This Privacy Policy explains how Corbitex Ltd ("Corbitex", "we", or "us") handles information in connection with the Basix software (the "Software"). Our guiding principle is simple: your business data stays with you. This policy applies worldwide. If you are located in a region with specific data-protection laws — such as the European Economic Area (EEA), the United Kingdom, or California — the additional rights set out below also apply to you.
The overwhelming majority of your data — including customers, contacts, tasks, attendance records, documents, diary entries, and chat messages — is stored locally, on your own device or on a network or shared drive that you control. Corbitex does not host, receive, transmit, or otherwise access this data, and cannot read, recover, or delete it on your behalf.
Only a limited amount of information is sent to our servers, and solely to operate essential functions: (a) license validation and account setup — a device identifier, your email address, and your company or administrator name; (b) software updates — your current version and a device identifier; (c) support requests — your email address, your username, and the contents of any ticket you submit; and (d) optional Vault recovery — if you enable recovery for the Vault, a recovery code linked to your device identifier and license key, held solely so that you can regain access to the vault; and (e) payments and subscriptions (optional) — if you purchase or renew a license within the app, the billing details you provide (such as name, email, billing country, and subscription or transaction identifiers) are processed by our payment providers to take payment and confirm your license entitlement; we receive confirmation of your subscription status and transaction references, but we do not receive or store your full payment-card details, which are handled directly by the payment provider. We use this information only to provide licensing, payments, updates, and support. We never sell it, and we never use it for advertising.
If you connect a calendar (Google Calendar, Microsoft Outlook, or Apple iCloud), the Software exchanges calendar data — including event titles, descriptions, times, locations, and your account email — directly between your device and that provider. This happens only after you explicitly connect the account, and you can disconnect at any time. Any data you sync is also subject to that provider's own privacy policy.
Chat messages and calls run over your local network. Message content is stored locally and is never transmitted to us. Calls are peer-to-peer within your network; we do not route, record, or store call audio or video.
We rely on a small number of providers to operate the functions described above: Cloudflare, which hosts our licensing, update, and support API, and Amazon Web Services (SES), which we use to send verification and support emails. If you enable calendar sync, Google, Microsoft, or Apple act as independent providers for that feature. If you purchase a license through the app, our payment providers — PayPal and Sumit (OfficeGuy) — process your payment and issue receipts or tax invoices as independent processors, and card details are entered with and handled by them, not by Corbitex. We do not use analytics, advertising, or tracking services of any kind.
Where information is sent to Corbitex or to our sub-processors, it may be processed in countries other than your own, including Israel and the United States. Where the law requires it, we rely on appropriate safeguards for such transfers.
Data stored locally remains on your device until you delete it. For the limited data held on our servers: licensing and account records are retained while your installation remains licensed, and for a reasonable period afterward, to meet legal, tax, and accounting obligations; support tickets and their messages are retained while your case is open and for a limited period after it closes, for quality and record-keeping; and Vault recovery codes are retained until you rotate them or remove the installation. Should Corbitex cease operations, we will make reasonable efforts to delete any server-side personal data that we are not legally required to keep.
Depending on where you live, you may have the right to access, correct, delete, or export the limited personal data we hold about you, to object to or restrict its processing, and to lodge a complaint with a supervisory authority. For data stored locally in the Software, you can exercise these rights directly within the app; for data held by us, please contact us using the details below. Users in the EEA and the UK have rights under the GDPR. Users in California have rights under the CCPA/CPRA, including the right not to be discriminated against for exercising them; we do not "sell" or "share" personal information as those terms are defined under California law. We will respond to verified requests within a reasonable time, and in any event within the period required by applicable law (under the GDPR, normally within one month). To request deletion of the limited data we hold about you, simply email us, and we will erase it from our systems except where we are required by law to retain it.
The Software is a business tool and is not directed to children under the age of 16. We do not knowingly collect personal data from children.
We apply reasonable technical and organizational measures to protect the limited data we handle, including encrypted transport for any data sent to our servers. Because most of your data resides on your own device or network, its security also depends on the measures you maintain — device security, access controls, and regular backups.
We may update this Privacy Policy from time to time. The current version is always available within the Software.
For any privacy question, or to exercise your rights, contact Corbitex at support@corbitex.com.