Privacy Policy

At Bulbkit, we take your privacy seriously. This Privacy Policy explains how Enyon Software Limited ("we," "us," "our") collects, uses, discloses, and safeguards your information when you use our employee management platform and services.

1. Information We Collect

1.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Name, email address, company name, job title, and password when you create an account
• Profile Information: Additional details you choose to add to your profile
• Employee Data: Information about employees in your organization, including names, email addresses, roles, team assignments, and access permissions
• Payment Information: Billing details and payment card information (processed securely through our payment processor, Stripe)
• Communications: Messages, feedback, and support requests you send to us
• Tool & Integration Data: Information about tools and services provisioned for employees, learning progress, and usage patterns

1.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

• Usage Data: Information about how you interact with our Services, including pages viewed, features used, and actions taken
• Device Information: Device type, operating system, browser type and version, IP address, and unique device identifiers
• Log Data: Server logs including access times, error logs, and system activity
• Analytics Data: Performance metrics, feature usage statistics, and aggregated analytics
• Cookies and Tracking: We use cookies and similar tracking technologies to track activity and maintain sessions. See our Cookie Policy below for details

1.3 Information from Third Parties

We may receive information from third-party services you integrate with Bulbkit, such as:

• Identity verification services
• Learning platform integrations
• Tool provisioning APIs
• Single Sign-On (SSO) providers

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: To operate, maintain, and improve our platform and deliver the features you request
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Process Payments: To process transactions and send billing-related communications
• Employee Management: To facilitate tool provisioning, access management, learning tracking, and other employee management features
• Communications: To send service updates, security alerts, support messages, and administrative notifications
• Analytics: To understand usage patterns, measure effectiveness, and improve our Services
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service
• Marketing: With your consent, to send promotional communications about new features, offers, and events (you can opt out at any time)

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud Hosting: Amazon Web Services (AWS) for infrastructure and data storage
• Payment Processing: Stripe for payment processing
• Analytics: Analytics providers to understand service usage
• Email Services: Email service providers for transactional and marketing emails
• Customer Support: Support tools to provide customer assistance

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Business Transfers

If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you have regarding your information.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose information to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public

3.4 With Your Consent

We may share your information with other parties when you give us explicit consent to do so.

3.5 Aggregated Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely on servers located in the United Kingdom and European Union. We use Amazon Web Services (AWS) for our infrastructure, which complies with industry-standard security certifications including ISO 27001 and SOC 2.

4.2 Security Measures

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption of data in transit using TLS/SSL
• Encryption of data at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Employee training on data protection
• Monitoring and logging of system access
• Incident response procedures

4.3 Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. When you close your account, we will delete or anonymize your data within 90 days, unless we are required to retain it for legal or regulatory reasons.

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

5.1 Access and Portability

You have the right to access your personal information and receive a copy in a portable format. You can export your data directly from your account settings.

5.2 Correction

You have the right to correct inaccurate or incomplete personal information. You can update most information directly in your account settings.

5.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations). You can delete your account in the account settings or contact us at support@bulbkit.com.

5.4 Restriction and Objection

You have the right to restrict or object to our processing of your personal information in certain circumstances.

5.5 Withdraw Consent

Where we process your information based on consent, you have the right to withdraw that consent at any time.

5.6 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your preferences in your account settings. Note that you will still receive transactional and service-related communications.

5.7 Exercising Your Rights

To exercise any of these rights, please contact us at support@bulbkit.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information and improve our Services.

6.1 Types of Cookies We Use

• Essential Cookies: Required for the Services to function properly, including authentication and security
• Analytics Cookies: Help us understand how users interact with our Services
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used to deliver relevant advertising (only with your consent)

6.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. However, disabling cookies may affect the functionality of our Services. You can manage cookie preferences through our cookie consent banner or in your browser settings.

7. International Data Transfers

If you are accessing our Services from outside the United Kingdom or European Union, please note that your information may be transferred to, stored, and processed in the UK and EU. We ensure that appropriate safeguards are in place for international data transfers, including:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection standards
• Other lawful transfer mechanisms under applicable law

8. Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 16, please contact us at support@bulbkit.com.

9. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

When you integrate third-party services with Bulbkit, those services may collect information directly from you. Their use of your information is governed by their own privacy policies.

10. Data Controller and Processor

For the purposes of data protection law:

• When you use Bulbkit for your organization, your organization is the data controller for employee data, and Bulbkit acts as a data processor
• For account and billing information, Bulbkit (Enyon Software Limited) is the data controller

As a data processor, we process personal data only in accordance with your instructions and applicable data protection laws. We have implemented appropriate technical and organizational measures and maintain records of processing activities as required by law.

11. Your California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we've collected, the sources, purposes, and third parties we share it with
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You can opt out of the "sale" of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at support@bulbkit.com. We will verify your identity before processing your request.

California "Shine the Light" Law

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

12. UK GDPR Rights

As a UK-based company, we comply with the UK General Data Protection Regulation (UK GDPR). UK residents have the following rights:

• Right to be informed about data collection and use
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making and profiling

You can lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority, if you believe we have not handled your data properly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a notice on our Services for material changes
• Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection matters, you can also contact the Information Commissioner's Office (ICO):