BCT App — Privacy Policy

Overview

Consult Techies ("we," "us," "our") operates the BCT mobile and web applications and related services (collectively, the "BCT App" or the "Service"). We respect your privacy and are committed to protecting it. This Privacy Policy explains what data we collect, why we collect it, how we use and share it, and the choices you have.

If you do not agree with this Policy, please do not access or use the Service.

1) Who this Policy applies to

• End users/agents using the BCT App.
• Organization administrators who configure or manage BCT workspaces.
• Visitors to consulttechies.com or BCT web pages.

This Policy covers our role as a data controller (where we decide how personal data is processed) and, where applicable, as a data processor for organizations that use BCT to process their own users' data. If your organization is the controller, its privacy terms may also apply.

2) Information we collect

A. Information you provide

• Account information: name, email, phone number, profile photo, company/role.
• Credentials: password hashes (never stored in plain text), one-time codes, session tokens.
• Communications & content: messages, attachments (images, documents, audio/video), templates, notes, feedback you send us.
• Support requests: issue descriptions, screenshots, correspondence.
• Preferences: notification settings, language, theme, feature toggles.

B. Information collected automatically

• Device & app data: device model, OS/version, app version/build, unique device/app identifiers (e.g., instance ID), timezone, locale, network type, IP address.
• Usage & activity: feature usage, tap/click events, in-app navigation, session duration, referring screens.
• Logs & diagnostics: crash logs, performance metrics, error traces.
• Push tokens: for delivering notifications.
• Cookies & similar technologies (web): session cookies, authentication tokens, analytics cookies.

C. Information from others

• Organization administrators may provide user rosters, roles, groups.
• Contacts you choose to import (optional) to invite or assign conversations. You must have permission to share others' contact details.
• Third-party services you connect (e.g., cloud storage, SSO/IdP, helpdesk, analytics) may send limited profile or metadata according to your authorization.

D. Optional data by permission (Android/iOS)

We only access these with your explicit permission and solely for the stated purpose:

• Camera & Photos/Media/Files: to capture or attach images/documents.
• Microphone: to record and send voice notes or audio attachments.
• Notifications: to deliver real-time alerts and messages.
• Storage/Media access: to download/view cached attachments.
• Approximate/precise location (if requested by your organization or a feature): to tag a message with your location or power a location-based workflow. Location is off by default and only used when you opt in within that feature.
• Contacts (optional): to invite or assign, only if you choose to import.

We do not collect sensitive categories such as health, financial account numbers, or government IDs unless a specific feature explicitly requests them and you provide affirmative consent.

3) How we use your information

We process personal information for the following purposes:

• Provide and operate the Service: account creation, authentication, real-time messaging (e.g., WebSockets/SignalR), file handling, push notifications.
• Maintain safety and integrity: monitor for abuse, spam, fraud, or violations of our Terms.
• Improve and develop features: troubleshoot, debug, measure performance, conduct analytics, run A/B tests, and enhance usability.
• Customer support: respond to inquiries, resolve issues, and provide updates.
• Legal & compliance: meet legal obligations, enforce agreements, and defend our rights.
• Communications: send service-related notices, security alerts, onboarding, and (with your consent where required) product updates or surveys.

We do not use your personal messages or attachments for ad targeting.

4) Legal bases (EEA/UK only)

Where GDPR/UK GDPR applies, we rely on:

• Contract: to deliver the Service you request.
• Legitimate interests: to secure, improve, and support the Service (balanced against your rights).
• Consent: for optional features (e.g., contacts import, location, marketing emails).
• Legal obligation: where required by law.

You can withdraw consent at any time from in-app settings or by contacting us.

5) How we share information

We may share personal information in these situations:

• Service providers / processors: hosting, storage, analytics, crash reporting, push notifications, real-time messaging infrastructure, content delivery. They may process data on our behalf under contracts that limit their use to our instructions and require appropriate safeguards.
• Your organization / workspace admins: profile data, role/permissions, and content created within that workspace may be visible to admins and members according to the workspace settings.
• With your direction: when you connect third-party integrations or share content externally.
• Legal/Compliance: to respond to lawful requests (e.g., court orders), protect rights, safety, or prevent fraud/abuse.
• Business transfers: in a merger, acquisition, or asset sale, your information may be transferred with appropriate notice and safeguards.

We do not sell your personal information. We also do not share personal information for cross-context behavioral advertising.

6) Data retention

• Account data: kept while your account is active.
• Messages & attachments: retained according to workspace settings or until you or your admin delete them; backups may persist for a limited period.
• Logs/diagnostics: typically retained for up to 12 months (shorter for high-volume logs), unless needed to investigate security incidents or comply with law.
• Analytics: kept in aggregated or de-identified form where possible.

We delete or anonymize data when it's no longer necessary for the purposes set out in this Policy, subject to legal retention obligations.

7) Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, and monitoring. No system is 100% secure; if we learn of a breach, we will notify affected users as required by law.

8) Your rights & choices

Depending on your location, you may have rights to:

• Access your data and receive a copy
• Correct inaccurate information
• Delete your data
• Restrict or object to certain processing
• Portability of certain data
• Withdraw consent (where processing is based on consent)

How to exercise:
Use in-app settings where available (e.g., edit profile, delete messages), contact your workspace admin (for organization-managed workspaces), or email [email protected]. We may need to verify your identity and/or work with your organization to fulfill requests.

Marketing choices: You can opt out of non-essential emails via the unsubscribe link or in-app preferences.

Do Not Track/Global Privacy Control: We honor applicable signals where required by law.

9) Children's privacy

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact [email protected] so we can delete it.

10) Third-party services & links

The Service may link to or integrate with third-party services (e.g., cloud storage, single sign-on, analytics, push messaging). Their privacy practices are governed by their own policies. Please review those policies before enabling integrations.

Common categories of vendors we may use include:

• Hosting & storage (cloud infrastructure/CDN)
• Analytics & diagnostics (usage analytics, crash reporting, performance monitoring)
• Real-time messaging infrastructure
• Push notification providers

We limit vendor access to what is needed to provide their service to us.

11) Permissions used by the BCT App (Android/iOS)

• INTERNET / NETWORK STATE: core connectivity for messaging and updates.
• NOTIFICATIONS: deliver real-time alerts; you can disable in OS settings.
• CAMERA / PHOTOS / MEDIA / FILES: capture and attach media (only when you choose to); no background capture.
• MICROPHONE: record/send audio messages (only when you choose to).
• READ/WRITE STORAGE or PHOTOS access: store/view attachments locally.
• LOCATION (optional): only if you enable a location-based feature; otherwise unused.

12) Google Play Data Safety summary (mapping)

Data collected (by us or our providers), purposes, and sharing:

• Identifiers & Contact info (name, email, phone, user ID)
  Purposes: account setup, authentication, support, notifications.
  Sharing: service providers (hosting, messaging) under contract.
• App activity & usage analytics (feature usage, events)
  Purposes: improve features, quality, performance.
  Sharing: analytics providers (aggregated or pseudonymized where possible).
• Device & diagnostic data (device model, OS, crash logs, IP)
  Purposes: security, fraud prevention, debugging.
  Sharing: diagnostics providers under contract.
• Messages & attachments (user-generated content)
  Purposes: provide core messaging features.
  Sharing: not sold; transmitted/stored to deliver the Service; accessible to your workspace members per permissions.

Data sale / cross-context ads: No.
Data deletion: Request via in-app controls (where available) or [email protected].

The exact set of collected data may vary by your organization's configuration and the features you enable.

15) Organization administration

If you use BCT within an organization, your workspace owner/admin may:

• Manage your account, role, and access
• Configure retention and sharing settings
• Access or export content created in the workspace per organizational policy

Contact your admin for details on your organization's privacy rules.

16) How to delete your account or data

• In-app (where available): Settings → Account → Delete Account.
• By email: send your request to [email protected] from the email associated with your account. We'll guide you through verification and confirm deletion subject to legal/organizational requirements. Some backups may persist for a limited time before automatic purge.

17) Jurisdiction-specific disclosures

India (DPDP Act)

• Data fiduciary: Consult Techies
• Grievance contact: [email protected]
• You can request review of grievances and data principal rights as described above.

EEA/UK

You have rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

• We do not sell or share personal information for cross-context behavioral advertising.
• You may exercise access, deletion, and correction rights by contacting [email protected].

18) Changes to this Policy

We may update this Policy to reflect changes in our practices or legal requirements. We will post the updated version with a new "Last updated" date and, where required, provide additional notice. Continued use of the Service after changes means you accept the updated Policy.

19) Contact

If you have questions, concerns, or requests about this Policy or our data practices, contact us at: