privacy policy
how Bit102 LLC collects, uses, and protects your personal data
last updated: 21 may 2026, GDPR compliant, lead authority: CPDP Bulgaria
Bit102 LLC — Data Controller
48 Vitosha Blvd, Sofia 1000, Bulgaria
Contact: bit102.com/contact
Website: https://www.bit102.com
This Privacy Policy applies to all websites, landing pages, product pages, quiz funnels, lead magnets, tripwires, and other digital properties operated by Bit102 LLC — regardless of the URL under which they are hosted — as all such properties are operated by the same legal entity.
Bit102 LLC is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian data protection law, as enforced by the Commission for Personal Data Protection (CPDP) of Bulgaria, which is our lead supervisory authority.
This policy explains what personal data we collect, why we collect it, how we use it, how long we retain it, and what your rights are.
3.1 data you provide directly
When you interact with our websites, forms, quizzes, lead magnets, or tripwires, we may collect:
- Email address
- Name (first and/or last, where provided)
- Any other information you voluntarily submit through our forms or quiz responses
3.2 data collected automatically
When you visit our websites, we or our service providers may automatically collect:
- IP address
- Browser type and version
- Device type
- Pages visited and time spent on pages
- Referring URLs
This data is used for analytics and security purposes and is typically collected via cookies or similar tracking technologies.
3.3 data collected during a purchase
When you purchase a product or service through our platform, transaction data (such as your email address, billing name, and purchase details) is processed by our third-party payment and e-commerce provider. We receive a subset of this data — typically your email address and purchase confirmation — to fulfil your order and provide after-sale support. We do not store full payment card details.
We only process your personal data where we have a valid legal basis under GDPR Article 6:
Consent (Article 6(1)(a)): Where you have actively opted in to receive email marketing communications from us — for example by subscribing through a lead magnet, quiz, tripwire, or sign-up form. You may withdraw your consent at any time (see Section 9).
Contract (Article 6(1)(b)): Where processing is necessary to fulfil a purchase you have made or to provide a product or service you have requested.
Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate business interests — such as fraud prevention, improving our services, and maintaining the security of our systems — provided these interests are not overridden by your rights and freedoms.
Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject.
We use personal data for the following purposes:
- Sending you email marketing communications you have opted in to receive, including newsletters, product updates, promotions, and educational content
- Processing and fulfilling product or service purchases
- Providing customer support
- Sending transactional emails related to your purchases or account activity
- Improving our websites, funnels, and products through analytics
- Complying with legal and regulatory obligations
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on you (GDPR Article 22).
Our use of artificial intelligence is limited to internal operational and business functions. AI systems used by Bit102 LLC do not process personal data about our contacts or customers.
6.1 service providers
We share personal data with trusted third-party service providers who assist us in operating our business:
E-commerce & Payment Processing: We use a third-party platform to process product sales and payments. When you make a purchase, your transaction data is processed by that platform under its own privacy policy. We receive limited data (such as your email address and purchase record) necessary to deliver and support what you have purchased.
Customer Relationship Management (CRM): We use a third-party CRM platform to store and manage contact information, including email addresses and purchase history. This platform processes data on our behalf as a data processor under a Data Processing Agreement (DPA).
Email Marketing Platform: We use a third-party email service provider to send marketing and transactional emails. Your email address and name (if provided) are stored with this provider for the purposes of sending communications.
Analytics: We may use third-party analytics tools to understand how visitors interact with our websites. These tools may use cookies to collect aggregated data.
6.2 legal disclosures
We may disclose personal data where required by law, court order, or in response to a valid request from a competent authority.
6.3 no sale of personal data
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
Some of our third-party service providers may be based outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- An adequacy decision covering the recipient country
- Other appropriate safeguards as required by applicable law
You may request further information about the specific safeguards in place for any such transfers by contacting us.
We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law:
- Email marketing data: retained for as long as you remain subscribed. Upon unsubscribing, your data will be suppressed or deleted within 30 days, except where retention is required to honour opt-out preferences.
- Purchase and transactional data: retained for up to 7 years in accordance with applicable accounting, tax, and commercial law obligations.
- Contact enquiry data: retained for up to 2 years from the date of last contact.
- Website analytics data: typically retained in aggregated or anonymised form.
When data is no longer required, it is securely deleted or anonymised.
As a data subject under the GDPR, you have the following rights:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data, subject to certain exceptions (e.g. legal obligations).
Request that we restrict the processing of your data in certain circumstances.
Where processing is based on consent or contract, receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing. If you object to direct marketing, we will cease processing immediately.
Withdraw consent at any time without affecting the lawfulness of prior processing. Unsubscribe via the link in any email, or contact us directly.
To exercise any of the above rights, please contact us via the contact form. We will respond within 30 days. We may need to verify your identity before processing your request.
If you believe we have processed your personal data unlawfully or in breach of the GDPR, you have the right to lodge a complaint with the relevant supervisory authority.
Our lead supervisory authority is:
Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd, Sofia 1592, Bulgaria
You may also have the right to lodge a complaint with the supervisory authority in your country of residence or place of work.
Our websites may use cookies and similar technologies (such as pixels and local storage) to enable functionality, improve user experience, and gather analytics data. Where required by applicable law, we will request your consent before placing non-essential cookies.
You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our websites.
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our team operates within a controlled, sandboxed technical environment, and all significant actions involving personal data are subject to human oversight and sign-off.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CPDP within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required.
Our websites and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The date at the top of this policy indicates when it was last revised. Where changes are material, we will make reasonable efforts to notify you — for example by email or a prominent notice on our website.
We encourage you to review this policy periodically.
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us: