Privacy Policy

This Privacy Policy describes how C5S Technology Limited ("we," "us," or "our"), a company incorporated in Hong Kong and operator of the BiVelio platform, collects, uses, discloses, and protects your personal information when you use our platform and services (the "Service"). BiVelio is a brand of the Chronos Technology SLU group, the holding entity based in Andorra and owner of the associated trademark, patents and intellectual property.

By accessing or using BiVelio, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our Service.

The data controller responsible for your personal data is:

• C5S Technology Limited — Hong Kong (Service Operator)
• Chronos Technology SLU — Andorra (Brand, Patents & IP Holder)
• Website: c5s.xyz
• General contact: support@bivelio.com
• Privacy / Data Protection Officer: privacy@bivelio.com

3.1 Information You Provide Directly

• Account Information: Full name, email address, organization name, and password when you create an account.
• Profile Information: Job title, phone number, and other details you add to your profile.
• Payment Information: Billing address and payment method details processed through our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.
• Communications: Information you provide when contacting our support team, submitting feedback, or participating in surveys.
• User Content: Data, documents, workflows, agent configurations, and any other content you create, upload, or process through the Service.

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, time spent on the Service, and interaction patterns.
• Device Information: Browser type and version, operating system, device type, screen resolution, and unique device identifiers.
• Log Data: IP address, access times, referring URLs, and error logs.
• Cookies and Similar Technologies: We use essential cookies for authentication and session management, and analytics cookies to improve our Service. See Section 9 for details.

3.3 Information from Third-Party Integrations

When you connect third-party services (e.g., Google, Meta, WhatsApp, Telegram, HubSpot, Stripe), we may receive information from those services in accordance with their privacy policies and the permissions you grant. This may include:

• OAuth tokens and authorization credentials
• Contact lists and customer data from CRM integrations
• Messaging history from connected channels
• Calendar events and scheduling data

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve the BiVelio platform, including AI agent management, workflow automation, and multi-channel communication.
• Account Management: To create and manage your account, authenticate your identity, and provide customer support.
• Communication: To send service-related notifications, security alerts, and updates. Marketing communications are sent only with your consent.
• Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and develop new features.
• Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• AI Processing: To power AI-driven features such as intelligent agents, smart attachments, data classification, and automated workflows. Your data processed by AI models is not used to train third-party models.

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to deliver the Service you have subscribed to.
• Legitimate Interests: Processing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
• Consent: Where you have given explicit consent, such as for marketing communications or optional analytics cookies.
• Legal Obligation: Processing necessary to comply with our legal obligations.

We do not sell your personal data. We may share your information with:

• Affiliated Entities: Between C5S Technology Limited (service operator) and Chronos Technology SLU (group holding, brand owner) for operational and group governance purposes.
• Service Providers: Third-party vendors who assist in delivering the Service (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to protect your data and use it only as directed.
• Third-Party Integrations: When you explicitly connect third-party services, data is shared as necessary to enable the integration.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
• With Your Consent: In any other case where you have given explicit consent.

As a global service operated by C5S Technology Limited (Hong Kong) within the Chronos Technology SLU group (Andorra), your data may be transferred to, stored, and processed in jurisdictions outside your country of residence. When we transfer data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Encryption in transit and at rest
• Assessment of the data protection laws in recipient countries

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Data: Retained while your account is active and for 30 days after deletion request.
• Usage Logs: Retained for up to 12 months for analytics and security purposes.
• Audit Logs: Retained for up to 7 years to meet regulatory compliance requirements.
• Backup Data: Retained for up to 90 days after deletion from active systems.

We use the following types of cookies:

• Strictly Necessary Cookies: Required for authentication, session management, and security. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings to enhance your experience.
• Analytics Cookies: Help us understand how the Service is used to improve performance and features. These are only set with your consent.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

We implement industry-standard security measures to protect your personal data, including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Role-based access controls (RBAC) and Row-Level Security (RLS)
• Regular security audits and penetration testing
• SOC 2 Type II compliant infrastructure
• Multi-factor authentication support
• Automated threat detection and monitoring

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request restriction of processing of your data.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at privacy@bivelio.com. We will respond within 30 days of receiving your request.

BiVelio is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

• C5S Technology Limited — Hong Kong (Service Operator)
• Chronos Technology SLU — Andorra (Brand, Patents & IP Holder)
• General: support@bivelio.com
• Privacy / DPO: privacy@bivelio.com
• Website: c5s.xyz

If you are located in the EEA and believe that our processing of your personal data infringes applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. For users in Andorra, complaints can be directed to the Agència Andorrana de Protecció de Dades (APDA).