Bsight AnalyticsPrivacy Policy
Last updated: 4 March 2026
1. Introduction
BSight ("we", "us", "our") is a software as a service platform that provides marketplace analytics for B&Q sellers. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, store, share and protect your personal information when you use the BSight platform, website and related services (collectively, the "Service").
Please read this policy carefully. By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
BSight is the data controller for the personal data processed through the Service. If you have questions or concerns about how your data is handled, you may contact us at:
Email: support@bsight.uk
3. Data We Collect
3.1 Account Data (from Google OAuth)
When you sign up or log in using your Google account, we receive and store the following information provided by Google:
- Full name
- Email address
- Profile picture (avatar URL)
- Google account identifier
3.2 Payment Data
Subscription payments are processed by Stripe. We do not store your full card number, CVV, or other raw payment card details on our infrastructure. Stripe may provide us with:
- Last four digits of your card
- Card brand and expiry date
- Billing address (if provided)
- Stripe customer and subscription identifiers
- Payment status and transaction history
3.3 Usage Data
We may collect information about how you use the Service, including:
- Pages and features accessed
- Actions taken within the platform (e.g. searches, exports)
- Timestamps and frequency of use
- Browser type, operating system and device information
- IP address
3.4 Cookies and Similar Technologies
We use a small number of essential cookies to operate the Service. We do not use analytics or advertising cookies. For full details, see our Cookie Policy.
4. Legal Basis for Processing
Under the UK GDPR, we rely on the following legal bases to process your personal data:
| Processing Activity | Legal Basis |
|---|---|
| Providing and maintaining the Service | Performance of a contract (Article 6(1)(b)) |
| Processing subscription payments | Performance of a contract (Article 6(1)(b)) |
| Account authentication via Google OAuth | Performance of a contract (Article 6(1)(b)) |
| Security, fraud prevention and abuse detection | Legitimate interests (Article 6(1)(f)) |
| Service improvement and usage analytics | Legitimate interests (Article 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Article 6(1)(c)) |
5. How We Use Your Data
We use the personal data we collect to:
- Create and manage your account
- Authenticate your identity and maintain your session
- Process subscription payments and manage billing
- Provide, operate and improve the Service
- Communicate with you about your account, support requests and service updates
- Detect, prevent and address security incidents and fraud
- Comply with legal and regulatory requirements
6. Data Sharing and Third Parties
We do not sell your personal data. We share your information only with the following third party service providers, strictly as necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Authentication (OAuth 2.0) | OAuth tokens; Google provides us your name, email and avatar | |
| Stripe | Payment processing | Email address, payment details, subscription status |
| Railway | Infrastructure hosting | All data processed by the Service transits Railway servers |
We may also disclose your data if required by law, regulation, legal process, or enforceable governmental request.
7. International Data Transfers
Some of our third party service providers (Google, Stripe) are based in or operate from the United States. Where your personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place, such as the provider's adherence to Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), or equivalent mechanisms approved by the Information Commissioner's Office (ICO).
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of your account plus 30 days after deletion |
| Payment and billing records | 6 years after the transaction (legal/tax requirements) |
| Usage data | 12 months on a rolling basis |
| Security and access logs | 90 days (or longer if required for an active investigation) |
When data is no longer needed, it is securely deleted or anonymised.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), secure server infrastructure and access controls limiting who can access personal data.
However, no method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access — You may request a copy of the personal data we hold about you.
- Right to rectification — You may request that we correct any inaccurate or incomplete data.
- Right to erasure — You may request that we delete your personal data, subject to legal retention requirements.
- Right to restriction of processing — You may request that we limit how we process your data in certain circumstances.
- Right to data portability — You may request a copy of your data in a structured, commonly used, machine readable format.
- Right to object — You may object to processing based on legitimate interests.
To exercise any of these rights, please contact us at support@bsight.uk. We will respond to your request within one month, as required by law.
11. Cookies
BSight uses only essential cookies that are strictly necessary for the operation of the Service. We do not use any analytics, advertising, or third party tracking cookies. For full details on the cookies we use, please see our Cookie Policy.
12. Children's Privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at support@bsight.uk and we will promptly delete the information.
13. Right to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
- Website: https://ico.org.uk
- Telephone: 0303 123 1113
We encourage you to contact us first at support@bsight.uk so we have the opportunity to address your concern directly.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
15. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: support@bsight.uk