Privacy Policy

Last updated: February 17, 2026

1. Introduction

This Privacy Policy describes how C5S Technology Limited ("we," "us," or "our"), a company incorporated in Hong Kong, operating under the brand BiVelio, and its European holding entity Chronos Technology SLU, registered in Andorra, collects, uses, discloses, and protects your personal information when you use our platform and services available at c5s.xyz and associated applications (the "Service").

By accessing or using BiVelio, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Data Controller

The data controller responsible for your personal data is:

  • C5S Technology Limited — Hong Kong (Patent Holder & Product Owner)
  • Chronos Technology SLU — Andorra (European Holding Entity)
  • Website: c5s.xyz
  • General contact: support@bivelio.com
  • Privacy / Data Protection Officer: privacy@bivelio.com

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Full name, email address, organization name, and password when you create an account.
  • Profile Information: Job title, phone number, and other details you add to your profile.
  • Payment Information: Billing address and payment method details processed through our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.
  • Communications: Information you provide when contacting our support team, submitting feedback, or participating in surveys.
  • User Content: Data, documents, workflows, agent configurations, and any other content you create, upload, or process through the Service.

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, time spent on the Service, and interaction patterns.
  • Device Information: Browser type and version, operating system, device type, screen resolution, and unique device identifiers.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Cookies and Similar Technologies: We use essential cookies for authentication and session management, and analytics cookies to improve our Service. See Section 9 for details.

3.3 Information from Third-Party Integrations

When you connect third-party services (e.g., Google, Meta, WhatsApp, Telegram, HubSpot, Stripe), we may receive information from those services in accordance with their privacy policies and the permissions you grant. This may include:

  • OAuth tokens and authorization credentials
  • Contact lists and customer data from CRM integrations
  • Messaging history from connected channels
  • Calendar events and scheduling data

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the BiVelio platform, including AI agent management, workflow automation, and multi-channel communication.
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support.
  • Communication: To send service-related notifications, security alerts, and updates. Marketing communications are sent only with your consent.
  • Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and develop new features.
  • Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
  • AI Processing: To power AI-driven features such as intelligent agents, smart attachments, data classification, and automated workflows. Your data processed by AI models is not used to train third-party models.

5. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to deliver the Service you have subscribed to.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent, such as for marketing communications or optional analytics cookies.
  • Legal Obligation: Processing necessary to comply with our legal obligations.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Affiliated Entities: Between C5S Technology Limited and Chronos Technology SLU for operational purposes.
  • Service Providers: Third-party vendors who assist in delivering the Service (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to protect your data and use it only as directed.
  • Third-Party Integrations: When you explicitly connect third-party services, data is shared as necessary to enable the integration.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
  • With Your Consent: In any other case where you have given explicit consent.

7. International Data Transfers

As a global service operated from Hong Kong and Andorra, your data may be transferred to, stored, and processed in jurisdictions outside your country of residence. When we transfer data internationally, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • Encryption in transit and at rest
  • Assessment of the data protection laws in recipient countries

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Data: Retained while your account is active and for 30 days after deletion request.
  • Usage Logs: Retained for up to 12 months for analytics and security purposes.
  • Audit Logs: Retained for up to 7 years to meet regulatory compliance requirements.
  • Backup Data: Retained for up to 90 days after deletion from active systems.

9. Cookies and Tracking Technologies

We use the following types of cookies:

  • Strictly Necessary Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Functional Cookies: Remember your preferences and settings to enhance your experience.
  • Analytics Cookies: Help us understand how the Service is used to improve performance and features. These are only set with your consent.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10. Data Security

We implement industry-standard security measures to protect your personal data, including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls (RBAC) and Row-Level Security (RLS)
  • Regular security audits and penetration testing
  • SOC 2 Type II compliant infrastructure
  • Multi-factor authentication support
  • Automated threat detection and monitoring

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing of your data.
  • Portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at privacy@bivelio.com. We will respond within 30 days of receiving your request.

12. Children's Privacy

BiVelio is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • C5S Technology Limited — Hong Kong
  • Chronos Technology SLU — Andorra
  • General: support@bivelio.com
  • Privacy / DPO: privacy@bivelio.com
  • Website: c5s.xyz

16. Supervisory Authority

If you are located in the EEA and believe that our processing of your personal data infringes applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. For users in Andorra, complaints can be directed to the Agència Andorrana de Protecció de Dades (APDA).