Bizou
Order audit
Legal

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how Bizou ("we", "our") collects, uses, and protects your personal data. We are committed to GDPR compliance and transparency.

1. Who we are

Bizou is a career intelligence service operated from Brussels, Belgium. For privacy-related questions, contact us at hello@bizou.app. We act as the data controller for the personal data described below.

2. What data we collect

When you order a Bizou career audit, we collect:

  • Identity & contact: your full name and email address.
  • Professional data you provide: GitHub username, bio, answers to a short career questionnaire, and an optional CV upload (PDF).
  • GitHub public data: we read your public profile and top public repositories via the GitHub API (no private repos are accessed).
  • Payment metadata: a unique payment reference we issue to match your SEPA transfer to your order. We never see your bank credentials.
  • Generated content: the career report (PDF) we produce for you.
  • Anonymous analytics: page views and country-level data (no personal identifiers).

3. Why we collect it

  • To generate and deliver your personalized career report.
  • To match your SEPA payment to your order and provide receipts.
  • To contact you about your order (delivery, follow-up, support).
  • To improve the service based on aggregated, anonymous usage patterns.

We do not send marketing emails. You will only receive emails directly related to a service you have purchased.

4. Legal basis (GDPR Article 6)

We process your data on two legal bases:

  • Contract performance (Art. 6(1)(b)) — for everything required to deliver your audit (CV processing, GitHub fetch, AI analysis, PDF generation, email delivery, payment matching).
  • Consent (Art. 6(1)(a)) — for any optional processing, given when you submit the order form. You can withdraw consent at any time (see Section 6).

5. Who we share data with

We do not sell your data. Ever. We share it only with the following infrastructure providers, all of whom are bound by Data Processing Agreements (DPAs):

  • Supabase — database and file storage. Data resides in the EU (Frankfurt region).
  • Vercel — website hosting.
  • Inngest — workflow orchestration for the report generation pipeline.
  • Resend — transactional email delivery (order confirmation, report ready notification).
  • Anthropic — provider of the Claude AI models used to extract CV content and generate your report. This involves transfer of your professional data to Anthropic in the United States, under Standard Contractual Clauses (SCCs). Anthropic does not train models on customer data (zero data retention policy via API).
  • GitHub — public profile and repository data is fetched from GitHub's public API. No data is shared back to GitHub beyond the standard API request.

6. Your rights

Under GDPR, you have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Delete your data (right to be forgotten)
  • Export your data (data portability)
  • Withdraw consent at any time
  • File a complaint with the Belgian Data Protection Authority (gegevensbeschermingsautoriteit.be / autoriteprotectiondonnees.be)

To exercise any of these rights, email hello@bizou.app. We will respond within 30 days.

7. How long we keep data

We keep your report and order data until you request deletion. This lets you re-download your report at any time. To delete your data, email hello@bizou.app and we will permanently remove your report, order details, and associated data within 30 days.

Payment records (the fact that an order was paid and refunded, if applicable) may be retained for up to 7 years to comply with Belgian accounting law, even after deletion of the personal data.

8. Cookies

We use only essential cookies (for security and basic functionality). We do not use marketing or tracking cookies. We do not run advertising.

9. Changes to this policy

We may update this Privacy Policy as Bizou evolves. Material changes affecting existing customers will be communicated by email.