Privacy Policy

Effective: 14 May 2026

1. Who we are

Busacta operates this platform for accounting and operations management. We act as a data processor for customer data and as a controller for account and billing data.

2. Data we collect

• Account data — name, email, role.
• Firm & client records — firm details, contacts, projects, invoices, tasks.
• Audit & security logs — request IP, user agent, access events.

We do not intentionally collect protected health information (PHI). Healthcare-regulated data requires a signed Business Associate Agreement before onboarding.

3. How we use it

To provide the service, secure it, satisfy legal/tax obligations (7-year retention for financial records), and improve product quality.

4. Sharing

Data is processed by vetted subprocessors under signed DPAs: Lovable Cloud (database, storage, auth) and Cloudflare (edge / CDN). We do not sell personal data.

5. Your rights

Access, rectification, erasure, portability, and the right to lodge a complaint with your supervisory authority. Email privacy@busacta.com — we respond within 30 days.

6. Security

TLS in transit, AES-256 at rest, MFA required for privileged roles, append-only audit trail, leaked-password protection (HIBP). See our Security overview.

7. Retention

Account data: life of account + 7 years. Audit logs: 7 years. Technical logs: 90 days.

8. Contact

Privacy Officer — privacy@busacta.com