Privacy Policy

Last updated: March 11, 2026

Buzz5 d.o.o. ("Buzz5", "we", "us", "our") operates the buzz5.app platform. Buzz5 is a software-as-a-service review and reputation management tool that helps service businesses send personalized aftercare messages, collect customer feedback, and manage their online reputation.

This Privacy Policy explains how we collect, use, store, share, and protect personal information when:

• Service businesses ("Business Users") use Buzz5 to manage their customer communications and reviews.
• Customers of those businesses ("End Customers") receive aftercare messages, provide feedback, or otherwise interact with communications sent through Buzz5.

If you have any questions about this Privacy Policy, you can contact us at info@buzz5.app.

1. Information We Collect

1.1 Information from Business Users

When you create a Buzz5 account and use our platform, we collect:

• Account information: Name, email address, and password.
• Business details: Shop or business name, address, industry type, and configuration preferences.
• Billing information: Payment details are collected and processed by Stripe. We do not store your full credit card number. We receive from Stripe your card brand, last four digits, and billing address for record-keeping.
• Usage data: How you interact with the Buzz5 dashboard, features used, and settings configured.

1.2 Information About End Customers

When a Business User uses Buzz5 to communicate with their customers, we process the following End Customer information on the Business User's behalf:

• Contact details: Name and email address.
• Service information: Vehicle or equipment details, service history, and visit records relevant to the services performed by the Business User.
• Communication data: Communication preferences, opt-out status, messages sent and received through the platform, and any replies or feedback provided.
• Feedback data: Star ratings (1–5), sentiment responses, and any comments submitted through the feedback system.

1.3 Automatically Collected Information

When you visit buzz5.app or interact with emails sent through the platform, we may automatically collect:

• IP address and approximate geographic location.
• Browser type, version, and operating system.
• Pages visited, time spent on pages, and navigation patterns.
• Device identifiers and screen resolution.
• Referring URLs and search terms used to reach our site.
• Email open and click-through data.

2. How We Collect Information

We collect information through the following means:

• Directly from Business Users: When you register an account, set up your business profile, configure services, or import customer data into Buzz5.
• From End Customers: When End Customers interact with aftercare messages, submit feedback ratings, reply to communications, or opt out of messaging.
• Automatically: Through cookies, server logs, and similar technologies when you use our website or interact with emails sent through Buzz5 (see Section 9 — Cookies and Tracking).
• From third-party services: Payment confirmation data from Stripe, and email delivery status data from Infobip.

3. How We Use Information

We use the information we collect for the following purposes:

• Aftercare messaging: Sending personalized follow-up emails to End Customers after service visits with care tips, instructions, and helpful information. Customer names and service details are sent to OpenAI to generate personalized aftercare message content.
• Feedback collection: Collecting customer satisfaction ratings through a star-based feedback system (1–5 stars).
• Review solicitation: Routing happy customers (those who rate 4–5 stars) to leave a public review on Google Reviews.
• Private feedback handling: Routing unhappy customers (those who rate 1–3 stars) to a private conversation with the Business User, so the business can address concerns directly.
• Service communication: Facilitating replies and ongoing communication between Business Users and their End Customers.
• Email delivery: Sending emails through our email delivery provider (Infobip) on behalf of Business Users.
• Billing and subscriptions: Processing subscription payments, managing plan limits, and maintaining billing records through Stripe.
• Analytics and reporting: Providing Business Users with insights about response rates, customer satisfaction trends, and messaging performance.
• Platform operation: Maintaining, improving, and securing the Buzz5 platform, troubleshooting issues, and providing customer support.
• Legal compliance: Complying with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases to process personal data:

• Performance of a contract (Article 6(1)(b)): Processing Business User data is necessary to provide the Buzz5 service as agreed in our Terms of Service. This includes account management, billing, and delivering the core platform features.
• Legitimate interests (Article 6(1)(f)): We process End Customer data on behalf of Business Users based on the legitimate interest of the Business User in communicating with their customers for aftercare and reputation management. Our legitimate interests also include improving the platform, ensuring security, and preventing fraud. We balance these interests against the rights of individuals and provide easy opt-out mechanisms.
• Consent (Article 6(1)(a)): Where required, we obtain consent for specific processing activities such as sending marketing communications or placing non-essential cookies. You may withdraw consent at any time.
• Legal obligation (Article 6(1)(c)): We process certain data to comply with legal obligations, such as tax and accounting requirements for billing records.

With respect to End Customer data, Business Users act as data controllers and Buzz5 acts as a data processor. Business Users are responsible for ensuring they have an appropriate legal basis for sharing their customers' data with Buzz5 and for the communications sent through our platform.

5. Data Sharing and Third Parties

We do not sell personal data. We share personal data only with the following categories of third-party service providers, and only to the extent necessary to operate the Buzz5 platform:

• Infobip (email delivery): End Customer names and email addresses are shared with Infobip to deliver aftercare messages, feedback requests, and other communications on behalf of Business Users. Infobip processes this data as a sub-processor. Infobip Privacy Notice.
• OpenAI (AI content generation): End Customer names, service details (such as vehicle information and service type), and the Business User's shop name are sent to OpenAI's API to generate personalized aftercare message content. OpenAI processes this data under their API data usage policy and does not use API inputs to train their models. OpenAI Privacy Policy.
• Stripe (payment processing): Business User billing information, including payment card details, name, and billing address, is collected and processed directly by Stripe to manage subscriptions and process payments. Buzz5 does not have access to full card numbers. Stripe Privacy Policy.
• Hetzner (hosting): All platform data is stored on servers provided by Hetzner, located in the European Union. Hetzner acts as an infrastructure provider and does not access the content of stored data. Hetzner Privacy Policy.
• Laravel Forge (server management): We use Laravel Forge to manage and deploy our server infrastructure. Forge may have limited access to server configuration data. Forge Privacy Policy.

We may also share personal data when required by law, to enforce our Terms of Service, to protect our rights, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified of any change in data controller).

6. International Data Transfers

Buzz5 is operated by Buzz5 d.o.o., based in Slovenia (EU). Our primary hosting infrastructure is provided by Hetzner and is located within the European Union.

However, some of our third-party service providers are based in the United States, which means personal data may be transferred outside the European Economic Area (EEA):

• OpenAI (United States): Customer names and service details included in AI content generation requests are processed by OpenAI's servers, which may be located in the US.
• Stripe (United States): Payment and billing data is processed by Stripe, which operates globally with servers in the US and EU.

For these transfers, we rely on appropriate safeguards as required by GDPR, which may include the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or other approved transfer mechanisms. You may request a copy of the relevant safeguards by contacting us at info@buzz5.app.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:

• Business User account data: Retained for as long as the account is active. When a Business User deletes their account, we delete their account data within 30 days, except where retention is required by law.
• End Customer data: Retained for as long as the associated Business User maintains an active Buzz5 account. When a Business User closes their account, all associated End Customer data is deleted within 30 days.
• Billing records: Transaction and invoice data may be retained for up to 10 years to comply with tax and accounting obligations.
• Server logs: Automatically collected technical data (IP addresses, access logs) is retained for up to 90 days for security and debugging purposes.
• Opted-out End Customers: When an End Customer opts out of messaging, we retain a minimal record (email address and opt-out status) to ensure we honor the opt-out preference. All other personal data for that customer is deleted upon request.

8. Your Rights

8.1 Rights Under GDPR (EEA Residents)

If you are located in the European Economic Area, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request that we correct any inaccurate or incomplete personal data.
• Right to erasure: You can request that we delete your personal data, subject to legal retention obligations.
• Right to data portability: You can request to receive your personal data in a structured, commonly used, machine-readable format.
• Right to restriction of processing: You can request that we restrict the processing of your personal data in certain circumstances.
• Right to object: You can object to the processing of your personal data where we rely on legitimate interests as our legal basis.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. For Slovenia, the supervisory authority is the Information Commissioner (Informacijski pooblaščenec) at www.ip-rs.si.

8.2 How to Exercise Your Rights

To exercise any of the above rights, please contact us at info@buzz5.app. We will respond to your request within 30 days.

End Customers: If you are an End Customer who received a message through Buzz5 and wish to exercise your rights, you may contact us directly or contact the Business User who sent you the communication. If you contact us, we will work with the relevant Business User to fulfill your request. You can also opt out of future messages at any time by using the unsubscribe link included in every email.

9. Cookies and Tracking

Buzz5 uses cookies and similar tracking technologies on the buzz5.app website. We use the following types of cookies:

• Essential cookies: Required for the platform to function properly, including session management and authentication. These cookies cannot be disabled.
• Analytics cookies: Used to understand how visitors interact with buzz5.app, helping us improve the platform. These are only set with your consent.

Emails sent through Buzz5 may include tracking pixels to measure open rates and click-through rates. This data is reported in aggregate to Business Users and is used to improve the effectiveness of aftercare messaging.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the platform.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• All data is transmitted over encrypted connections (TLS/HTTPS).
• Passwords are hashed using industry-standard algorithms and are never stored in plain text.
• Access to production systems is restricted to authorized personnel only.
• Data is stored on EU-based servers provided by Hetzner with physical and network security controls.
• Regular backups are maintained to ensure data availability and recovery.

While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

11. Children's Privacy

Buzz5 is a business-to-business service and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at info@buzz5.app.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and notify Business Users by email or through a notice on the Buzz5 dashboard. We encourage you to review this Privacy Policy periodically. Your continued use of Buzz5 after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us:

Buzz5 d.o.o.

Email: info@buzz5.app

Website: buzz5.app