Privacy Policy

Last Updated: April 24, 2026

INTRODUCTION

Bazmia Inc., ("Company," "we," "us," or "our"), a Texas Limited Liability Corporation, doing business as Bazmia ("Bazmia™"), a technology platform connecting event service providers with consumers seeking event planning services.

This Privacy Policy describes how we collect, use, disclose, store, and protect personal information when you use our Services.

Important: This Privacy Policy applies only to information controlled by Bazmia™. When you share information with other users (Providers or Consumers), those users become independent controllers of that information and must comply with applicable privacy laws. We are not responsible for how other users handle information you share with them.

Geographic Availability: Bazmia™ is available only to users in the United States and Canada. Account registration requires selecting one of these countries. All data processing occurs in the United States as described in Section 7.

TABLE OF CONTENTS

  1. Information We Collect
  2. How We Use Your Information
  3. Information Sharing Between Users
  4. How We Share Your Information with Third Parties
  5. Data Security
  6. Data Retention
  7. International Data Transfers
  8. Cookies and Tracking Technologies
  9. Your Choices and Rights
  10. Children’s Privacy
  11. Changes to This Privacy Policy
  12. Contact Information
  13. Specific Jurisdiction Provisions
  14. Acknowledgment

1. INFORMATION WE COLLECT

Which means: We collect information you provide directly, information generated when you use the platform, and some information from third parties.

1.1 Information You Provide Directly

Account Registration: We collect your full name, email address, phone number, password (encrypted), account type (Provider or Consumer), brand name or display name, and your role or position in your company.

Provider-Specific Information: If you create a Provider account, we may additionally collect information that includes but is not limited to: business name and legal entity type, year established, business description, services offered and categories, service areas, travel policy and service radius, pricing and rate information, minimum booking value, payment methods you accept, years of experience, credentials and licenses, tax identification number (for payment processing), business website and social media links, availability and calendar information, professional portfolio (photos, videos, samples), hero image for your profile, detailed service menu items and categories, bundled service packages with pricing, insurance information, and business references.

Consumer-Specific Information: We may collect event preferences and interests, typical budget ranges, preferred service categories, and location preferences.

Event Inquiry Information: We may collect information that includes but is not limited to event type, date and time, location/venue, number of guests, budget or price range, detailed requirements and preferences, special requests, dietary restrictions (if applicable), and theme or style preferences.

Communications: We do not retain information through, emails to or from Bazmia™, however, we may collect information that includes but is not limited to customer support tickets, chat transcripts, phone call recordings (with notice), feedback forms and surveys, and reviews and ratings.

Payment Information: We may collect credit card number (last 4 digits only; full numbers handled by payment processors).

Reviews and Ratings: We may collect information that includes but is not limited to star ratings, written reviews, photos uploaded with reviews, responses to reviews, and helpfulness votes.

1.2 Information from Third Parties

We do not control third-party collection. Manage or revoke access through your third-party account settings.

We may receive information or references or recommendations, reviews and ratings, reports or complaints, and shared contact information from other users, or from other third party accounts including but not limited to social media, design platforms, and payment processors.


2. HOW WE USE YOUR INFORMATION

Which means: We may use your information to operate the platform, facilitate connections, process payments, communicate with you, improve services, ensure safety, and comply with legal requirements.

We may use your information to provide and operate the Services including creating and managing accounts, authenticating logins, enabling platform features, processing updates, managing security, providing customer support, and responding to inquiries. We use it to facilitate searches and display relevant listings, process booking requests, enable direct communication, manage calendars, and send notifications. For payment processing, we use it to process transactions, calculate fees, issue receipts, manage refunds, prevent fraud, and comply with financial regulations.

We may use your information to facilitate user connections by matching Consumers with Providers based on event type, requirements, location, availability, budget, and reviews. We personalize search results, recommend Providers, and suggest relevant services. We share contact information between users who choose to connect and display public profiles.

We may use your information to improve and develop Services through analytics and research including analyzing usage patterns, understanding user behavior, identifying popular features, detecting bugs, measuring engagement, and conducting A/B testing. We develop new features, improve existing functionality, enhance user experience, optimize performance, and fix bugs. We train machine learning algorithms to improve search results, develop recommendations, improve fraud detection, enhance personalization, and optimize matching.

We may use your information for marketing and communications including sending promotional emails (with consent) about new features, special promotions, success stories, tips, company news, personalized recommendations, surveys, and newsletters. You can opt out anytime. We send transactional communications (cannot opt out) including account confirmations, password resets, booking confirmations, payment receipts, service announcements, Terms and Privacy Policy updates, security alerts, and customer support responses.

We may use your information for safety, security, and fraud prevention by verifying identities, detecting and preventing fraud, identifying fake accounts, monitoring for suspicious activity, preventing spam and abuse, protecting against account takeovers, implementing authentication and access controls, detecting unauthorized access, preventing data breaches, responding to security incidents, investigating reports and complaints, enforcing Terms of Service, suspending or terminating violating accounts, cooperating with law enforcement, identifying payment fraud, detecting identity theft, preventing fake reviews, and monitoring for money laundering.

We may use your information for legal compliance and protection to comply with laws and regulations, respond to legal requests (subpoenas, court orders), meet tax reporting requirements, fulfill data protection obligations, comply with financial regulations, defend against legal claims, enforce our agreements, protect our rights and property, prevent harm or illegal activities, and address emergencies.

We may use your information for business operations including managing business relationships, conducting analysis and reporting, maintaining business records, processing billing, managing accounts, conducting audits, evaluating business transactions (mergers, acquisitions), monitoring customer service quality, training employees, and evaluating service providers.


3. INFORMATION SHARING BETWEEN USERS

Which means: When you contact another user, we share your information with them. After that, they're responsible for how they use it, not us.

3.1 How Information Sharing Works

When a Consumer contacts a Provider, we may share the Consumer's full name, email address, phone number (if provided), general location (city/region), and event details including type, date, time, venue location, number of guests, budget range, special requirements, message content, and any shared documents or photos.

When a Provider responds to a Consumer, we may share the Provider's business name and owner name, email address, phone number, business address or service area, service descriptions and pricing, availability information, portfolio, website and social media links, professional credentials (if displayed), reviews and ratings, response rate and time, membership duration, message or proposal content, and any shared contracts or documents.

3.2 Critical Understanding: Independent Controllers

IMPORTANT: Once information is shared, the recipient becomes an independent data controller with independent legal obligations. Bazmia™'s role ends at the point of sharing. We do NOT control how recipients use, store, or protect information after sharing. We CANNOT force recipients to delete or modify shared information. We have NO ongoing relationship regarding shared data.

What this means: If you're sharing information, understand that once shared, it's beyond your (and our) control. If you're receiving information, you have direct legal responsibilities to handle it properly. Bazmia™ is NOT responsible for the other party's actions.

3.3 Provider Obligations as Data Controllers

Providers MUST comply with privacy laws including FTC Act, state privacy laws (CCPA, VCDPA, etc.), GDPR (if dealing with EU residents), PIPEDA (if dealing with Canadian residents), TCPA, and CAN-SPAM. Providers must provide privacy notices, obtain appropriate consents, use data only for providing event services, implement reasonable security measures, honor data subject rights (access, deletion, correction, portability, opt-out), retain data only as long as necessary, and report data breaches as required by law.

3.4 Consumer Responsibilities

Before sharing, understand that information shared with Providers is beyond Bazmia™'s control, Providers will use information according to their own practices, Bazmia™ does NOT guarantee Provider privacy practices, and Bazmia™ is NOT responsible for Provider misuse. You have no recourse against Bazmia™ for how Providers use your information. If a Provider misuses information, address complaints directly with the Provider or file complaints with regulators.

3.5 No Liability for User Privacy Practices

Bazmia™ is explicitly NOT LIABLE for how users collect, use, store, share, or secure data they receive from other users. We are not liable for unauthorized purposes, commercial use, marketing, data analysis, security failures, data breaches, privacy violations, identity theft, or any consequences from users' privacy practices.

3.6 Information Persistence

Once shared, recipients may have already saved or copied information, Bazmia™ cannot retrieve or delete information from recipient systems, suspending accounts does not erase previously shared information, and recipients may have legal obligations to retain certain information. What we can do: suspend or terminate accounts that misuse information, remove listings and profiles. What we cannot do: force users to delete information, recover information from user systems, monitor all uses of shared information.


4.  HOW WE SHARE YOUR INFORMATION WITH THIRD PARTIES

Which means: We share information with service providers who help us operate the platform, with companies if we're acquired, and when required by law. We don't sell your personal information.

4.1  Service Providers and Business Partners

We share information with third-party service providers who perform services on our behalf. These providers are authorized to use your personal information only as necessary to provide these services to us. These services may include, but are not limited to:

Payment Processing: We use third-party payment processors, such as Stripe and PayPal, to securely process your transactions. The data shared includes your name, email, payment information, and transaction details. We may engage additional payment processing vendors as needed to facilitate secure payments on our platform.

Cloud Hosting: Our platform data, user accounts, and communications are hosted on secure cloud infrastructure provided by vendors including AWS, Microsoft Azure, and Contabo. While we primarily utilize servers located within the United States, we may engage other cloud hosting service providers or regions as necessary to ensure the stability and performance of our services.

Email Services: We partner with email service providers, including Google, Microsoft, and Yahoo, to manage email addresses, names, and communication preferences. We may utilize additional email service providers to ensure the reliable delivery of platform communications and updates.

SMS/Messaging: We may partner with messaging service providers, including Twilio (United States), to manage phone numbers, message content, and delivery status. We may also engage additional messaging providers as needed to ensure the reliable delivery of platform communications and updates.

Customer Support: We utilize third-party customer support and communication platforms to manage and respond to your inquiries. The data shared with these providers may include your name, email address, support ticket details, and chat transcripts. These services are typically hosted in the United States to ensure efficient processing of your support requests.

Analytics: We utilize third-party analytics providers to help us understand how users interact with our platform. These services collect and process usage data, device information, and behavioral data. While we primarily use established providers like Google Analytics, Mixpanel, and Amplitude, we may engage additional analytics services—typically hosted in the United States—to improve our platform's performance and user experience.

Marketing/Advertising: We may partner with advertising service providers, including Google Ads and Facebook Ads (United States and Ireland), to manage and deliver marketing campaigns. These providers may process email addresses, device identifiers, and usage data. We may also engage additional advertising partners as needed to support campaign delivery and performance.

Mapping: We may use mapping service providers, including but not limited to Google Maps API (United States), to provide location-based functionality. These providers may process IP addresses, GPS coordinates, and address data.

Geolocation: We may use geolocation service providers, including but not limited to ip-api.com (globally distributed), to determine approximate user location for fraud prevention and compliance purposes. These providers process IP addresses and return country-level location data only.

CDN: We may partner with content delivery providers, including but not limited to Cloudflare and AWS CloudFront (globally distributed), to deliver and cache platform content efficiently. These providers may process IP addresses, page requests, and cached content.

Security: We may engage security and authentication providers, including but not limited to Cloudflare (DDoS protection) and Okta (authentication) (United States and globally), to protect our platform and manage access. These providers may process IP addresses, login attempts, and security-related events.

Accounting/Tax: We may use accounting and tax service providers, including but not limited to QuickBooks and TaxJar (United States), to manage financial records and tax compliance. These providers may process payment transactions and tax calculation data.

Design Platform: We may integrate with design platforms, including but not limited to Canva (Australia), where users choose to connect their accounts. These providers may process OAuth authorization codes, access tokens, refresh tokens, associated email addresses, and design library data. This integration is optional, requires explicit user consent, and may be revoked at any time.

Mobile Push Notifications: We may utilize mobile notification services, including but not limited to those provided by Apple (Apple Push Notification service) and Google (Firebase Cloud Messaging), as well as third-party tools like Expo, to deliver updates and alerts. The data shared includes device tokens, notification content, user identifiers, and delivery receipts. We may utilize additional notification service providers or native development tools to ensure reliable message delivery to your device.

WhatsApp Business: We may partner with messaging service providers, including but not limited to Meta WhatsApp Business API (United States and globally), to facilitate communications through WhatsApp Business. These providers may process message content, recipient phone numbers, media files, business phone credentials, inbound messages, and delivery status. We may also engage additional messaging providers as needed to ensure reliable communication delivery.

System Monitoring: We may use monitoring and analytics providers, including but not limited to OpenTelemetry and Grafana Cloud (United States and globally), to maintain platform performance and reliability. These providers may process performance metrics, application logs (which may include user or session identifiers but not personal content), error reports, and infrastructure health data.

All service providers are contractually obligated to protect your information, use it only for specified purposes, implement security measures, maintain confidentiality, and not sell or rent your information.

4.2 Business Transfers

In the event of merger, acquisition, sale of assets, bankruptcy, reorganization, or financing, your information may be disclosed to potential buyers during due diligence and transferred to the acquiring entity. We will provide notice via email and prominent notice on the Application at least 30 days before transfer. You can delete your account before transfer. The successor will be bound by this Privacy Policy until they provide notice of changes.

4.3 Legal Requirements and Law Enforcement

We may disclose information when legally required to comply with laws, regulations, subpoenas, court orders, valid legal process, regulatory requests, or national security requirements. We may disclose to protect rights and safety by enforcing Terms of Service, protecting our rights or users' rights, preventing harm or illegal activities, and defending against legal claims. We review requests for legal validity, may challenge improper requests, provide user notice when permitted, and may publish transparency reports.

4.4 Aggregated and De-identified Information

We may share aggregated, de-identified, or anonymous information that cannot identify you individually with business partners, investors, researchers, industry organizations, media, and the public for industry reports, research, marketing, product development, presentations, and statistical analysis. This data is not subject to Privacy Policy restrictions.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent, including partner services, integrations with other platforms, co-branded services, social sharing, research and surveys, and promotional opportunities. You can revoke consent anytime (subject to legal limitations).

4.6 With Other Users (Public Information)

Provider public profiles are visible to all users and may be indexed by search engines, including business name, description, services, portfolio, reviews, ratings, response rate, membership duration, and credentials. Consumer reviews are publicly visible including name (or username), review text, star rating, date, and photos. Public information may be cached or archived by third parties including search engines.

4.7 No Sale of Personal Information

We do NOT sell personal information to data brokers, advertisers, or for third-party marketing. We do not rent customer lists or exchange information for money. Under California law (CCPA/CPRA), we do not "sell" or "share" personal information as defined by the statute.


5. DATA SECURITY

We use security measures to protect your information, but no system is 100% secure. You're also responsible for protecting your account.

5.1 Security Limitations

No system is 100% secure. Data breaches can occur. New vulnerabilities emerge. Human error happens. The internet is not fundamentally secure. Public Wi-Fi is risky. Email is not secure. Mobile devices are vulnerable. We rely on third parties who may have weaknesses.

We are NOT LIABLE for: Sophisticated cyberattacks beyond reasonable control, zero-day exploits, social engineering attacks targeting you, third-party service provider breaches, security failures caused by your actions (weak passwords, sharing passwords, not enabling MFA, clicking phishing links, malware, compromised devices, unsecured public Wi-Fi), vulnerabilities in systems we don't control (your devices, ISP, third-party apps, social media, email providers), or consequences including identity theft, financial losses, reputational harm, emotional distress.

Exception: Under Texas law, we cannot disclaim liability for our own gross negligence or intentional misconduct.

5.2 Your Security Responsibilities

You are responsible for: Creating strong passwords (min 8 chars, mixed case, numbers, symbols, unique to Bazmia™). Protecting your password (never share, don't write down in accessible locations, change if compromised). Enabling security features (MFA, biometric login, login notifications, reviewing active sessions). Securing devices (passwords/biometrics, antivirus software, updates, encryption, remote wipe, lock when not in use, no jailbroken/rooted devices). Using secure networks (avoid public Wi-Fi for sensitive transactions, use VPN on public networks, don't use shared/public computers, log out on shared devices). Being vigilant (recognize phishing, verify sender addresses, don't click suspicious links, don't download unexpected attachments, contact us directly if suspicious). Monitoring your account (review activity, check for unauthorized logins, verify transactions). Reporting security issues immediately (email support@bazmia.com, change password, enable additional measures).

5.3 Data Breach Response

If we experience a breach affecting your information, we will investigate promptly, contain the breach, assess scope and impact, preserve evidence, and engage experts if necessary. We will notify you if information was accessed, breach poses risk, or required by law. Notification within 72 hours (GDPR), 60 days (California), or as required by other laws via email and prominent notice on Application. Notice will include incident description, types of information involved, steps we've taken, steps you should take, contact information, and additional resources. We will notify regulators as required (Texas AG if 250+ Texas residents, state AGs, FTC, European DPAs, others). We will take steps to prevent recurrence, may offer credit monitoring, enhance security, and conduct post-incident reviews.

If notified: Change password immediately, enable MFA, monitor account, review financial accounts, consider fraud alerts, file police report if identity theft occurs, keep records.


6. DATA RETENTION

Which means: We keep your information as long as your account is active and for a reasonable period afterward for legal and business purposes.

6.1 Active Account Retention

While your account is active, we retain all information necessary to provide Services, maintain your account and profile, process transactions and communications, comply with legal obligations, resolve disputes, and enforce agreements. We do NOT automatically delete information based on age or inactivity.

6.2 Retention After Account Closure

Immediate actions: Profile removed from public view, listings unpublished, access to Application disabled, active communications disabled.

We retain: Basic account information (name, email, registration date, account status, termination reason) for 7 years for tax compliance (IRS requirements) and financial regulations. Transaction records (payment history, invoices, receipts, fees, refunds) for 7 years for financial reporting and audit requirements. Communications (messages, support tickets, legal notices, dispute records) for 3 years (longer if disputed) for dispute resolution. Reviews and ratings indefinitely (anonymized after closure) for platform integrity. Legal and compliance records as required by law for pending litigation, regulatory requirements, establishing claims. Security and fraud prevention data (fraud investigations, security incidents, banned accounts, IP addresses, payment fraud) for 5 years. WhatsApp message content and history indefinitely unless deletion specifically requested for business communication records. Aggregated and de-identified data indefinitely for analytics and research.

6.3 Backups and Legal Holds

Information may persist in backup systems (30-90 days active, up to 7 years archival) until backups expire. We may retain information beyond normal periods when subject to legal hold (subpoena, court order, litigation, regulatory investigation). Deletion requests are suspended during legal holds and processed after holds are lifted.

6.4 User-to-User Shared Information

Critical limitation: Information you shared with other users cannot be retrieved by Bazmia™, remains in recipient's possession even after you delete your account, may be retained by recipient according to their own policies and legal obligations. Closing your account does NOT delete information already shared with other users. We cannot force other users to delete your information.


7. INTERNATIONAL DATA TRANSFERS

Which means: Your information is transferred to and processed in the United States (Texas). Different countries have different privacy laws.

7.1 Data Transfer Overview

Bazmia™, is a tradename of and is operated by Bazmia Inc., a Texas corporation with principal operations in Texas, United States. Primary servers are located in the United States.

If you are outside the US, your information WILL be transferred to the US, stored on US servers, processed by US personnel, accessed by US service providers, and subject to US laws. It may also be transferred to EU (certain providers), Canada (certain operations), Australia (Canva), and other countries where service providers operate.

7.2 Legal Basis for Transfers

We transfer data based on necessity for contract performance (you cannot use Bazmia™ without US transfers), your consent (by using Services after reading this Privacy Policy), legitimate business interests (global platform requires international data flows), and legal compliance (required for law enforcement, regulatory, tax reporting).

7.3 Transfer Mechanisms

For EEA/UK/Switzerland: We comply with GDPR/UK GDPR using European Commission-approved Standard Contractual Clauses (SCCs) with service providers, supplementary measures (encryption, access controls, pseudonymization, security assessments, contractual restrictions on government access). SCCs available upon request. We may participate in EU-US Data Privacy Framework (if applicable, certification details would be included). For Canada: We comply with PIPEDA using contractual safeguards similar to SCCs and security measures comparable to Canadian requirements. For Other Jurisdictions: We implement appropriate safeguards based on local requirements.

7.4 Risks of International Transfers

US privacy laws differ from other countries. US lacks comprehensive federal privacy law like GDPR. State laws vary (California CCPA/CPRA, Virginia, Colorado, Connecticut, Utah vs. Texas with limited protections). US government may access data under FISA (Foreign Intelligence Surveillance Act), National Security Letters, law enforcement warrants/subpoenas, often without your knowledge. Your legal recourse may differ in the US. You may not have same rights as in home country. Enforcement mechanisms differ. Private right of action is limited. Service providers may have different practices and be subject to different obligations.

7.5 International User Acknowledgments

By using Bazmia™, you acknowledge and accept: Data will be transferred to and processed in US, US laws will govern, US government may access data, legal protections may differ. You understand: This is necessary for Bazmia™ to provide Services, you cannot use Bazmia™ without these transfers. You consent to: International transfers, accepting associated risks, waiving certain local rights (to extent permitted by law). Opt-out: Only way to opt out is not using Bazmia™. Withdrawal requires account deletion. Past transfers are not reversed.

7.6 Data Localization and Storage

Primary storage: United States, encrypted at rest, and redundant across multiple availability zones. Backup storage: United States, with geographic distribution to support robust disaster recovery. Service provider storage: Various locations as further described in Section 4.1. Temporary storage: Content Delivery Network (CDN) edge servers located globally, with log data stored on distributed systems.

Data localization: We generally do NOT store data in-country for most jurisdictions except US. If your country requires data localization, you may not be able to use Bazmia™. Contact us at support@bazmia.com for specific requirements.


8. COOKIES AND TRACKING TECHNOLOGIES

Which means: We use cookies and similar technologies to improve the Application, remember preferences, and analyze usage. You can control some through browser settings.

8.1 What We Use

Cookies: Small text files storing session identifiers, preferences, authentication tokens. Types: session (deleted when browser closes), persistent (remain until expiry), first-party (Bazmia™), third-party (partners). Web Beacons (Pixels): Small invisible graphics tracking page views, email opens, ad effectiveness. Local Storage: HTML5 local storage holding larger amounts of data, persisting across sessions. Mobile Identifiers: IDFA (iOS), AAID (Android) for analytics and advertising. SDKs: Analytics (Google Analytics, Mixpanel), crash reporting, advertising SDKs in mobile apps.

8.2 Why We Use These Technologies

Essential (cannot disable): Authentication and security (login, CSRF prevention, fraud detection, session management), load balancing, user interface (preferences, cart state, form preservation).

Functional (can disable): Settings and preferences (language, location, display, notifications, accessibility), personalization (customized UI, saved searches, recently viewed, favorites).

Analytics (can disable): Usage analytics (pages visited, click patterns, feature engagement, search queries, conversion funnels), performance monitoring (load times, error rates, API response times, device compatibility), A/B testing.

Advertising (can disable): Targeted advertising (relevant ads, retargeting, measuring impressions/clicks, attribution), social media integration (sharing buttons, social login, ad pixels), email marketing (tracking opens, clicks, A/B testing).

8.3 Third-Party Cookies and Tracking

Google Services: Google Analytics (privacy policy: https://policies.google.com/privacy, opt-out: https://tools.google.com/dlpage/gaoptout), Google Ads (opt-out: https://adssettings.google.com), Google Tag Manager, Google Maps.

Facebook/Meta: Facebook Pixel (privacy: https://www.facebook.com/privacy/explanation, opt-out: https://www.facebook.com/settings?tab=ads).

Canva: When you connect Canva, Canva may set cookies to maintain authenticated session and provide design services. Governed by Canva privacy policy: https://www.canva.com/policies/privacy-policy/. We do not control Canva's cookies. Manage or revoke access through Canva account settings.

Other Third Parties: Mixpanel, Amplitude, Segment, Intercom, Zendesk, Hotjar, Expo, Grafana Cloud.

Important: We do NOT control third-party cookies. Third parties have their own privacy policies. They may combine data across sites and share with partners. Review third-party privacy policies.

8.4 Managing Cookies and Tracking

Browser Controls: Block all cookies (Warning: breaks Bazmia™), block third-party cookies only (recommended), delete existing cookies (clear browsing data), view and manage individual cookies.

Browser-Specific: Chrome: Settings > Privacy and security > Cookies. Safari: Preferences > Privacy. Firefox: Options > Privacy & Security > Enhanced Tracking Protection. Edge: Settings > Cookies and site permissions.

Cookie Preference Center: Click "Cookie Settings" in footer. Toggle categories: Essential (required), Functional, Analytics, Advertising. Save preferences.

Mobile App: iOS: Settings > Privacy > Tracking (toggle off), Settings > Bazmia™ > Tracking (disable). Android: Settings > Google > Ads (opt out, reset advertising ID).

Do Not Track: We do NOT currently respond to DNT browser signals. No industry standard exists.

8.5 Effects of Disabling

All cookies disabled: Cannot log in, cart won't work, cannot complete bookings, security features disabled, session management fails. Functional disabled: Preferences not saved, language resets, must re-enter location, custom settings lost. Analytics disabled: Site fully functional, but we can't improve based on your usage. Advertising disabled: Site fully functional, still see ads, but not personalized.


9. YOUR CHOICES AND RIGHTS

Which means: You can access, correct, and delete your information, opt out of marketing, and exercise various privacy rights depending on your location.

9.1 Account Information Access and Updates

You can access and update most of your account information through your account settings. Log in, go to Settings, and update your profile information, contact details, business information (for Providers), preferences and settings, payment methods, or privacy settings. Changes take effect immediately. For information you cannot update yourself, contact us at support@bazmia.com.

9.2 Marketing Communications Preferences

Email Marketing: You can opt out of promotional emails by clicking "Unsubscribe" at the bottom of any marketing email, logging into account settings and updating email preferences, or emailing support@bazmia.com with "Unsubscribe" in the subject. Opt-out takes effect within 10 business days. You will still receive transactional emails (account notifications, booking confirmations, receipts, security alerts, Terms/Policy updates) which are necessary for the Services.

Marketing Calls: If we call you for marketing, you can opt out by telling us during the call, emailing support@bazmia.com, or updating preferences in account settings.

9.7 Privacy Rights by Jurisdiction

Your privacy rights depend on where you live. We honor all applicable rights under federal and state laws.

All Users (United States Federal Rights):

– Right to accurate information about our data practices (this Privacy Policy)

– Right to complain to FTC if you believe we violated your rights (ftc.gov/complaint)

– Right to opt out of marketing communications

– Right to request account deletion (subject to legal retention requirements)

You have the right to know what personal information we collect, the categories of sources, business purposes for collection, and categories of third parties we share with. Right to access your specific personal information we hold (up to twice per 12-month period). Right to deletion of your personal information (subject to exceptions for legal compliance, fraud prevention, security, completing transactions, exercising free speech, research, internal operations). Right to correct inaccurate personal information. Right to opt out of "sale" or "sharing" of personal information (Note: We do NOT sell or share personal information as defined by CCPA). Right to limit use and disclosure of sensitive personal information (Note: We do not use sensitive personal information in ways requiring opt-out rights). Right to non-discrimination for exercising CCPA rights (we will not deny services, charge different prices, provide different quality, or suggest you'll receive different services for exercising rights).

Categories of Personal Information Collected (CCPA):

 – Identifiers (name, email, phone, address, IP address, device IDs)

 – Personal information categories (SSN for verification, payment info, employment info, education info)

 – Protected classification characteristics (age, date of birth)

 – Commercial information (transaction history, booking details, purchase records)

 – Biometric information (if you provide photos that may contain biometric data)

 – Internet/network activity (browsing history, search history, interactions with Application)

 – Geolocation data (precise or approximate location)

 – Sensory data (photos, videos, audio if you upload them)

 – Professional/employment information (business name, role in company, credentials, licenses, year established, business type)

 – Education information (credentials, certifications)

 – Inferences (profiles reflecting preferences, characteristics, behavior, attitudes)

New categories disclosed: Brand name, WhatsApp phone number, role in company, year established, travel policies, minimum booking value, payment methods accepted, hero images, service menu items, service packages, message content through WhatsApp.

To exercise California rights, email support@bazmia.com with subject "California Privacy Request." Provide name, email, account details, specific right you're exercising, and enough information to verify identity. We respond within 45 days (may extend 45 additional days if needed). No fee for first two requests in 12 months; may charge reasonable fee thereafter.

Authorized agents: California residents may designate authorized agents. Agent must provide written authorization signed by you or power of attorney. We may require you to verify your identity directly.

Virginia, Colorado, Connecticut, Utah Residents:
Similar rights to California including right to access personal data, right to correct inaccuracies, right to delete personal data, right to obtain copy of personal data (data portability), right to opt out of targeted advertising, sale of personal data, and profiling (Note: We do not engage in these activities). Exercise rights by emailing support@bazmia.com with subject "[APPLICABLE STATE] Privacy Request."

Nevada Residents:
Right to opt out of "sale" of personal information. We do NOT sell personal information as defined by Nevada law. If our practices change, we will provide opt-out mechanism. Contact support@bazmia.com with questions.

Canadian Residents (PIPEDA):
Right to access your personal information we hold. Right to correct inaccurate information. Right to withdraw consent for certain uses (may limit Services). Right to complain to Privacy Commissioner of Canada (Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, Quebec K1A 1H3, toll-free 1-800-282-1376, priv.gc.ca). Exercise rights by emailing support@bazmia.com with subject "PIPEDA Request."

European Economic Area, United Kingdom, Switzerland (GDPR/UK GDPR):
Although Services are limited to US/Canada residents, if you are an EU citizen living in North America, you have: Right of access to your personal data. Right to rectification of inaccurate data. Right to erasure ("right to be forgotten") in certain circumstances. Right to restriction of processing in certain circumstances. Right to data portability (receive your data in structured, commonly used format). Right to object to processing based on legitimate interests or for direct marketing. Rights related to automated decision-making and profiling. Right to withdraw consent where processing is based on consent. Right to lodge complaint with supervisory authority (contact details at edpb.europa.eu).

Exercise rights by emailing support@bazmia.com with subject "GDPR Request." We respond within 30 days (may extend additional 60 days if complex).

9.8 How to Exercise Your Rights

To submit requests: Email support@bazmia.com with clear subject line indicating your request type and jurisdiction (e.g., "California Privacy Request - Data Access" or "GDPR Request - Deletion"). Provide full name, email address associated with account, account username (if applicable), specific right you're exercising, enough information to verify your identity, and any additional details needed to process request.

Verification: We must verify your identity before processing requests to protect against fraudulent requests. We will ask you to provide information matching your account (email, phone number, account details), answer security questions, or confirm via email verification link. For deletion requests or highly sensitive data, we may require additional verification.

Response timeframe: CCPA requests: 45 days (may extend 45 additional days if needed). GDPR requests: 30 days (may extend additional 60 days if complex). Other state laws: 45-60 days depending on jurisdiction. We will notify you if we need additional time.

Fees: Generally, no fee for reasonable requests. We may charge reasonable fee if requests are manifestly unfounded, excessive, or repetitive, or for additional copies beyond the first free copy.

Denials: We may deny requests if we cannot verify your identity, request is manifestly unfounded or excessive, information is subject to legal hold or litigation, deletion would compromise security or fraud prevention, retention is required by law, or other legal exemptions apply. If denied, we explain why and inform you of appeal rights.

Appeals: If we deny your request and you are in Virginia, Colorado, Connecticut, or other states with appeal rights, you can appeal by emailing support@bazmia.com with subject "Privacy Request Appeal" within 30 days. We will respond to appeals within 60 days. If we uphold denial, we will inform you of your right to contact your state attorney general.


10. CHILDREN'S PRIVACY

Which means: Our Services are not for anyone under 18. We don't knowingly collect information from children.

10.1 Age Restrictions

Bazmia™ Services are intended only for individuals 18 years of age or older. You must be at least 18 years old to create an account or use our Services. By using our Services, you represent and warrant that you are at least 18 years old.

10.2 No Knowing Collection from Children

We do not knowingly collect, use, or disclose personal information from anyone under 18 years of age. Our registration process requires users to confirm they are 18 or older. We collect date of birth during registration to verify age eligibility.

10.3 If We Discover Information from a Child

If we learn that we have collected personal information from someone under 18, we will delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us immediately at support@bazmia.com with subject "Child Privacy Issue."

10.4 Parental Notice and Requests

Parents or legal guardians who believe their child under 18 has provided us with personal information may contact us at support@bazmia.com. Provide your child's name, email address used (if known), relationship to the child, and any other information to help us locate the account. We will verify your identity as the parent or guardian before taking action. We will promptly delete the account and all associated information.

10.5 Compliance with COPPA

While our Services are not directed to children under 13 and we do not knowingly collect information from children under 13, we comply with the Children's Online Privacy Protection Act (COPPA) as a protective measure. If we discover we have collected information from a child under 13, we will delete it immediately and will not use or disclose it for any purpose.



11. CHANGES TO THIS PRIVACY POLICY

Which means: We may update this policy from time to time. We'll notify you of material changes.

11.1 Right to Modify

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, Services, legal requirements, technology, or for other business reasons. Changes become effective on the date specified in the updated policy.

11.2 Notice of Material Changes

For material changes that significantly affect your rights or how we handle your information, we will provide prominent notice at least 30 days before the effective date through:

 – Email to your registered email address

 – Prominent notice on the Application homepage

 – In-app notification when you log in

 – Notice banner on all pages

Material changes include changes to what information we collect, how we use your information, with whom we share information, how long we retain information, your rights and choices, international data transfers, or our contact information.

11.3 Non-Material Changes

For non-material changes (minor clarifications, formatting, adding examples, correcting typos, updating third-party service provider names), we will update the "Last Updated" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically. Your continued use of Services after changes become effective constitutes acceptance of the changes.

11.4 Your Acceptance of Changes

By continuing to use our Services after the effective date of changes, you accept the updated Privacy Policy. If you do not agree with changes, you must stop using our Services and delete your account before the effective date. Deleting your account before changes take effect means the new policy will not apply to you (subject to our data retention policies in Section 6).

11.5 Prior Versions

We maintain an archive of prior Privacy Policy versions. You can request copies of previous versions by emailing support@bazmia.com with subject "Prior Privacy Policy Request" and specifying the date or version you want.


12. CONTACT INFORMATION

Which means: Here's how to reach us with privacy questions or requests.

12.1 Privacy Officer

For privacy-related questions, concerns, or requests, contact our Privacy Officer:

Email: support@bazmia.com (preferred method) Mail: Bazmia™, Attn: Privacy Officer; 2210 Loring Drive, Allen, TX 75013 USA.

12.2 General Inquiries

For general customer service inquiries not related to privacy: Email: support@bazmia.com

12.3 Data Protection Officer

For European data protection inquiries (if you are an EU citizen residing in US/Canada): Email: support@bazmia.com Subject Line: Please include "GDPR Inquiry" in subject line

12.4 Response Time

We strive to respond to privacy inquiries within 5 business days for general questions and within timeframes required by law for rights requests (see Section 9.8). For urgent security concerns, email support@bazmia.com with subject "Urgent Security Issue."

12.5 Regulatory Contacts

To file complaints with regulatory authorities:

United States - Federal Trade Commission: Website: ftc.gov/complaint Phone: 1-877-FTC-HELP (1-877-382-4357)

California - Office of the Attorney General: Website: oag.ca.gov/privacy Privacy Enforcement and Protection Unit California Department of Justice 300 South Spring Street, First Floor Los Angeles, CA 90013

Canada - Privacy Commissioner: Website: priv.gc.ca Phone: 1-800-282-1376 Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau, Quebec K1A 1H3

European Data Protection Authorities: Website: edpb.europa.eu/about-edpb/board/members_en(Contact details for your specific country's data protection authority)


13. SPECIFIC JURISDICTION PROVISIONS

Which means: Additional rights and information for users in specific locations.

13.1 California Residents

CCPA/CPRA Notice at Collection: We collect the categories of personal information listed in Section 9.3. We use this information for business purposes described in Section 2. We disclose information to third parties as described in Section 4. We do NOT sell or share your personal information as defined by CCPA/CPRA.

Sensitive Personal Information: We may collect sensitive personal information. We may use this information only for purposes disclosed in this Privacy Policy and not for profiling or advertising. You have the right to limit use of sensitive personal information, though we do not use it in ways requiring opt-out rights.

Financial Incentives: We do not offer financial incentives or price differences based on collection, retention, or sale of personal information.

Retention: See Section 6 for detailed retention periods. Generally, we retain account data while active plus 7 years after closure, transactions for 7 years, communications for 3 years, and some data indefinitely as disclosed.

Do Not Sell: We do not sell personal information. If our practices change, we will update this policy and provide opt-out mechanisms.

Contact for California Privacy Rights: support@bazmia.com

California Shine the Light: Under California Civil Code Section 1798.83, California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

13.2 Nevada Residents

Nevada residents may opt out of the "sale" of certain personal information. We do NOT sell personal information as defined by Nevada Revised Statutes Chapter 603A. If our practices change, we will update this Privacy Policy and provide required opt-out mechanisms. Contact support@bazmia.com with questions.

13.3 Canada (PIPEDA)

Consent: We obtain consent for collection, use, and disclosure of personal information either expressly (you affirmatively agree) or impliedly (through your use of Services). You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting support@bazmia.com. Withdrawing consent may limit or prevent our ability to provide Services.

Accountability: Bazmia™ is responsible for personal information under our control, including information transferred to third-party service providers. We use contractual agreements to ensure service providers provide comparable protection.

Cross-Border Transfers: Your information is transferred to and processed in the United States as described in Section 7. US laws may differ from Canadian privacy laws. US government agencies may access information stored in the US. By using our Services, you consent to cross-border transfers.

Access and Correction: You can request access to your personal information and request corrections by contacting support@bazmia.com with subject "PIPEDA Access Request." We respond within 30 days. We may charge a minimal fee for complex requests.

Complaints: File complaints with the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.

13.4 European Economic Area and United Kingdom

Although our Services are limited to US and Canada residents, if you are an EU/UK citizen residing in North America:

Legal Basis for Processing: We process your personal data based on contract (necessary to provide Services), consent (for optional features), legitimate interests (fraud prevention, service improvement, security), and legal obligation (tax reporting, law enforcement requests).

Data Controller: Bazmia™, is the data controller for your personal data.

EU Representative: [If you have 10,000+ EU data subjects or process sensitive data, include EU representative details here, otherwise state "Not required as we do not target EU residents"]

Data Protection Officer Contact: support@bazmia.com

International Transfers: See Section 7 for transfer mechanisms including Standard Contractual Clauses.

Rights: See Section 9.3 for complete list of GDPR rights.

Supervisory Authority: You can lodge complaints with your local supervisory authority. Contact details at edpb.europa.eu.

Data Retention: See Section 6 for retention periods and justifications.

Automated Decision-Making: We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

13.5 Brazil (LGPD)

If you are a Brazilian citizen residing in US/Canada, you have rights under Brazil's Lei Geral de Proteção de Dados (LGPD) including right to access, correct, delete, port, and request information about data processing. Contact support@bazmia.com with subject "LGPD Request." You can file complaints with Brazil's National Data Protection Authority (ANPD) at gov.br/anpd.

13.6 Australia

If you are an Australian citizen residing in US/Canada, you have rights under Australia's Privacy Act and Australian Privacy Principles (APPs). Contact support@bazmia.com with subject "APP Request." You can file complaints with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.

13.7 Texas-Specific Provisions

Governing Law: This Privacy Policy and our data practices are governed by Texas law and United States federal law. Any disputes will be resolved in Texas courts (subject to arbitration provisions in our Terms of Service).

Biometric Data: Texas has specific protections for biometric identifiers under Texas Business & Commerce Code Chapter 503. We do not intentionally collect biometric identifiers (fingerprints, retina scans, voiceprints, hand scans). If you upload photos or videos that may contain biometric data, you consent to such collection and we handle it in accordance with this Privacy Policy.

Data Breach Notification: Under Texas Business & Commerce Code Section 521.053, we will notify affected Texas residents of data breaches involving sensitive personal information without unreasonable delay (generally within 60 days). Notice will be provided by email, mail, or prominent website notice.

No Private Right of Action: Texas does not provide a private right of action for privacy violations. Enforcement is primarily through the Texas Attorney General.

13.8 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate or where our users are located. If you are subject to privacy laws not specifically addressed in this section, contact us at support@bazmia.com to discuss your rights. We will make reasonable efforts to comply with applicable requirements.


14. ACKNOWLEDGMENT

Which means: By using Bazmia™, you acknowledge you've read and understood this Privacy Policy.

14.1 Acknowledgment of Privacy Policy

By creating an account, accessing our Application, or using our Services, you acknowledge that:

You have read this entire Privacy Policy. You understand how we collect, use, disclose, store, and protect your personal information. You understand the risks of sharing information with other users as described in Section 3. You understand that other users are independent controllers of information you share with them. You understand that Bazmia™ is not responsible for how other users handle your information. You understand your information will be transferred to and processed in the United States. You understand the risks of international data transfers described in Section 7. You consent to the collection, use, disclosure, and processing of your information as described in this Privacy Policy. You understand your rights and how to exercise them as described in Section 9.

14.2 Geographic Restriction Acknowledgment

By registering for an account, you specifically acknowledge and confirm that:

You are located in either the United States or Canada. You selected your country truthfully during registration. You understand Bazmia™ Services are available only in the US and Canada. You understand that if you are located outside these countries, you should not use our Services. You understand your data will be processed in the United States regardless of which country you are in. You consent to your data being stored on US servers and processed under US law.

14.3 User-to-User Sharing Acknowledgment

By using our platform to contact other users, you specifically acknowledge that:

Information you share with other users cannot be retrieved by Bazmia™. Other users become independent controllers of your shared information. Bazmia™ is not responsible for how other users use, store, or protect your information. Deleting your Bazmia™ account does not delete information already shared with other users. You understand the risks of sharing personal information with strangers. You will exercise caution before sharing sensitive information.

14.4 Agreement to Terms

This Privacy Policy is incorporated into and made part of our Terms of Service. By using our Services, you agree to both this Privacy Policy and our Terms of Service. If there is any conflict between this Privacy Policy and our Terms of Service, the Terms of Service will control.

14.5 Questions and Concerns

If you have any questions about this Privacy Policy or concerns about how we handle your information, please contact us at support@bazmia.com. We are committed to working with you to resolve any privacy concerns.


END OF PRIVACY POLICY

Last Updated: April 24, 2026

Bazmia Inc., A Texas Corporation Principal Operations: Texas, United States

Contact: support@bazmia.com


Frame 2134243400

Bazmia Inc.

Have questions? Send us an email at

support@bazmia.com