This Privacy Policy explains how B2BZONE ("we", "us") collects, uses and protects personal data when you visit b2bzone.store or use our Services. We comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and Argentina's Ley de Protección de Datos Personales 25.326 (LPDP) as baseline.
1. What we collect
Account data
Name, work email, organization, password hash (if you register).
Payment data
Handled by Paddle or Gumroad. We receive transaction metadata (subscription status, amount, currency, country) but never your full card number or bank details.
Usage data
The specific categories we process:
- Email address (required for account + receipts)
- IP address (abuse prevention, approximate geolocation)
- Browser user-agent string (for compatibility debugging)
- Device type and viewport size
- Approximate location inferred from IP (city-level)
- Pages visited, features used, timestamps (server logs)
- Referrer URL (how you arrived on the site)
Contact submissions
If you use our contact form or email us at info@b2bzone.store, we retain the message and your email to respond.
2. Legal basis (GDPR)
- Contract: to deliver and support the Services you paid for.
- Legitimate interest: service reliability, security, fraud prevention.
- Consent: marketing emails (opt-in, revocable).
- Legal obligation: tax, accounting, law-enforcement requests.
3. Processors and sub-processors
A current, versioned list of our sub-processors is maintained at https://b2bzone.store/privacy-policy and kept in sync with this page. Updates are published at least 30 days in advance where feasible. We only work with processors that offer GDPR-adequate safeguards.
- Paddle.com Market Ltd (Ireland / UK) — Merchant of Record for subscriptions; handles payment, VAT/sales tax and PSD2 SCA.
- Gumroad, Inc. (USA) — one-time digital goods delivery and payment.
- SpaceMail — outbound SMTP for transactional and contact-form email on the
b2bzone.storedomain. - Cloudflare, Inc. (USA) — CDN, DNS, TLS origin certificate, Email Routing for inbound mail.
- Clerk, Inc. (USA) — authentication when you create an account.
- Upstash, Inc. (USA, EU region available) — rate limiting (IP-hashed counters only).
4. International transfers
Some processors operate in the United States or other non-EEA countries. Where required, we rely on the EU Standard Contractual Clauses (2021/914) and, where applicable, the EU-US Data Privacy Framework. Paddle acts as an independent data controller for payment data under its own privacy policy.
4a. EU representative (GDPR Art. 27)
Because our principal establishment is outside the EU, for individuals located in the EU/EEA all GDPR-related correspondence — including data subject requests — can be routed through Paddle.com Market Ltd, Judd House, 18-29 Mora Street, London EC1V 8BT, United Kingdom, which acts as merchant of record and processor contact point. You may also write to us directly at info@b2bzone.store; we respond within 30 days.
5. How long we keep data
| Category | Retention | Reason |
|---|---|---|
| Account data | Life of account + 12 months | Account restoration, dispute window |
| Payment metadata | 7 years | Tax / accounting law |
| Contact form submissions | 24 months | Support history, product research |
| Server logs (IP, user-agent) | 90 days | Security incident investigation |
| Rate-limit counters | 30 minutes | Abuse prevention |
6. Your rights (GDPR / UK)
You can request access, correction, deletion, portability, restriction of processing, or objection to processing. EU/UK residents may lodge a complaint with the local supervisory authority. Email info@b2bzone.store; we respond within 30 days.
6a. California rights (CCPA/CPRA)
If you are a California resident you have the right to:
- Know what personal information we collect and how we use it.
- Request deletion of personal information, subject to exceptions.
- Correct inaccurate personal information.
- Opt out of any “sale” or “sharing” of personal information (we do not sell or share personal information for cross-context behavioural advertising).
- Limit use of sensitive personal information.
- Non-discrimination for exercising these rights.
Do Not Sell or Share My Personal Information: email info@b2bzone.store with subject “CCPA Do Not Sell”. We verify your identity and respond within 45 days (extendable once by 45 days with notice). Authorized agents may submit on your behalf with signed authorization.
6b. Argentina rights (LPDP 25.326)
Data subjects located in Argentina may request access, rectification or suppression of their data from our registered database, free of charge every six months. The supervisory authority is the Agencia de Acceso a la Información Pública (AAIP).
7. Cookies
We use only strictly necessary and functional cookies (session, theme preference, CSRF). No marketing or cross-site tracking cookies, therefore no consent banner is required under the ePrivacy Directive for such cookies. Paddle's checkout overlay may set session cookies that are necessary to complete payment. See our Cookies Policy for the full list.
8. Security
Data in transit is encrypted with TLS 1.2+. Passwords (when accounts are introduced) are hashed with modern algorithms (bcrypt/argon2). Access to production systems is MFA-protected and audit-logged. We notify affected users and the competent supervisory authority of a reportable data breach within 72 hours of discovery, per GDPR Art. 33.
9. Children
Our Services are intended for business use. We do not knowingly collect personal data from children under 13 (US COPPA) or under 16 (EU GDPR Art. 8 default). If we learn that we have collected such data, we will delete it.
10. Changes to this policy
We publish material changes at least 14 days before they take effect, with a notice on this page and, where you have an account, by email.
11. Contact
Data-protection inquiries: info@b2bzone.store. For EU/EEA individuals we also accept requests via our EU representative named in § 4a.