Privacy Policy

1. Introduction

Welcome to Biqli ("we," "us," or "our"), operated by Biqli LLC. We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy ("Policy") explains in detail how we collect, use, process, and disclose your information across the Biqli platform and services (collectively, "Services").

This Policy is designed to help you understand your privacy rights and how you can control your data. By using our Services, you agree to the collection and use of information in accordance with this policy. Please read it carefully.

2. Definitions

To ensure clarity, here are some key terms used in this Policy:

Personal Data: Any information that relates to an identified or identifiable individual. This can include your name, email address, IP address, or other identifiers.
Usage Data: Data collected automatically, generated by the use of the Service or from the Service infrastructure itself (e.g., the duration of a page visit, browser type).
Biqli Products: Refers to any feature you can create with our Services, including but not limited to shortened URLs, QR Codes, and Link-in-Bio pages.
Data Controller: The entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For the purpose of this Policy, Biqli LLC is the Data Controller for the personal data of our account holders. When our customers use our Services to process data about their own end-users (for example, by creating a Biqli Product), we act as a Data Processor on their behalf, as further detailed in our Data Processing Addendum.
Data Processor (or Service Provider): Any person or entity who processes data on behalf of the Data Controller.
Children: Individuals under the age of 18 years.

3. Scope of This Policy

This Policy applies to all personal data processed by Biqli LLC through our websites, mobile applications, and other online products and services. It covers individuals who register for an account, create or interact with Biqli Products, or otherwise visit our website or communicate with us.

Third-Party Services: Our Services may contain links to other websites, services, and applications not operated or controlled by us ("Third-Party Services"). This Policy does not apply to the privacy practices of Third-Party Services. We cannot take responsibility for their content or privacy policies, and we encourage you to review their policies before providing any information to them.

4. The Information We Collect

We collect information in three primary ways: information you provide to us directly, information we collect automatically through your use of the Services, and information we obtain from third-party sources.

4.1. Information You Provide Directly

Account Registration Data: When you create a Biqli Account, we collect information such as your name, email address, phone number, password or other sign-in credentials, company name, industry, job title, and company size.
Third-Party Authentication: If you register or log in using a third-party service (e.g., Google, Apple, Facebook), we receive personal data from that service as permitted by your privacy settings on that platform. This may include your name, email address, and profile picture.
User-Generated Content: When you create "Biqli Products", we collect the original URL and any associated content you provide, such as custom titles, descriptions, images, or videos. This also includes any content you add to your Link-in-Bio pages.
Payment Information: If you subscribe to a paid plan, our third-party payment processors will collect your payment information (e.g., credit card number, billing address). Biqli LLC does not directly store your full credit card number.
Communications and Support: If you contact us for customer support or other inquiries, we collect the content of your communications, including your name, email address, and any other information you choose to provide.
Sub-User Information: If you add sub-users to your Account, we collect their name, email address, and other contact details necessary to provide them with access to the Services.

4.2. Information We Collect Automatically

Biqli Product Creation Data: When you create a Biqli Product, we automatically log your IP address, derived geolocation data, the date and time of creation, and, if you share it directly from our platform, the social media service used.
Biqli Product Interaction Data: When any user (including non-account holders) clicks, scans, or otherwise interacts with a Biqli Product, we automatically collect technical information, including:
- IP address and derived location (city, country).
- Date and time of the interaction.
- Referring website or service.
- Device information (e.g., operating system, browser type, language settings).
- Cookies and mobile advertising identifiers, as detailed in our Cookie Policy.
Usage and Device Data: We collect information about how you use our Services, such as the pages you visit, features you use, and actions you take. We also collect data from the device and application you use to access our Services, such as your IP address and device identifiers.
Cross-Device Inferences: We may infer that a single individual is using multiple devices to interact with our Services based on technical data like IP addresses. This helps us analyze service usage and enhance our security measures against malicious activity.

5. How We Use Your Information

We use the information we collect for the following business and commercial purposes:

To Provide and Maintain the Services: To authenticate users, create and manage Biqli Products, provide analytics on link performance, and process payments.
To Improve and Optimize Our Services: To analyze usage patterns, conduct research, and test new features to enhance user experience and service functionality.
For Communication: To send administrative messages (e.g., policy updates, security alerts), respond to your support requests, and provide information about our Services.
For Marketing and Advertising: To send you marketing communications about new products, special offers, and events. You can opt out at any time.
For Trust, Safety, and Security: To detect and prevent fraud, spam, abuse, security incidents, and other harmful or unlawful activity.
To Comply with Legal Obligations: To process your information to comply with applicable laws, legal processes, or regulations, and to respond to lawful requests from public and government authorities.

6. Legal Basis for Processing Personal Data

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Performance of a Contract: We process your data to fulfill our contractual obligations to you (e.g., providing the Services you signed up for).
Legitimate Interests: We process your data when it is in our legitimate interests to do so and when these interests are not overridden by your data protection rights (e.g., for service improvement, security, and analytics).
Consent: We will process your data for specific purposes if you have given us your explicit consent to do so (e.g., for certain marketing communications).
Legal Obligation: We may need to process your data to comply with a legal obligation.

7. How We Share and Disclose Information

Your information is shared in the following ways:

Publicly Available Information: By default, the original URLs you shorten and the corresponding Biqli Products are publicly accessible. Anyone with the Biqli Product can access the original content.
With Service Providers (Subprocessors): We may employ third-party companies and individuals to facilitate our Service ("Subprocessors"), provide Service on our behalf, perform Service-related services, or assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose. You can find a list of Subprocessors we use on our website.
With Corporate Affiliates: We may share information within the Biqli LLC group of companies for business development, operational efficiency, and cross-promotion of services, based on our legitimate interests.
With Enterprise Account Holders: If you register with an email address on a domain owned by an organization (e.g., your employer), we may share your email and high-level account activity (like the number of links created) with that organization for enterprise account management purposes.
For Legal Reasons and Safety: We may disclose your information to law enforcement, government authorities, or other third parties if we believe it is necessary to comply with a legal obligation, protect the vital interests of any person, or detect and prevent fraud and security threats.
In Connection with a Business Transfer: If Biqli LLC is involved in a merger, acquisition, financing, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
With Your Consent: We may share your information for any other purpose with your explicit consent.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Session Cookies: We use Session Cookies to operate our Service and remember your login session.
Preference Cookies: We use Preference Cookies to remember your preferences and various settings (like theme choice).
Security Cookies: We use Security Cookies for security purposes, such as preventing fraudulent logins.
Analytics Cookies: These help us understand how our Services are being used, the effectiveness of marketing campaigns, and to help us customize and improve our Services for you.

For more detailed information on the cookies we use and your choices regarding cookies, please visit our comprehensive Cookie Policy.

9. Your Privacy Rights and Choices

We believe in providing you with meaningful control over your personal data. Below are the rights and choices available to you.

9.1. Managing Your Account and Communications

You can review and update your account information at any time by logging into your account settings. You can also unsubscribe from our marketing email list by following the unsubscribe link located at the bottom of each email.

9.2. Your General Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

The right to access: You can request a copy of the personal information we hold about you.
The right to rectification: You can request that we correct any inaccurate or incomplete information.
The right to erasure (to be forgotten): You can request that we delete your personal data, subject to certain exceptions.
The right to restrict processing: You can request that we limit the use of your personal data in certain circumstances.
The right to data portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format.
The right to object to processing: You can object to our processing of your personal data where we are relying on legitimate interests as our legal basis.
The right to withdraw consent: If we have collected and processed your information with your consent, you can withdraw your consent at any time.

If you are a resident of the European Economic Area (EEA) or California, you have specific rights that you can exercise. We do not "sell" your personal information as the term is traditionally understood. However, we support the CCPA by allowing residents to opt-out of any future sale of their personal information. Residents of the EEA have rights as described under the GDPR.

To exercise any of the rights described above, please submit a verifiable consumer request to us by using the procedure outlined in the following section.

9.4. Procedure for Exercising Your Rights

You have the right to request the deletion of your personal data or exercise other data rights. To do so, please follow this procedure:

Submit Your Request: Send an email to our privacy team at contact@biq.li with a clear subject line (e.g., "Data Deletion Request," "Data Access Request").
Identity Verification: To protect your privacy and security, we will take reasonable steps to verify your identity. We may require you to provide information that matches the data associated with your Account, such as your registered email address or name.
Processing the Request: Once your identity is verified, we will process your request within the time frame required by applicable law. We will permanently and securely delete your personal data from our active systems in accordance with our data retention policies unless a legal exception applies.

Please note that we may be required to retain certain information for legal or legitimate business purposes, as outlined in the "Data Retention and Deletion" section below.

10. Data Retention and Deletion

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

The criteria used to determine our retention periods include:

The length of time we have an ongoing relationship with you and provide Services to you (for example, for as long as you have an account with us).
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

After account closure, your data will be deleted or anonymized in accordance with our standard data management cycle, typically within 90 days, except where a longer retention period is required by law or for legitimate business purposes.

11. Security Measures

We implement robust technical and organizational security measures designed to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (using TLS) and at rest.
Strict access controls and the principle of least privilege for our employees.
Regular security assessments and vulnerability scanning.
A formal incident response plan.

However, please be aware that no security system is impenetrable, and we cannot guarantee the absolute security of your information. You are also responsible for keeping your account password confidential.

12. International Data Transfers

Biqli LLC operates globally, which means your personal data may be transferred to, and processed in, countries other than your own, including the United States. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your data remains protected in accordance with this Privacy Policy when transferred internationally, such as by using Standard Contractual Clauses (SCCs) for transfers of data from the European Economic Area, the UK, and Switzerland.

13. Children's Privacy

Our Services are not directed to Children under the age of 18. We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

14. Shopify Integration & Data Processing

When you install the Biqli app on your Shopify store, this section describes how we collect, process, and protect data specific to this integration.

14.1. Data We Collect from Shopify

When you connect Biqli to your Shopify store, we collect and process the following data:

Store Information: Your store domain, store owner email, and basic store settings.
Customer Web Pixel Data: When visitors interact with your Shopify store, our Web Pixel automatically collects:
- Session identifiers (bq_id)
- Browser and device information (user agent, platform, browser type)
- Geographic location data (country, city derived from IP address)
- Referral source and URL parameters
- Page views and navigation paths
- Customer email addresses (when provided during checkout or account creation)
Order Data: Order ID, order number, customer email, order total, and order status.
Customer Data: Customer ID and customer email address (collected via webhooks when a customer is created or updated).

14.2. How We Use Shopify Data

We process this data solely to provide analytics and conversion tracking services:

Lead Tracking: When a visitor provides their email address (e.g., during checkout), we track this as a lead conversion event.
Order Tracking: When an order is placed, we attribute it to the original marketing source using session data and email matching.
Analytics Dashboard: We display aggregated analytics about your store's traffic sources, conversion rates, and customer behavior in your Biqli dashboard.

14.3. Legal Basis for Processing (GDPR)

For merchants in the European Economic Area (EEA), UK, or Switzerland:

We process Shopify data as a Data Processor on your behalf, as you are the Data Controller of your customer data.
Our processing is based on our Data Processing Addendum (DPA), which incorporates Standard Contractual Clauses (SCCs) for international data transfers.
You are responsible for obtaining appropriate consent from your customers for analytics and tracking as required by GDPR.

14.4. Data Retention for Shopify Data

Active Connection: While your Shopify store is connected, we retain session data for 90 days and conversion data indefinitely for analytics purposes.
After Disconnection: When you uninstall the Biqli app: Your pixel stops collecting new data immediately. Session and tracking data is automatically deleted within 90 days. Aggregated, anonymized analytics may be retained for service improvement. All personally identifiable information is permanently deleted.

14.5. Your Rights as a Shopify Merchant

You have full control over the data we collect from your Shopify store:

Access: Request a copy of all data we've collected from your store.
Deletion: Uninstall the app at any time to stop data collection and trigger automatic deletion.
Portability: Export your analytics data from your Biqli dashboard.
Rectification: Contact us to correct any inaccurate merchant information.

14.6. Customer Rights (Your Store Visitors)

Your customers have rights under data protection laws:

GDPR Compliance: We assist you in fulfilling GDPR requests from your customers through our webhook handlers for:
- customers/data_request - Returns all data we hold about a specific customer.
- customers/redact - Permanently deletes all customer data.
- shop/redact - Deletes all store data (triggered 48 hours after app uninstall).
Customer Data Requests: If your customers contact you requesting their data, we will provide it to you within 30 days so you can fulfill your obligations as the Data Controller.

14.7. Security Measures for Shopify Data

All data transmitted between Shopify and Biqli is encrypted using TLS 1.2 or higher.
Shopify API credentials are stored securely and encrypted at rest.
Access to Shopify data is restricted to authorized personnel only.
We use Redis for session storage with encryption and secure access controls.
We never store your Shopify Admin API password; we use OAuth tokens which can be revoked at any time.

14.8. Third-Party Subprocessors

For Shopify integration, we use the following subprocessors:

Upstash (Redis): For temporary session data storage (session IDs, tracking data).
Cloudflare: For CDN and DDoS protection.
A complete list of subprocessors is available on our Subprocessors page.

14.9. Data Sharing

We never sell your Shopify customer data. We only share data in the following limited circumstances:

With your explicit consent.
To comply with legal obligations (e.g., valid subpoenas, court orders).
To protect our rights, property, or safety, or that of our users or the public.

14.10. Shopify Merchant Responsibilities

As a Shopify merchant using Biqli, you are responsible for:

Ensuring you have appropriate legal basis to use analytics and tracking on your store.
Displaying a privacy policy on your store that discloses the use of third-party analytics tools.
Complying with Shopify's Terms of Service and applicable data protection laws.
Obtaining customer consent where required by law.

14.11. App Uninstallation & Data Deletion

When you uninstall the Biqli app from your Shopify store:

Immediate: The Web Pixel stops collecting new data.
Within 24 hours: We disconnect from Biqli's main platform and revoke all API access.
Within 30 days: Your shortened links continue to work for transition purposes.
Within 90 days: All session data, tracking data, and customer information is permanently deleted.
Backup Retention: Data may persist in secure backups for up to 12 months before being purged.

14.12. Contact for Shopify-Specific Questions

For questions specifically about Shopify data processing, contact our Data Protection Officer:

Email: contact@biq.li
Subject Line: "Shopify Data Processing Inquiry"

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by email (sent to the e-mail address specified in your account), through the Services, or by posting the new policy on our website and updating the "Last Updated" date at the top. We encourage you to review this Policy periodically.

16. Contact Us & Accessibility

If you have any questions, comments, or concerns about this Privacy Policy, or if you would like to exercise your privacy rights, please contact our Data Protection Officer at:

Email: contact@biq.li

Postal Address:
Biqli LLC
30N Gould St, Ste R
Sheridan, WY 82801
United States

ACCESSIBILITY: If you are having any trouble accessing this Privacy Policy, please contact us at the email above, and we will provide the information in an alternative format.