Privacy Policy

PCIM Solutions Pty Ltd (ABN 64 156 234 089), trading as BiziBakes ("BiziBakes", "we", "us", "our") operates an Australian software-as-a-service platform that helps cake decorators and small baking businesses build, host, and manage websites, enquiries, orders, and related online business workflows (the "Platform").

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in connection with the Platform. We handle personal information in accordance with this Policy and, where applicable, the Australian Privacy Principles contained in the Privacy Act 1988 (Cth).

This Policy applies to:

• Subscribers - cake decorators and small baking businesses who create an account or subscribe to the Platform; and

• End Customers - people who visit a Subscriber Website, place an order, submit an enquiry, upload a file, or otherwise interact with a Subscriber through the Platform.

BiziBakes is responsible for personal information we collect directly from Subscribers, such as account registration details, billing records, support communications, and Platform administration information.

When a Subscriber uses the Platform to collect personal information from End Customers, the Subscriber decides what information to collect, why it is collected, how it is used, and what notices or consents are required. BiziBakes handles that information to provide, secure, support, and improve the Platform on behalf of the Subscriber.

End Customers should usually contact the relevant Subscriber first about orders, enquiries, privacy notices, consents, access requests, correction requests, or deletion requests relating to their information on a Subscriber Website. If an End Customer contacts us directly, we may refer the request to the relevant Subscriber or assist where reasonably practicable.

Subscribers are responsible for their own business operations and legal compliance, including privacy notices, customer consents, consumer law obligations, food safety obligations, tax obligations, product information, order fulfilment, and customer service.

When a Subscriber creates an account, uses the Platform, or contacts us, we may collect:

• name, email address, phone number, and other contact details;

• business name, business address, ABN, and other business details provided to us;

• account credentials and authentication information;

• billing, subscription, and payment status information, including limited information received from Stripe;

• Stripe Connect account identifiers and payment configuration details;

• website settings, content, images, files, order settings, enquiry settings, and other information entered into the Platform;

• support requests, feedback, and communications with us; and

• technical and usage information associated with the Subscriber account.

End Customers may provide personal information to Subscriber Websites hosted on the Platform. Depending on how the Subscriber uses the Platform, this may include:

• name, email address, phone number, delivery or pickup details, and other contact details;

• order, enquiry, booking, or quote request details;

• messages submitted through forms or other customer communication tools;

• uploaded files, such as images provided for design inspiration or order context; and

• payment status and transaction reference information received from Stripe, but not full card details.

When you use the Platform or visit a Subscriber Website, we may collect technical information such as:

• IP address and approximate location derived from it;

• browser, device, operating system, and referring page information;

• pages accessed, timestamps, request information, and error information; and

• security, abuse-prevention, and performance logs.

We use personal information for the purposes for which it was collected and related purposes you would reasonably expect, including to:

• provide, maintain, secure, and improve the Platform;

• create and manage Subscriber accounts;

• host and operate Subscriber Websites;

• process subscriptions and billing through Stripe;

• support Stripe Connect features for Subscribers who choose to accept online payments;

• store, display, and deliver Subscriber content, End Customer submissions, uploaded images, and files;

• send transactional and service-related messages, such as account notices, order confirmations, and support responses;

• provide AI-assisted content features where a Subscriber chooses to use them;

• detect, investigate, and prevent misuse, fraud, security incidents, and unlawful activity;

• enforce our Terms and Conditions and other Platform rules;

• comply with legal, accounting, tax, dispute resolution, and regulatory obligations; and

• generate aggregated or de-identified information to understand and improve the Platform.

We use cookies and similar technologies where needed for authentication, session management, security, preferences, and core Platform functionality. You can manage cookies through your browser settings, but disabling essential cookies may affect the operation of the Platform or Subscriber Websites.

BiziBakes does not use advertising tracking pixels by default. Subscribers may choose to add their own third-party tools or tracking technologies to their Subscriber Websites. The Subscriber is responsible for any privacy notices, consents, and compliance obligations associated with those tools.

We may send direct marketing communications to Subscribers only where we have consent or are otherwise permitted by law. Marketing may include information about BiziBakes features, updates, offers, or related services.

Each marketing email will include an unsubscribe option where required. You can also opt out by contacting us using the details in Section 19. We will honour unsubscribe requests within 5 business days.

Opting out of marketing does not stop transactional, account, security, billing, or service-related messages that are reasonably necessary for the operation of your account or the Platform.

The Platform may include AI-assisted features that help Subscribers draft, refine, or generate website content or business copy. When a Subscriber uses these features, prompts, inputs, context, and outputs may be processed by AI service providers only to provide the requested feature and support the operation, safety, and reliability of that feature.

Subscribers should avoid entering sensitive personal information into AI-assisted features unless it is necessary for the task. Subscribers are responsible for reviewing, editing, and approving AI-generated content before publishing or using it.

AI-generated content may be inaccurate, incomplete, or unsuitable for a particular use. BiziBakes does not guarantee the accuracy, originality, legality, or suitability of AI-generated content.

We may disclose personal information to trusted third-party service providers who help us operate the Platform. These providers may include:

• hosting providers;

• database providers;

• file storage providers;

• email delivery providers;

• analytics providers;

• payment processors, including Stripe;

• security providers;

• customer support and operational providers; and

• AI service providers.

We take reasonable steps to select reputable providers and require them to handle personal information consistently with applicable privacy and confidentiality obligations. Some providers may also handle personal information under their own privacy policies where they provide services directly to you or to a Subscriber.

BiziBakes uses Stripe for payment processing. We do not store full payment card details.

Subscriber billing is processed through Stripe. We may receive limited billing information from Stripe, such as customer identifiers, subscription status, transaction status, card brand, and the last four digits of a payment card.

Subscribers who accept online payments through the Platform may connect their own Stripe account using Stripe Connect. When an End Customer pays a Subscriber, Stripe processes the payment and the payment relationship is between the End Customer and the Subscriber through the Subscriber's Stripe account. BiziBakes is not the merchant of record for Subscriber sales and does not receive full payment card details.

Stripe's privacy policy, available at stripe.com/privacy, explains how Stripe handles payment information.

The Platform allows Subscribers and End Customers to upload files, including images. Uploaded files may be stored and delivered using file storage providers, hosting providers, and content delivery services.

Subscribers are responsible for ensuring they have appropriate rights, permissions, and consents for content uploaded to the Platform, including content uploaded by End Customers. We may remove content that breaches our Terms and Conditions, our acceptable use requirements, or applicable law.

We use cloud-based providers to operate the Platform. Personal information may be stored, accessed, or processed outside Australia where our providers or support personnel are located.

It is not always practicable to list every country where personal information may be processed. Where practicable, likely countries or regions include Australia, the United States, the United Kingdom, the European Union or European Economic Area, Singapore, and other locations where our providers maintain services or support operations.

Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles the information consistently with this Policy and applicable privacy obligations.

BiziBakes is operated from Australia and is intended primarily for Australian cake decorators and small baking businesses. If you access the Platform from outside Australia, you acknowledge that your personal information may be handled in Australia and in the other countries or regions described in this Policy.

If privacy laws outside Australia apply to a particular Subscriber or End Customer interaction, the relevant Subscriber is responsible for ensuring its own collection and use of End Customer information complies with those laws. We will assist Subscribers where reasonably practicable in relation to requests we receive about information processed through the Platform.

We keep personal information for as long as reasonably needed for the purposes described in this Policy, including to provide the Platform, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, and protect the security and integrity of the Platform.

Subscriber account and billing information is generally retained while the account is active and for a reasonable period after closure where needed for legal, accounting, tax, audit, dispute, or legitimate business purposes.

End Customer information collected through a Subscriber Website is retained according to the Subscriber's use of the Platform, the Subscriber's instructions, our Terms and Conditions, and applicable legal requirements.

If information is deleted from active systems, copies may remain in backups or logs for a limited period until they are overwritten, expired, or no longer reasonably needed. Aggregated or de-identified information that cannot reasonably identify an individual may be retained and used indefinitely.

We use reasonable technical and organisational measures designed to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These measures may include encryption in transit, access controls, authentication controls, monitoring, logging, security testing, and provider security controls.

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we work to maintain safeguards that are appropriate for the nature of the information we handle.

If we become aware of a data breach involving personal information, we will take reasonable steps to contain the breach, assess its likely impact, and reduce the risk of harm.

Where required under the Notifiable Data Breaches scheme in the Privacy Act, we will notify the Office of the Australian Information Commissioner and affected individuals as soon as practicable. Where a breach affects End Customer information handled for a Subscriber, we may notify and assist the relevant Subscriber so they can assess and meet their own obligations.

You may contact us to request access to personal information we hold about you, request correction of inaccurate, incomplete, or out-of-date information, or request deletion of personal information where deletion is available under applicable law.

We may need to verify your identity before responding. We will respond within a reasonable period and may refuse a request where permitted by law, such as where access would unreasonably affect another person's privacy, the request is frivolous or vexatious, or we are required to retain information for legal reasons.

If you are an End Customer, you should usually contact the relevant Subscriber first because the Subscriber controls the customer relationship and the context in which your information was collected. If you contact us directly, we may need to involve the Subscriber to handle the request.

Subscriber Websites are operated by the relevant Subscriber, not by BiziBakes as the seller of cakes, baked goods, or related services. Each Subscriber is responsible for the products and services they offer, their customer communications, their privacy notices, and their handling of End Customer information.

BiziBakes provides the technology platform used by Subscribers. We do not routinely review or approve each Subscriber's privacy notices, customer communications, product descriptions, or order handling practices.

If you believe we have mishandled your personal information or breached this Policy, please contact us using the details in Section 19 and include enough information for us to understand and investigate your complaint.

We will acknowledge your complaint within a reasonable period and aim to respond within 30 days. If we need more time, we will let you know.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au.

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of personal information, please contact us:

PCIM Solutions Pty Ltd

ABN 64 156 234 089

Trading as BiziBakes

Email: privacy@bizibakes.com

Address: PO Box 667, Winston Hills NSW 2153 Australia