Privacy Policy
AGP1 — a product of BizCode Sp. z o.o. Last updated: March 2026
1. Data Controller
The data controller is BizCode Sp. z o.o. with its registered office at ul. Życzliwa 25/2, 53-030 Wrocław, Poland (hereinafter: “BizCode”, “we”, “us”).
You can contact us regarding data protection matters at: [email protected] or by post at the address above.
2. Scope
This Privacy Policy applies to the AGP1 application available at https://agp1.bizcode365.com and all related services provided by BizCode (hereinafter: the “Service”).
3. Data We Collect
3.1 Account Data
When you register or are onboarded to AGP1, we collect:
- First name, last name
- Email address
- Organization name
- Role within the organization
3.2 Service Usage Data
When you use AGP1, we collect data about your interactions with the Service, including:
- Pages visited and features used
- Actions performed (e.g., creating or updating records)
- Session duration and frequency of use
- Browser type, device type, operating system, and language settings
AGP1 uses different analytics tools depending on the part of the Service:
Landing page (bizcode365.com): We use Google Analytics 4 (loaded via Google Tag Manager) to understand how visitors interact with the website. GA4 collects pages visited, scroll depth, click interactions, session duration, browser/device type, referral source, and conversion events (e.g., waitlist signup). GA4 does not collect your name, email address, or form input content. Cookie consent is managed by CookieYes. All analytics storage is denied by default (Google Consent Mode v2) and fires only after you explicitly grant consent.
Dashboard application (app.bizcode365.com): We use PostHog (EU datacenter) to understand how users interact with the application. Users are identified by anonymized identifiers (user ID and organization ID) only — names, emails, and other personal data are not sent to PostHog. Collection occurs only after you provide consent via the cookie banner.
3.3 Business Data
Data you enter into the Service as part of your normal use, including companies, contacts, opportunities, activities, and other CRM records. This data is processed solely to provide the Service to you and your organization.
4. Legal Bases for Processing
We process personal data on the following legal bases under GDPR:
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Performance of a contract (Art. 6(1)(b) GDPR) |
| Account management and authentication | Performance of a contract (Art. 6(1)(b) GDPR) |
| Product analytics and improvement | Consent (Art. 6(1)(a) GDPR) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f) GDPR) |
| Legal obligations (e.g., tax, accounting) | Legal obligation (Art. 6(1)(c) GDPR) |
| Establishing or defending legal claims | Legitimate interest (Art. 6(1)(f) GDPR) |
5. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this policy:
- Account data — for the duration of your use of the Service, and up to 3 years after account closure for legal claims purposes.
- Service usage data — up to 24 months from collection.
- Business data — for the duration of your organization’s subscription. Upon termination, data is deleted within 90 days unless retention is required by law.
6. Data Recipients
Your data may be shared with:
- Our employees and contractors who need access to perform their duties.
- Sub-processors providing infrastructure and services necessary to operate AGP1. Current sub-processors include:
- DigitalOcean LLC — cloud hosting (EU, Frankfurt)
- Google LLC — website analytics via Google Analytics 4 and Google Tag Manager, landing page only (USA; EU Standard Contractual Clauses in place)
- CookieYes Ltd — cookie consent management, landing page only (EU)
- PostHog Inc. — product analytics, dashboard application only, anonymized IDs only (EU)
- Brevo (Sendinblue SA) — transactional email delivery (EU, France/Belgium)
- Authorities, where required by applicable law.
We do not sell your personal data to third parties. Google LLC processes data in the United States under EU Standard Contractual Clauses (SCCs). All other sub-processors process data within the European Economic Area (EEA).
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls, and regular security reviews.
8. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict processing of your data
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal
- Lodge a complaint with the President of the Polish Data Protection Authority (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa)
To exercise your rights, contact us at [email protected].
9. Automated Profiling
AGP1 uses automated scoring of sales opportunities (Deal Health Score) based on activity data, task completion, and pipeline stage duration. This scoring is applied to business data (opportunities), not to personal data of users, and does not produce legal or similarly significant effects on individuals.
10. Data Processing Agreement
Where BizCode processes personal data on behalf of the Customer (as a data processor), the terms of such processing are governed by our Data Processing Agreement, which forms part of the Terms of Service.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be communicated to registered users via email. The latest version is always available within the Service.
Contact: BizCode Sp. z o.o. ul. Życzliwa 25/2, 53-030 Wrocław, Poland [email protected]