Конфиденциальность

We collect only the data necessary to provide the service:

• Account information: name, email, language preference
• Company data: company name, registration and VAT numbers, legal address, bank accounts
• Financial data: invoices, journal entries, contacts, inventory, payroll — partitioned by company
• Usage data: login timestamps, pages visited, anonymised feature usage
• Cookies: essential session cookies; optional analytics cookies

• To provide the bookkeeping service you signed up for (contract fulfilment)
• To comply with legal obligations (tax reporting, financial record retention)
• To improve the service based on anonymised patterns (legitimate interest)
• To protect your account and detect unauthorised access

Security is built in, not bolted on:

• All data encrypted in transit using TLS 1.3 (HTTPS)
• Passwords hashed with bcrypt — we never store or see your password
• Role-based access control on every endpoint
• Full audit trail on every data modification
• Daily encrypted backups with point-in-time recovery

Two categories:

• Essential cookies — Required for authentication, security, and basic functionality. Cannot be disabled.
• Analytics cookies — Help us understand how the service is used so we can improve it. Optional — opt out anytime.

Manage your cookie preferences via the consent banner on first visit, or in account settings.

As a user in the EU/EEA, you have the following rights:

• Right of access (Art. 15) — Request a copy of all personal data we hold about you. Available via Export my data in settings.
• Right to rectification (Art. 16) — Update or correct your personal data through your profile settings.
• Right to erasure (Art. 17) — Request deletion of your account. Note: financial records may be retained for legally required periods.
• Right to data portability (Art. 20) — Export your data in structured, machine-readable JSON format.
• Right to object (Art. 21) — Object to processing of your data for analytics. Opt out of analytics cookies at any time.

Financial records are retained for the legally required period — typically 5 years in Latvia, 10 years in Bulgaria, 5 years in Montenegro. Personal profile data is anonymised on account deletion. Anonymised analytics may be retained indefinitely (no personal data).

PostgreSQL for data storage, Redis for caching, AWS S3 for file storage (encrypted, EU region). Transactional email providers for sending invoices and notifications. We do not sell, rent, or share your personal data with third parties for marketing.

For privacy questions, data requests, or complaints, contact our Data Protection Officer at:

info@bilenta.com