We use industry-standard security technologies and comprehensive policies and controls to maintain a culture of security.

  • Authentication
    Authentication and Access Management

    Authenticate your users with single sign-on (SSO). Manage permissions directly to authorize who can access Bezala.

  • Quality Assurance
    Quality Assurance

    High quality development and quality assurance ensures that software is both secure and easy to use.

  • Data Protection
    Data Protection

    We encrypt your data using industry standard protocols and process personal data requests in accordance with GDPR.

  • Backups

    We have hourly data backups and daily system backups. Backup recovery is tested regularly.

ISO/IEC 27001:2022 certified

We have been granted an information security certificate, which means that the information security of our software, processes and facilities has been audited on behalf of an external operator (Huld Certification Oy).

Certification based on the ISO/IEC 27001 standard certifies that we have adopted information security-related procedures sufficient for our operations, are committed to continuous information security maintenance, and that we take the protection of our customers' data seriously.

Read more about the certification

Huld certified iso

Privacy Policy of Bezala software

Once your employer has provided you an access to Bezala and you have commence using the service, we as a service provider will act as the data processor and your employer as data controller of your personal data processed in Bezala.

The commercial agreement between your employer and us includes Terms of Services and its attachment Data Processing Agreement describes the terms for processing of your personal data by us.

What types of personal data is processed in the software?

Types of Personal data processed

i) name and contact information

ii) user log information, IP addresses and cookies

iii) national social security number (SSN), or date of birth and gender, if SSN is not available

iv) bank account number

v) payroll information

vi) details of credit card transactions

Do you transfer data outside EU/EEA?

No. In order to provide the Bezala service we only transfer data within the EU, the European Economic Area (EEA) or other countries that the European Commission has determined to guarantee an adequate level of data protection.

What subprocessors do you use and where are their servers located?


Server location

Personal data

Role in the provision of the Bezala service

Amazon Web Services EMEA SARL


Bank account number, national social security number, e-mail, name, address

Image storage, backups, OCR of images, Textract

DigitalOcean, LLC


Bank account number, national social security number, e-mail, name, address


Intercom, Inc.


Name, e-mail

Support messages

Mailgun Technologies, Inc.


Name, e-mail

Sending system emails

Microsoft (OPTION)


Bank account number, national social security number, e-mail, name, address

If necessary for PowerBI reporting

How can we remove our data? 

Upon request delivered to support@bezala.com Renance AFS Oy can remove your data from Bezala and from our own internal tools if no legal obligations for storage of the data for audit purposes exist.

Do you have any certificates / audit reports (e.g. ISO 27001) obtained from external auditing companies?

Yes, we have ISO/IEC 27001:2022 information security certification that was granted to our company in January 2024.

Quality Assurance with Experience

Quality Assurance is present at all stages of software development. In total we execute more than 3000 tests for every update we do.

Here you can see the main parts from which our Quality Assurance process consists:


Newly developed features are covered with unit and integration tests.Requirements are reviewed with QA and Dev and CX teams. This helps to ensure that they meet the requirements’ quality criteria and can be fulfilled.Tests for new features are created based on test design techniques that makes coverage measurable.
If issue is found on any SDLC stage the fix will also be tested to avoid regression.Code is reviewed by other team members to ensure that it is efficient and corresponds to company’s code style policy.On new feature adding: new feature and smoke suits are run.
Automated E2E tests that cover main flows.Peer review is done by developers with 15+ years of experience.Full review of application on dependencies update.

Terms of Service

Terms of Service concern the use of Bezala, through which a legal person can offer its personnel and accountants an easy way to automatically store and access certain accounting material for the Client’s accounting purposes.

We may, at any time and for any reason make changes to the terms. We may do this for a variety of reasons including to reflect changes in or requirements of the law, new features, or changes in business practices. The most recent version can always be found via the link below.

Read the Terms of Service here.

Bezala illustration emptyspace

Privacy policy of Bezala.com website

We use cookies to generate a better understanding of the content that interests our users and to develop our content to serve our users better.

What personal information do we get from our website and for what purposes are we processing it?

For example, you may provide us with personal information when you fill out a contact request, register for an event or in chats (name, contact information, information relevant to the issue being addressed) or when filling out a job application. In connection with the job application, there will be a separate privacy statement.

When you visit our website, we automatically gather information such as your IP address, timestamps and technical information from the device you are using. We use cookies, passive text files stored in your device, such as your computer, mobile phone or tablet, when you use the service.

We use cookies to generate a better understanding of the content that interests our users and to develop our content to serve our users better. By downloading material from our website or otherwise providing your contact information, for example, through a contact form, we may contact you regarding our company and its services and products.

You can find a complete list of the cookies used on our site in the cookie settings. You can block the use of cookies at any time by changing your device's settings. Blocking cookies can affect the user experience of the service, for example, prevent the use of some features of the service. You can manage cookies from the cookie banner when you arrive at our site for the first time and later from the cookie settings icon in the lower-left corner of the screen.

On what legal grounds do we process personal information we receive in connection with visits to our websites?

The legal basis for the processing of personal data is the consent of the registered user or the performance of actions under agreements or measures (which require an agreement) at the request of the registered user. It can also be based on our legitimate interest in developing our service and marketing. In such cases, we ensure that the processing of the limited information we receive from website visits does not violate the rights of the registered user or does not pose a significant risk to the registered user.

Do we share your information with a third party?

To the extent that the information systems are maintained by an external supplier, a limited proportion of their staff may also have a technical access to the information stored. All parties involved in data management are required to act in accordance with the provisions of the Data Protection Regulation, such as data security and privacy.

In some cases (as in connection with events), we also share information with our partners. For example, if the event is arranged with one or more companies. In this case, our partner can contact you regarding his or her business and its services and products. The information is not used for other purposes and our partners are also required to act in accordance with the Data Protection Regulation, such as data security and privacy.

User tracking

We deliver user information for the following parties:

Pipedrive (Pipedrive Inc.) – Pipedrive Privacy Policy
Dealfront (Liidio Oy) – Dealfront Privacy Policy
Plausible (Plausible Ltd.) – Plausible Privacy Policy
LinkedIn (LinkedIn Corporation) – LinkedIn Privacy Policy
Hotjar (Hotjar Ltd.) – Hotjar Privacy Policy
Meta (Meta Platforms Inc.) – Meta Privacy Policy
Intercom (Intercom Inc.) – Intercom Privacy Policy
*Google Analytics & Ads (Google Ireland Ltd.) – Google Privacy Policy
*Google Cloud Platrofm (Google Ireland Ltd.) – Cloud Privacy Notice
**Youtube (Google Ireland Ltd.) – Youtube Privacy Policy

*Due to GDPR, Renance does not send IP addressess outside of the EU, but anonymizes user data before sending it to Google Analytics tools. IP addresses are processed and stored at EU servers only. Read more: https://developers.google.com/tag-platform/tag-manager/server-side
**We have embedded Youtube videos on our website, which collect user information, regardless of whether the user has accepted cookies or not. Among other things, Youtube collects information on which videos the user has watched in order to optimize user content, and evaluates the user's bandwidth. If the user does not click the videos placed on our site, and has not accepted analytics cookies, YouTube does not track the user's activity on our site.

Where is the data stored and for how long?

The data will be stored in properly protected information systems in the EEA or in other countries, that the European Commission considers, providing adequate data protection.

We retain personal information for as long as it is necessary for the purpose for which the information is collected. We may retain personal information for an extended period if required by law or longer storage is necessary for our business and the rights of the registered user are not considered to replace this right. Longer storage may be due to e.g. precautions to settle legal claims, or to prevent individual data from being removed from the systems at a reasonable cost compared to the cost of erasing larger sets of data. Generally, data should be deleted no later than ten years.


Functional, necessary cookies

Craft CMS

Critical cookies related to the functionalities of the website.



Cookies improving user experience, providing forms and other technical elements.
Google Analytics
Google Cloud Platform
Cookies that Renance uses to improve website content and functionalities. Furthermore, we analyze which content our customers are interested in and use the information to improve and develop the information we produce.

Google Ads

Marketing-related cookies allow us to provide interesting content for users who visited our website. We use this information in other platforms, such as Meta, LinkedIn, Google, Microsoft, and newsletters.

Managing and deleting cookies

You can change settings related to cookies from the site's cookie settings. By changing these settings, cookies from bezala.com or any other site can be blocked or deleted, and the cookie settings can be modified at any time.

Questions? Just ask us.

The data controller is Renance – Automated Financial Services Oy, address Keilaranta 5, 02150 Espoo, Finland, and the person responsible for privacy matters is Fredrik Teir.

In case you have any questions regarding the processing of your personal data, please contact us at support@bezala.com.