Privacy Policy

Protection of your personal data

Last updated: January 2026

1

Introduction

Bonova, developed by Bynovate Technology LLC, is committed to protecting the privacy of your personal data.

This policy explains how we collect, use, store and protect your information in accordance with the General Data Protection Regulation (GDPR) and applicable laws.

Data Controller:

Bynovate Technology LLC

Director: Jeff Valbrun

Contact: administration@bynovate.com

Phone: +1 849 499 7077

2

Data Collected

We collect the following categories of data:

Identification data:

  • Full name
  • Email address
  • Phone number
  • Profile picture (optional)

Location data:

  • Delivery address
  • City and postal code
  • Country of residence

Transaction data:

  • Purchase history
  • BNV Points balance
  • Payment methods used

Technical data:

  • Device type
  • IP address
  • Session identifiers
  • Cookie data
3

Purpose of Processing

Your data is used for:

Account management:

  • Account creation and maintenance
  • Authentication and security
  • Password recovery

Delivery services:

  • Order processing
  • Coordination with delivery drivers
  • Delivery tracking

Loyalty program:

  • BNV Points management
  • Rewards calculation
  • Personalized offers

Communications:

  • Service notifications
  • Transaction confirmations
  • Marketing (with your consent)

Service improvement:

  • Anonymized usage analysis
  • User experience improvement
  • Fraud detection
4

Legal Basis for Processing

We process your data on the following legal bases:

Contract execution:
Processing is necessary to provide our services (orders, deliveries, loyalty program).

Consent:
For marketing communications and non-essential cookies. You can withdraw your consent at any time.

Legitimate interest:
For fraud prevention, platform security and service improvement.

Legal obligation:
To meet tax and regulatory requirements.

5

Data Retention Period

Your data is retained for the following periods:

  • Account data: For the duration of your relationship with us + 3 years after account closure.
  • Transaction data: 10 years (legal accounting obligation).
  • Marketing data: 3 years after your last active contact.
  • Technical data: Maximum 13 months for cookies.

After these periods, your data is deleted or irreversibly anonymized.

6

Data Recipients

Your data may be shared with:

Service partners:

  • Payment processors
  • Partner delivery services
  • Cloud hosting (Google Firebase)

Authorized personnel:

  • Customer support team
  • Technical team
  • Management (restricted access)

Authorities: Only upon legal request.

Important: We never sell your data to third parties. All our partners are contractually bound to respect the confidentiality of your data.

7

International Transfers

Your data may be transferred to:

United States:

  • Google Firebase servers
  • Analytics services

These transfers are governed by:

  • Standard contractual clauses of the European Commission
  • Compliance certifications (e.g., SOC 2)

We ensure that all appropriate safeguards are in place to protect your data in accordance with GDPR.

8

Your Rights

Under GDPR, you have the following rights:

  • Right of access: Obtain a copy of your personal data.
  • Right to rectification: Correct inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data ("right to be forgotten").
  • Right to restriction: Restrict processing of your data.
  • Right to portability: Receive your data in a structured format.
  • Right to object: Object to processing on legitimate grounds.

To exercise your rights:

Email: administration@bynovate.com

Phone: +1 849 499 7077

Response time: Maximum 30 days.

9

Cookies and Trackers

Our application uses cookies:

Essential cookies (mandatory):

  • Session authentication
  • Security
  • User preferences

Analytical cookies (with your consent):

  • Google Analytics (anonymized)
  • Firebase Analytics

You can manage your cookie preferences in the app settings.

Cookie retention period: Maximum 13 months.

10

Data Security

We implement robust security measures:

Encryption:

  • Data in transit: TLS 1.3
  • Data at rest: AES-256

Infrastructure:

  • Google Cloud hosting (ISO 27001 certified)
  • Firewall and DDoS protection
  • Daily encrypted backups

Access:

  • Two-factor authentication for team
  • Principle of least privilege
  • Access logging

In case of data breach, we will notify you within 72 hours in accordance with GDPR.

11

Policy Changes

This policy may be updated to reflect:

  • Changes in our practices
  • New legal requirements
  • Service improvements

In case of substantial changes:

  • Email notification
  • In-app notification
  • Update of revision date

We encourage you to regularly review this policy. Last update date visible at the top of this document.

12

Contact and Complaints

For any questions regarding your data:

Main contact: administration@bynovate.com

Phone: +1 849 499 7077

Address:
Bynovate Technology LLC
Santo Domingo, Dominican Republic

Complaint to an authority:
If you believe your rights have not been respected, you can file a complaint with the data protection authority in your country of residence.

We commit to responding to any request within 30 days.