Privacy Policy
Effective date: May 19, 2026. Last updated: May 19, 2026.
1. Introduction
Bacenik LLC ("Bacenik," "we," "us," or "our") values privacy, transparency, and responsible handling of information. This Privacy Policy explains how information may be collected, processed, stored, disclosed, and protected when you access or use Bacenik products, applications, websites, APIs, advisory tools, or related services (collectively, the "Services").
This policy reflects Bacenik's operational practices as accurately as we reasonably can. It helps you understand what information may be processed, how the Services function, and what choices may be available. Certain rights and obligations may vary depending on applicable law, your location, or product configuration.
Product-specific terms. Individual Services may process information differently. The SpendClear Pilot Schedule (Section 19) applies to the SpendClear web app during the pilot and controls for SpendClear where it describes that product.
For purposes of the EU/UK GDPR and similar laws, Bacenik LLC is the data controller for personal data processed under this policy, unless we state otherwise in a separate agreement.
Contact: Privacy & data requests · General inquiries — both reach info@bacenik.com.
2. Local-first architecture
Where supported by product configuration, portions of the Services use a local-first design. Certain content—settings, notes, prompts, guardrails, histories, or configuration—may remain on your device rather than centrally stored by Bacenik.
Even with local-first design, information may still be processed or transmitted when you use cloud-connected features, including for example:
- hosting and content delivery;
- authentication (where accounts exist);
- transient API processing;
- diagnostic and error logs;
- synchronization (where enabled);
- support communications;
- analytics (where enabled);
- security monitoring and abuse prevention;
- payment processing (where applicable);
- infrastructure routing and disaster recovery (where applicable).
You should assume information submitted to cloud-connected functionality may transit through third-party infrastructure providers.
3. Categories of information we may process
Depending on the Service and your choices, we may process:
A. Account and identity information (where accounts are offered)
- name, email address, organization name;
- account identifiers, authentication credentials (hashed or tokenized where applicable);
- subscription or license status.
B. Device and technical information
- browser type, operating system, IP address, device identifiers;
- error logs, diagnostic events, session metadata, performance telemetry (where enabled).
C. Usage information
- feature interactions, preferences, settings, usage patterns (where analytics are enabled);
- export requests and support interactions.
D. User-provided content
- prompts, notes, uploaded files, feedback, support messages, configuration or workflow data.
Do not submit export-controlled, classified, protected health, or other highly sensitive regulated information through consumer Services unless we have agreed in writing that the Service supports it.
4. AI and third-party processing
Certain Services may use third-party AI or infrastructure providers.
Where supported by provider terms and configuration, Bacenik may configure providers to:
- limit retention of submitted content;
- opt out of model-training use of customer content (where offered);
- reduce unnecessary human review and restrict logging beyond operational needs.
Provider practices vary by vendor, region, tier, and configuration. Bacenik does not guarantee that a third party will never retain, inspect, or process information beyond our intended configuration.
SpendClear pilot: AI features are not enabled in the current SpendClear build. See Section 19.
5. How we use information
We may use information to:
- provide, operate, and maintain the Services;
- authenticate users and manage accounts (where applicable);
- improve reliability, performance, and security;
- detect abuse, fraud, or security incidents;
- respond to support and privacy requests;
- comply with law and enforce our terms;
- process payments and subscriptions (where applicable);
- develop and improve product functionality using aggregated or de-identified insights where permitted.
We do not sell personal information for monetary compensation. We do not use personal information for cross-context behavioral advertising as defined under applicable California law.
Legal bases (EEA/UK): Where GDPR applies, we rely on contract performance, legitimate interests (e.g., security and operation), consent where required, and legal obligation.
6. Cookies, local storage, and similar technologies
Depending on configuration, we and providers may use cookies, local storage, session identifiers, analytics, or telemetry to deliver, secure, remember preferences, understand usage (where enabled), and diagnose issues. You may control some settings in your browser or device.
7. Data retention
We retain information only as long as reasonably necessary for operational, legal, security, or support purposes.
| Category | Typical retention |
|---|---|
| Support and privacy emails | Up to 24 months |
| Error and infrastructure logs | 30–90 days |
| Analytics (where enabled) | 12–24 months |
| Security monitoring logs | As needed for security operations |
| Temporary server-side exports | Short-term, then deleted |
| Backup systems | Rolling encrypted cycles |
On-device data remains until you delete it, clear site data, or uninstall—unless a Service syncs to the cloud.
8. Data security
We use reasonable administrative, technical, and organizational safeguards, which may include encryption in transit (TLS), access controls, monitoring, and vendor requirements. No method of storage or transmission is completely secure; we do not guarantee absolute security or uninterrupted operation.
9. International transfers
Information may be processed in the United States and other countries where we or providers operate. Where required, we use appropriate safeguards for transfers from the EEA/UK (such as standard contractual clauses).
10. California privacy rights (CCPA/CPRA)
California residents may have rights to access, delete, correct, and obtain a portable copy of personal information, and to limit certain uses, subject to exceptions. We do not sell personal information for monetary compensation or knowingly share it for cross-context behavioral advertising as defined under applicable California law.
Submit requests to info@bacenik.com. We may verify your request before responding.
11. GDPR and international rights
Depending on applicable law, you may have rights to access, correct, delete, object to or restrict processing, portability, withdraw consent, and complain to a supervisory authority. Contact info@bacenik.com. Information stored only on your device may require in-product export or clear controls.
12. Children's privacy
The Services are not directed to children under 16, or the higher minimum age required in your jurisdiction. We do not knowingly collect children's information in violation of applicable law. Contact info@bacenik.com if you believe a child has provided information to us.
13. Export, access, and deletion
Where supported, you may export data in-product, request access or deletion of information we hold, or clear local data in settings. Some information cannot be deleted immediately due to legal obligations, backups, fraud prevention, or security investigations.
14. Vendors and subprocessors
We use third-party vendors. Categories may include:
| Category | Purpose | Examples (configuration-dependent) |
|---|---|---|
| Hosting & CDN | Deliver websites and apps | Vercel, Inc. |
| AI processing | AI features (where enabled) | e.g., OpenAI or equivalent |
| Payments | Subscriptions (where enabled) | Payment processors |
| Analytics | Usage measurement (where enabled) | Analytics platforms |
| Authentication | Accounts (where enabled) | Identity providers |
| Exchange rates (display only) | Presentation currency conversion when enabled | Frankfurter API (ECB reference rates) and ExchangeRate-API open access (regional pairs including Nigeria, Ghana, Kenya) |
SpendClear pilot (current): Vercel, Inc. (United States) for hosting; when you choose a display currency different from your home currency, SpendClear may request reference exchange rates (ECB via Frankfurter and regional pairs via ExchangeRate-API; no purchase amounts are sent — only currency codes). See Section 19.
15. Professional guidance disclaimer
Service outputs are informational unless we agree otherwise in writing. The Services do not provide legal, medical, financial, tax, investment, or compliance certification advice. You remain responsible for your decisions and professional consultation where required.
16. Policy changes
We may update this policy. We will change the Last updated date and, where appropriate, provide in-app or website notice for material changes.
17. Contact
Privacy requests and data-subject rights: info@bacenik.com
General product questions: info@bacenik.com
Both addresses currently route to the same operational inbox. Please include "Privacy request — SpendClear" in the subject line for privacy requests so we can respond promptly.
18. Important limitation
This policy is an operational disclosure and does not create contractual guarantees or security warranties beyond those required by law. Qualified legal counsel should review this policy before enterprise, regulated-industry, or large-scale deployment.
19. Product schedule — SpendClear (pilot)
This schedule applies to the SpendClear web application during the pilot phase. It supplements Sections 1–18 and controls for SpendClear where stated.
19.1 What SpendClear is
SpendClear provides educational, rule-based purchase-clarity signals from information you enter. It is not a bank, lender, or financial advisor. See the Financial disclaimer.
19.2 Pilot configuration
| Capability | SpendClear pilot |
|---|---|
| User accounts | Not offered |
| Bank / card connectivity | Not offered |
| AI processing of your inputs | Not offered |
| Payment / subscriptions in-app | Not offered |
| Push notifications | Not offered (preference may be saved locally only) |
| Cross-context behavioral ads | Not used |
| Sale of personal information | Does not occur |
| Live display FX (optional) | When display currency ≠ home currency, rates from Frankfurter/ECB and ExchangeRate-API for formatting only; scoring uses entered home-currency numbers |
| Smart Scan (trial, opt-in) | Device camera, on-device barcode reading (where the browser supports it), and on-device OCR to suggest a purchase amount; no image upload or storage; default off in Settings |
| Basket Scan (preview, opt-in) | Same on-device camera/barcode/OCR pipeline to suggest price and a best-effort item name while you build a basket total; frames not uploaded; you confirm each line. With a valid pilot code, optional trip tax rate you choose (stored on device with your basket; not sent to our server for lookup) |
19.3 Information on your device
In the default pilot, the following may be stored in your browser (local storage) and are not synced to Bacenik databases:
- financial guardrails (income, obligations, optional savings);
- purchase check inputs, results, and timestamps;
- appearance and display settings;
- optional private notes and in-app clarity feedback you save;
- reminder preference (local only);
- Smart Scan trial preference (local only, if you enable it).
Your controls: Settings → Export my data and Clear all local data.
19.4 Hosting, display FX, and email
When you load SpendClear from our deployment, Vercel, Inc. may process technical data (e.g., IP address, user agent) to deliver and secure the site. Bacenik does not receive your purchase amounts or guardrail numbers in normal pilot operation. If you email us at info@bacenik.com, we process your message and email address to respond.
If you set a display currency different from your home currency, the app may fetch reference exchange rates through our server route to Frankfurter (ECB data) and ExchangeRate-API (open access, including Nigeria NGN, Ghana GHS, and Kenya KES). Requests include currency pair codes and standard request metadata — not your entered amounts. Rates are cached briefly on your device for offline display; stale rates are labeled in the UI. Scenario scores always use your home-currency inputs.
If you enable Smart Scan (trial) or use Basket Scan (preview), the app may request camera access to read a barcode and/or price tag. Processing uses the browser's barcode APIs (where available) and on-device OCR (Tesseract.js). Camera frames are not uploaded to Bacenik, not stored after recognition, and not used for advertising. Detected amounts and item names are suggestions only — you confirm or edit before a check or basket line is added; scoring is unchanged. With a pilot code, an optional trip tax rate you select is applied on-device to your basket subtotal (not a server tax lookup; not your receipt).
19.5 Cookies and storage
SpendClear uses local storage for functionality. The pilot does not use advertising cookies or third-party analytics platforms. Essential hosting logs may still be generated as in 19.4.
19.6 Retention (SpendClear pilot)
| Data | Retention |
|---|---|
| On-device SpendClear data | Until you export, clear, or remove site data |
| Support / privacy emails | Up to 24 months unless longer required by law |
| Vercel hosting logs | Per Vercel's policies (typically limited rolling periods) |
19.7 Your rights
On-device data: use in-app Export and Clear. Other requests: info@bacenik.com.
19.8 Related documents
Terms of Service · Financial disclaimer
© 2026 Bacenik LLC. All rights reserved.