Privacy Policy
Last updated: 22/04/2026
1. Data Controller
Bitz is operated by Aventa Technologies Ltd. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the Data Controller for your account data and the information you provide about yourself.
If you have questions about this policy, please contact our privacy team via the Support page.
2. Information We Collect
2.1 Account Data
Name, email address, password (hashed), and country of residence.
2.2 Personal Relationship Data
Details of your family members (e.g., name and relationship to you) to manage combined immigration timelines. We do not permit the entry of children's data in this feature.
2.3 Professional Data
Contacts (names, emails, roles) and session details (agenda, notes, outcomes) that you choose to store in the platform.
2.4 Timeline, Expense, and ILR Data
Timeline events, travel dates, countries, locations, immigration profile data, expense entries you record (including categories, amounts, merchants, and recurring flags), absence calculations, and evidence tracking fields such as whether supporting evidence exists, evidence notes, evidence location, and the date you last checked it.
2.5 Security and Service Data
Login, logout, data export, and account-deletion audit events, plus technical information such as IP address, browser information, and request metadata used to secure and operate the service.
3. How We Use Information
- To create and manage your account.
- To provide the timeline, expense, session, calendar, contact, and ILR features you choose to use.
- To secure the service, investigate misuse, and maintain audit records.
- To respond to data access, deletion, and support requests.
- To comply with legal, tax, regulatory, and security obligations.
4. Lawful Basis for Processing
We process your data under the following legal grounds:
- Contract: To provide the Bitz service, including timeline, expense, calendar, session, contact, and ILR features.
- Legal Obligation: To comply with tax, security, and regulatory requirements.
- Legitimate Interests: To protect the service, prevent misuse, maintain audit logs, and improve reliability and security where those interests are not overridden by your rights.
If you enter information about another adult, you are responsible for ensuring you have a lawful basis to do so.
5. Data Retention
We retain your data only for as long as your account is active or as needed to provide you services.
- Account & Content: Kept while your account is active.
- Scheduled account deletion: when you request account deletion, your account is disabled immediately and permanently purged after a 7-day retention window unless we are required to retain limited records for security or legal reasons.
- Audit Logs: Security logs (including IP addresses) are automatically purged after 30 days.
- Unverified accounts: Inactive accounts that are not verified may be removed after 30 days.
6. Sharing and International Transfers
We share data only where needed to operate the service, such as with hosting, infrastructure, email, and support providers, or where required by law.
If personal data is processed outside the UK, we aim to use appropriate safeguards such as contractual protections and vetted service providers.
7. Your Rights (UK GDPR)
You have significant rights over your data, including:
Download a full record of your data at any time via the Export tool in Settings.
Go to Export →Schedule your account for deletion. Access ends immediately and your account data is purged after the retention window.
Go to Delete →8. Security
We use technical and organisational security measures designed to protect personal data, including access controls, audit logging, and encryption in transit. We review security controls over time to keep them appropriate to the risks of the service.
9. Contact and Complaints
If you have privacy questions or want to exercise your rights, contact us via the Support page.