We Are Committed to the Security of Our Software and Your Data

Types of Personal data processed

i) name and contact information

ii) user log information, IP addresses and cookies

iii) national social security number (SSN), or date of birth and gender, if SSN is not available

iv) bank account number

v) payroll information

vi) details of credit card transactions

No. In order to provide the Bezala service we only transfer data within the EU, the European Economic Area (EEA) or other countries that the European Commission has determined to guarantee an adequate level of data protection.

You can find the information about our subprocessors in the following order:

1. Subprocessor
2. Server location
3. Personal data
4. Role in the provision of the Bezala service

Amazon Web Services EMEA SARL
EU
Bank account number, national social security number, e-mail, name, address
Image storage, backups, OCR of images, Textract

DigitalOcean, LLC
EU
Bank account number, national social security number, e-mail, name, address
Server

Intercom, Inc.
EU
Name, e-mail
Support messages

Mailgun Technologies, Inc.
EU
Name, e-mail
Sending system emails

Microsoft
EU
Bank account number, national social security number, e-mail, name, address
SSO login, AI features and agents, and Power BI report generation (option)

Upon request delivered to support@bezala.com Renance AFS Oy can remove your data from Bezala and from our own internal tools if no legal obligations for storage of the data for audit purposes exist.

Yes, we have ISO/IEC 27001:2022 information security certification that was granted to our company in January 2024.

Bezala Gmail Add-on — Limited Use Disclosure

Use the Bezala Gmail Add-on to auto-forward receipts to Bezala. Note: data residency is global — we cannot guarantee all data is processed in the EU. The Add-on accesses Gmail data solely to forward receipt emails to the user’s Bezala ingest address. It does
not store, share, or transfer email content to any third party. Use adheres to the Google API Services User Data Policy, including Limited Use requirements:
https://developers.google.com/terms/api-services-user-data-policy

Bezala Gmail Add-on Privacy Policy

The Bezala Gmail Add-on (“the Add-on”) extends Gmail to help users automatically forward expense receipt emails to Bezala for processing.

Data residency

The Add-on runs on Google’s Apps Script infrastructure, which operates globally. This means that email data processed by the Add-on may be handled on Google servers outside the European Union.

While the Bezala platform itself processes and stores expense data within the EU, we cannot guarantee that the Add-on’s processing of Gmail data,  including reading, scoring, and forwarding emails, occurs exclusively within the EU. If EU data residency is a strict requirement for your organization, we recommend using Gmail’s
native forwarding filters instead, which are covered by Google Workspace’s data region settings.

What data does the Add-on access?

The Add-on accesses the following Gmail data under the user’s own Google account:

• Email content: subject, sender, date, body, and attachments of emails the user views or that the background scan identifies as receipts.
• Email labels: the Add-on creates and reads a “Bezala” label to track which emails have been forwarded.
• Inbox search: when processing a Bezala missing receipts reminder, the Add-on searches the user’s inbox for matching receipt emails.

How is the data used?

Email data is used solely to forward receipt emails to the user’s personal Bezala ingest email address for expense processing. The Add-on:

• Forwards emails exclusively to the Bezala ingest address that the user has configured.
• Does not store email content. Email data is read in memory during processing and is not persisted by the Add-on.
• Does not transmit email data to any server other than through Gmail’s own email sending infrastructure.
• Does not make external HTTP requests. The Add-on has no capability to send data to third-party servers.

The only data stored by the Add-on is:

• The user’s Bezala receipt email address (stored in Google’s per-user Properties Service).
• A timestamp of the last background scan.
• Whether auto-forwarding is enabled.

Data sharing

The Add-on does not share, sell, or transfer user data to any third party. Forwarded emails are sent via Gmail’s standard email infrastructure to the user’s own Bezala ingest address.

Data retention

The Add-on does not retain email content. The stored settings (Bezala email address, last scan timestamp) persist until the user disconnects from the Add-on, at which point all stored data is deleted.

User control

Users can:

• Pause or resume auto-forwarding at any time from the Add-on settings.
• Disconnect from Bezala, which deletes all stored settings.
• See which emails have been forwarded by checking the “Bezala” label in Gmail.
• Uninstall the Add-on at any time, which removes all triggers and stored data.

Google API Services User Data Policy

The Bezala Gmail Add-on’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
https://developers.google.com/terms/api-services-user-data-policy

For example, you may provide us with personal information when you fill out a contact request, register for an event or in chats (name, contact information, information relevant to the issue being addressed) or when filling out a job application. In connection with the job application, there will be a separate privacy statement.

When you visit our website, we automatically gather information such as your IP address, timestamps and technical information from the device you are using. We use cookies, passive text files stored in your device, such as your computer, mobile phone or tablet, when you use the service.

We use cookies to generate a better understanding of the content that interests our users and to develop our content to serve our users better. By downloading material from our website or otherwise providing your contact information, for example, through a contact form, we may contact you regarding our company and its services and products.

You can find a complete list of the cookies used on our site in the cookie settings. You can block the use of cookies at any time by changing your device’s settings. Blocking cookies can affect the user experience of the service, for example, prevent the use of some features of the service. You can manage cookies from the cookie banner when you arrive at our site for the first time and later from the cookie settings icon in the lower-left corner of the screen.

The legal basis for the processing of personal data is the consent of the registered user or the performance of actions under agreements or measures (which require an agreement) at the request of the registered user. It can also be based on our legitimate interest in developing our service and marketing. In such cases, we ensure that the processing of the limited information we receive from website visits does not violate the rights of the registered user or does not pose a significant risk to the registered user.

To the extent that the information systems are maintained by an external supplier, a limited proportion of their staff may also have a technical access to the information stored. All parties involved in data management are required to act in accordance with the provisions of the Data Protection Regulation, such as data security and privacy.

In some cases (as in connection with events), we also share information with our partners. For example, if the event is arranged with one or more companies. In this case, our partner can contact you regarding his or her business and its services and products. The information is not used for other purposes and our partners are also required to act in accordance with the Data Protection Regulation, such as data security and privacy.

We deliver user information for the following parties:

Pipedrive (Pipedrive Inc.) – Pipedrive Privacy Policy
Dealfront (Liidio Oy) – Dealfront Privacy Policy
Plausible (Plausible Ltd.) – Plausible Privacy Policy
LinkedIn (LinkedIn Corporation) – LinkedIn Privacy Policy
Hotjar (Hotjar Ltd.) – Hotjar Privacy Policy
Meta (Meta Platforms Inc.) – Meta Privacy Policy
Intercom (Intercom Inc.) – Intercom Privacy Policy
*Google Analytics & Ads (Google Ireland Ltd.) – Google Privacy Policy
*Google Cloud Platform (Google Ireland Ltd.) – Cloud Privacy Notice
**Youtube (Google Ireland Ltd.) – Youtube Privacy Policy

*Due to GDPR, Renance does not send IP addressess outside of the EU, but anonymizes user data before sending it to Google Analytics tools. IP addresses are processed and stored at EU servers only. Read more: https://developers.google.com/tag-platform/tag-manager/server-side

**We have embedded Youtube videos on our website, which collect user information, regardless of whether the user has accepted cookies or not. Among other things, Youtube collects information on which videos the user has watched in order to optimize user content (YSC), and evaluates the user’s bandwidth (VISITOR_INFO1_LIVE). If the user does not click the videos placed on our site, and has not accepted analytics cookies, YouTube does not track the user’s activity on our site.

The data will be stored in properly protected information systems in the EEA or in other countries, that the European Commission considers, providing adequate data protection.

We retain personal information for as long as it is necessary for the purpose for which the information is collected. We may retain personal information for an extended period if required by law or longer storage is necessary for our business and the rights of the registered user are not considered to replace this right. Longer storage may be due to e.g. precautions to settle legal claims, or to prevent individual data from being removed from the systems at a reasonable cost compared to the cost of erasing larger sets of data. Generally, data should be deleted no later than ten years.

Cookies are small files stored on your computer when you visit websites. At Bezala.com, we use cookies to better understand what kind of content interests our users and to improve our services accordingly. When you download materials from our site or provide your contact information for example through a contact form, we may reach out to you regarding our company, services, or products.

Cookies do not harm users’ computers.

Cookies Used on Bezala.com

The subcontractors involved in the production of the Bezala software are listed under the ‘What subprocessors do you use and where are their servers located?’ section on this site.

Managing and deleting cookies

Voit muuttaa evästeisiin liittyviä asetuksia sivuston evästeasetuksista. Muuttamalla näitä asetuksia voidaan estää tai poistaa bezala.com- tai jonkin muun sivuston evästeet ja evästeasetukset ovat muokattavissa milloin tahansa.