Privacy Policy

Alsa LLC, Dubai, UAE. Contact: hello@belicend.com.

Website visitors

• Aggregate, cookieless analytics via Plausible (pageviews, referrers, country).
• Error telemetry via Sentry (browser context, stack traces) when you opt in.

Applicants and operators

• Account: email, full name, country, preferred language, brand assets.
• Billing: country and currency; card details are stored by Stripe, never by us.
• Legal: company name, registration number, VAT/tax id, legal address.
• Usage: which products you activate, subscription status, dashboard activity.

End-clients (indirect)

Data about your clients (e.g. a webshop using RoomVision) is processed by us on your behalf under the operator agreement. You are the controller; we are the processor.

• Contract: to provide the operator membership you signed up for.
• Legal obligation: tax, accounting, anti-fraud.
• Legitimate interest: security, fraud prevention, service analytics.
• Consent: optional marketing emails, explicit cookie categories.

We share data only with these sub-processors, each under a data processing agreement:

• Supabase — database, authentication, file storage.
• Stripe — payments, billing portal, Stripe Connect payouts.
• Vercel — hosting and edge delivery.
• Resend — transactional email.
• Mux — training video delivery.
• Circle.so — operator community platform.
• Sentry — error telemetry.
• Plausible — cookieless analytics.
• Anthropic — AI model calls within operator-facing tools.

[LEGAL REVIEW] International transfer mechanisms (SCCs, DPF) to be named per jurisdiction.

• Active operators: for the life of the account.
• After cancellation: 90 days to allow re-activation, then account data is deleted.
• Billing records: 7 years (retained per tax law).
• Application data (rejected): 12 months.
• Analytics: aggregate only, retained 24 months.

Where applicable law (GDPR, UK GDPR, and comparable regimes) grants them, you have the right to:

• Access a copy of the data we hold about you.
• Correct inaccurate data.
• Delete your data (subject to legal retention obligations).
• Export your data in a machine-readable format.
• Withdraw consent for anything processed on a consent basis.
• Lodge a complaint with your local supervisory authority.

Email hello@belicend.com to exercise any of the above. We respond within 30 days.

We use the following categories:

• Strictly necessary: Supabase auth session cookie (keeps you logged in), CSRF token. These cannot be disabled without breaking core site functionality.
• Analytics: Plausible — cookieless. No browser storage is used.
• Error telemetry: Sentry — uses localStorage only on error; no tracking cookies.

Because we do not use advertising or cross-site tracking cookies, the consent banner you may see is optional under most jurisdictions. [LEGAL REVIEW]

Data in transit is encrypted via TLS. Database access is limited by row-level security policies: operators can only read their own records, admins can read all. Secrets are stored in Vercel’s encrypted environment vars, never in source. Access is logged.

Our service is B2B and not directed at children under 16. We do not knowingly collect data from children.

We may update this policy. Material changes are emailed to active operators at least 30 days in advance. The effective date at the top of this page always reflects the current version.