Privacy Policy

1. Introduction

BlueZebra B.V., operating PriceList Heaven ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS service in accordance with the General Data Protection Regulation (GDPR) and Dutch data protection laws.

2. Information We Collect

2.1 Personal Data You Provide

• Account information: name, email address, password
• Company information: company name, billing address, VAT number
• Odoo credentials: encrypted connection details to your Odoo instance
• Supplier data: information about your suppliers and their price lists
• Payment information: processed securely by Stripe (we do not store full credit card details)

2.2 Automatically Collected Data

• Usage data: how you interact with our service
• Technical data: IP address, browser type, device information
• Log data: access times, pages viewed, errors encountered
• Cookies: essential cookies for authentication and functionality

3. Legal Basis for Processing

We process your personal data based on:

• Contract performance: To provide our SaaS service to you
• Legitimate interest: To improve our service and communicate with you
• Legal obligation: To comply with tax, accounting, and anti-money laundering regulations
• Consent: For marketing communications (which you can withdraw at any time)

4. How We Use Your Information

• Provide and maintain the PriceList Heaven service
• Process supplier price lists and synchronize with your Odoo instance
• Communicate about your account, service updates, and support
• Process payments and billing
• Improve our service and develop new features
• Ensure security, prevent fraud, and comply with legal obligations
• Respond to support requests and provide customer service

5. Data Sharing and Third Parties

We share your data only with:

• Your Odoo instance: To synchronize price lists and product data as per your instructions
• Stripe: For secure payment processing (see Stripe's privacy policy)
• Email service providers: To send transactional and service emails
• Cloud hosting providers: For infrastructure and data storage
• Legal authorities: When required by law or to protect our rights

We do not sell your personal data to third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit using TLS/SSL
• Encryption at rest for sensitive data (including Odoo credentials)
• Access controls and authentication mechanisms
• Regular security audits and updates
• Secure data centers with physical security measures
• Employee training on data protection

7. Data Retention

• We retain your data for as long as your account is active or as needed to provide services.
• Audit logs are retained according to your subscription plan (1-30 days).
• After account deletion, your data is available for export for 30 days, then permanently deleted.
• We may retain certain data for legal compliance (e.g., invoices for 7 years as required by Dutch law).

8. Your Rights Under GDPR

You have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to data portability: Export your data in a structured format
• Right to restriction: Limit how we process your data
• Right to object: Object to certain types of processing
• Right to withdraw consent: For processing based on consent
• Right to lodge a complaint: With the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

To exercise your rights, contact us at privacy@pricelistheaven.com

9. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).

10. Cookies and Tracking

We use the following types of cookies:

• Essential cookies: Required for authentication and core functionality
• Functional cookies: To remember your preferences (e.g., theme selection)
• Analytics cookies: To understand service usage and improve user experience (with your consent)

You can control cookies through your browser settings.

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our service. The "Last updated" date at the top indicates when this policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: