Privacy Policy

This Privacy Policy describes how BIMIHosting, operated by DuoCircle LLC ("BIMIHosting," "we," "us" or "our") handles personal information that we collect through our website at bimihosting.com (the "Site"), our free BIMI logo hosting service (the "Service"), and through our business operations.

BIMIHosting is a free service that allows users to upload, validate, and host BIMI-compliant SVG logos for use with email authentication. The Service is provided at no cost to users.

Table of Contents

• Information We Collect
• How We Use Your Information
• How We Share Your Information
• Social Login and OAuth Providers
• Data Retention
• Security
• Your Choices and Rights
• International Data Transfers
• Children's Privacy
• Changes to This Policy
• Contact Us
• California Privacy Rights
• European Privacy Rights

Information We Collect

Information You Provide

• Account Information: Name, email address, and password when you create an account. If you sign in with a social provider (Google, GitHub, or Microsoft), we receive your name and email address from that provider.
• Uploaded Content: SVG logo files that you upload to the Service for BIMI hosting. These files are stored and served publicly as part of the Service.
• Communications: Information you provide when you contact our support team or communicate with us.

Information Collected Automatically

• Usage Data: Information about how you interact with our Site and Service, including access times, pages viewed, and features used.
• Device Information: IP address, browser type, operating system, and device identifiers.
• Cookies: We use cookies and similar technologies as described in our Cookie Notice.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our free BIMI logo hosting Service
• Host and serve your uploaded SVG logos via our content delivery network
• Validate uploaded SVG files for BIMI compliance
• Manage your account and authenticate your identity
• Communicate with you about service updates and support
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms of service
• Analyze usage patterns to improve our Service

How We Share Your Information

We may share your information with:

• Service Providers: Third parties who help us operate the Service, including cloud hosting providers (Cloudflare, Vercel), database providers (Neon), and analytics tools.
• Legal Requirements: When required by law, subpoena, or other legal process, or to protect our rights and the rights of others.
• Business Transfers: In connection with a merger, sale, or acquisition of all or part of our business.
• Consent: With your consent or at your direction.

Important: We do not sell or rent your personal information to third parties for their marketing purposes. Your uploaded SVG logos are hosted publicly as part of the BIMI hosting service, which is the core purpose of the Service.

Social Login and OAuth Providers

BIMIHosting offers sign-in via Google, GitHub, and Microsoft. When you use social login, we receive only your name and email address from the provider to create or link your account.

• We do not access your contacts, files, repositories, or other data from these providers.
• We do not post or take actions on your behalf on any social platform.
• We do not use data obtained from Google APIs to develop, improve, or train generalized AI and/or ML models.
• OAuth tokens are stored securely and used only to verify your identity during authentication.

You can revoke BIMIHosting's access at any time through your Google, GitHub, or Microsoft account settings.

Data Retention

We retain personal information as follows:

• Account Information: Retained for the duration of your account and a reasonable period thereafter for legal and business purposes.
• Uploaded SVG Logos: Retained for the duration of your account. When you delete a logo or your account, the files are removed from our hosting infrastructure.
• Logs and Analytics: Generally retained for 90 days unless needed for security or legal purposes.

Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS) and at rest
• Secure authentication with password hashing and OAuth 2.0 with PKCE
• Access controls and session management
• Regular security assessments

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your Choices and Rights

You have the following choices regarding your information:

• Access and Update: You can access and update your account information through the Settings page in your dashboard.
• Delete Your Logos: You can delete any uploaded SVG logos at any time from your dashboard.
• Cookies: You can manage cookie preferences through your browser settings. See our Cookie Notice for details.
• Account Deletion: You can request deletion of your account and all associated data by contacting us.

International Data Transfers

We are based in the United States and process information in the U.S. If you are located outside the U.S., please be aware that information we collect will be transferred to and processed in the U.S., which may have different data protection laws than your country.

For users in the European Economic Area, UK, or Switzerland, we provide appropriate safeguards for data transfers in compliance with applicable data protection laws.

Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective as of" date.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

California Privacy Rights

California residents: This section describes the rights of California residents under the California Consumer Privacy Act ("CCPA") and how to exercise them.

Your California Privacy Rights

If you are a California resident, you have the following rights:

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of Information We Collect

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (e.g., name, email address, IP address)
• Internet or network activity (e.g., browsing history on our Site)

How to Exercise Your Rights

To exercise your rights under the CCPA, please contact us at:

• Email: privacy@duocircle.com
• Phone: 1-866-925-2669

"Do Not Sell My Personal Information"

We do not sell personal information to third parties for monetary or other valuable consideration. Therefore, we do not offer an opt-out from the sale of personal information.

European Privacy Rights

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under applicable data protection laws, including:

• Right of access: Request access to your personal information
• Right to rectification: Request correction of inaccurate personal information
• Right to erasure: Request deletion of your personal information
• Right to restrict processing: Request that we limit how we use your information
• Right to data portability: Request a copy of your information in a portable format
• Right to object: Object to certain processing of your personal information
• Right to withdraw consent: Where we rely on consent, you may withdraw it at any time

Legal Basis for Processing: We process personal information based on the following legal grounds:

• Contract performance (to provide our Service)
• Legitimate interests (to operate and improve our Service)
• Legal compliance (to comply with applicable laws)
• Consent (where required)

To exercise these rights or file a complaint with your local data protection authority, please contact us using the information provided above.