligations, even after account deletion.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights regarding your personal data:

Access — request a copy of the data we hold about you
Rectification — update inaccurate data via your account settings
Erasure — delete your account and all associated data at any time from Settings → Security
Portability — request an export of your widget configurations
Objection — object to processing where we rely on legitimate interests
Lodge a complaint — with your national data protection authority

To exercise any of these rights, contact us at privacy@bloxova.io.

8. Cookies

We use a single session cookie (bloxova_sess) to keep you logged in. This cookie is:

HTTP-only (not accessible to JavaScript)
Deleted when you log out or close your browser
Strictly necessary — no marketing or tracking cookies are used on the dashboard

The public landing page does not set any cookies unless you are logged in.

9. Security

We implement appropriate technical and organisational measures to protect your data:

Passwords are hashed using bcrypt with cost factor 12 — we never store plain text passwords
All data is transmitted over HTTPS
Database access is restricted to application-layer only
Payment data is handled entirely by Stripe — we never see full card numbers

No system is 100% secure. If you discover a security vulnerability, please report it to security@bloxova.io.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice in the dashboard. The date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related questions or requests, contact us at privacy@bloxova.io.

For general queries, see our Terms of Service or email hello@bloxova.io.

Contents