1. Controller details
BITMESH LTD. is the controller for Remapdb account, billing, marketing, website, security, support, and platform administration data. Company number: 204530788. VAT number: BG204530788. Address: 11 Studentska str., floor 2, Varna 9000, Bulgaria.
Contact us at [email protected] for privacy requests or questions.
2. When Remapdb is controller and processor
Remapdb is usually the controller when we manage your Remapdb account, subscription, billing profile, support request, email preferences, website visit, security logs, and platform operations.
Remapdb is usually a processor when we process quote requests and widget visitor interactions on behalf of a Remapdb customer using the widget on its own website. In that case, the customer is usually the controller for its website visitors and quote leads.
3. Data we process
- Account data: name, email, password hash, company details, language, timezone, login status, and team member data.
- Billing data: billing address, country, VAT/tax data, subscription plan, Stripe customer/subscription IDs, invoices, payment status, and tax calculation details.
- Widget data: widget ID, allowed domains, branding settings, language and unit preferences, SEO templates, API keys, and feature settings.
- Quote data: quote requester name, email, phone, location, registration number, VIN, selected vehicle, selected service/options, dealer choice, message, captcha result, and quote log metadata.
- Support data: request category, message, attachments, account context, diagnostic details, and support history.
- Technical and security data: IP address, browser/device data, referrer, access logs, session identifiers, CSRF data, cookies, security events, and bot-protection signals.
- Marketing data: email preferences, campaign categories, subscription status, and basic contact details.
4. Purposes and legal bases
- Contract: to create accounts, provide subscriptions, operate widgets, deliver API access, process quote workflows, provide support, and manage billing.
- Legal obligation: to keep accounting and tax records, respond to lawful requests, and comply with applicable legal duties.
- Legitimate interests: to secure the platform, prevent abuse, validate domains, maintain logs, improve reliability, debug issues, and understand product usage.
- Consent: to send optional marketing emails and use non-essential cookies where consent is required.
- Processor instructions: to process widget visitor and quote data on behalf of customers under the Data Processing Addendum.
5. Cookies and similar technologies
We use essential cookies and similar technologies for sessions, authentication, CSRF protection, language preferences, widget language preferences, security, and service operation. Optional analytics or marketing cookies are used only where enabled and where legally permitted.
See the Cookie Policy for more detail.
6. Sharing with third parties
We use service providers that help operate Remapdb, including payment, hosting, storage, email, bot protection, geolocation, support, monitoring, and infrastructure providers.
Important providers include Stripe for payments and billing, AWS S3 for file storage, MailGlyph for email marketing where enabled, Cloudflare Turnstile and Google reCAPTCHA for bot protection, and MaxMind for IP geolocation.
7. International transfers
Some providers may process data outside the European Economic Area. Where required, we use appropriate transfer safeguards such as adequacy decisions, standard contractual clauses, or other mechanisms permitted by GDPR.
8. Retention
- Account data is kept while the account exists and for a limited period after closure where needed for legal, security, or dispute purposes.
- Billing and tax records are kept for the applicable statutory accounting and tax retention periods.
- Quote data is kept for the period needed to provide the service to the customer, unless deletion is requested or a longer period is required by law or legitimate security needs.
- Support data and attachments are kept while needed to resolve requests and maintain support history.
- Security logs are kept for a limited period unless needed to investigate abuse, fraud, or security incidents.
- Marketing preferences are kept until changed or withdrawn, and suppression records may be retained to respect opt-outs.
9. Your rights
Subject to GDPR conditions, you may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may also object to direct marketing at any time.
If your data was submitted through a customer's widget, please contact that customer first because they are usually the controller. We will help our customer respond where Remapdb acts as processor.
10. Complaints
You may contact us first so we can try to resolve the issue. You may also lodge a complaint with the Bulgarian Commission for Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, or with another competent EU supervisory authority.
11. Children and changes
Remapdb is a professional business platform and is not intended for children.
We may update this policy from time to time. The latest version will be posted on this page.