Privacy Policy

How Bashdoor Technologies LLC collects, uses, and protects your information.

Last updated: May 6, 2026 · Effective: May 6, 2026

1. Introduction

Bashdoor Technologies LLC ("Bashdoor", "we", "us", or "our") operates the Bashdoor white-label development platform and related services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services or visit our website at bashdoor.com.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account information: Name, email address, business name, billing address, phone number, and password.
• Tenant configuration data: Branding assets (logos, colors), custom domains, email sender identities, and platform settings you configure for your tenants.
• Communication data: Information you provide when you contact us for support or other inquiries.
• Payment information: Payment card details and billing information processed through our third-party payment providers (we do not store full card numbers).

2.2 Information Collected Automatically

• Usage data: Information about how you use our Services, including pages visited, features used, and time spent.
• Device information: IP address, browser type, operating system, device identifiers, and similar technical data.
• Cookies and similar technologies: We use cookies to maintain sessions, remember preferences, and analyze platform usage.

2.3 End-User Data (Your Tenants' Users)

As a multi-tenant platform, Bashdoor processes data belonging to your tenants' end users on your behalf. You are the data controller for this information; Bashdoor acts as a data processor. You are responsible for obtaining appropriate consents and ensuring lawful processing of end-user data.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and send related transactional emails (account verification, password resets, two-factor authentication codes, security alerts)
• Respond to comments, questions, and customer service requests
• Send technical notices, updates, security alerts, and administrative messages
• Monitor and analyze trends, usage, and activities to improve our Services
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations

4. Transactional Email Communications

Bashdoor sends transactional emails as a core part of our Services. These include:

• Account verification on signup (double opt-in)
• Password reset and account recovery flows
• Two-factor authentication codes
• Security alerts (new login, password changes, suspicious activity)
• Critical service notifications
• Receipts and billing notifications

These emails are necessary for the operation of the Services and cannot be opted out of without closing your account. We do not send marketing or promotional emails without explicit consent. All emails comply with applicable law including the CAN-SPAM Act and GDPR transparency requirements.

5. Sharing Your Information

We do not sell your personal information. We share information only in the following circumstances:

• Service providers: With third-party vendors who help us operate the Services (cloud infrastructure, payment processors, email delivery, analytics). These providers are contractually obligated to protect your information.
• Legal obligations: When required by law, subpoena, court order, or to protect our rights, property, or safety.
• Business transfers: In connection with a merger, acquisition, or sale of all or part of our assets.
• With your consent: When you have given us explicit consent to share your information.

5.1 Subprocessors

We use the following categories of subprocessors:

• Cloud infrastructure (Amazon Web Services)
• Payment processing (Stripe)
• Email delivery (Amazon SES, Postmark, or equivalent)
• Analytics (privacy-respecting analytics providers)
• Customer support tooling

A current list of subprocessors is available upon request at [email protected].

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption in transit (TLS) and at rest
• Access controls and authentication mechanisms
• Regular security audits and updates
• Tenant data isolation in our multi-tenant architecture
• Incident response procedures

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. After account closure, data may be retained in backups for up to 90 days before permanent deletion.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Request transfer of your data to another service
• Objection: Object to certain types of processing
• Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

Bashdoor is based in the United States and primarily processes data in the U.S. By using our Services, you acknowledge that your information may be transferred to, stored, and processed in countries that may have different data protection laws than your jurisdiction. Where required by law, we implement appropriate safeguards such as Standard Contractual Clauses for international transfers.

10. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

11. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. Bashdoor does not sell personal information. To exercise California-specific rights, contact [email protected].

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including the right to lodge a complaint with your supervisory authority. The legal basis for our processing includes contractual necessity, legitimate interests, and consent where applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this policy. For material changes, we will provide more prominent notice (such as via email or in-app notification). We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: