§ 01 Introduction
This Privacy Policy explains how Bennu International S.A. (“Bennu,” “we,” “us”) collects, uses, retains, and shares personal information when you visit izzatissa.site or use any of the platforms we host on your behalf, including Chatwoot, Mautic, and Postiz (together, the “Platforms”).
By using the Platforms, you consent to the practices described here. If you do not agree, please do not use the Platforms. We try to write this document like real sentences rather than loopholes; if anything is unclear, write to us at [email protected].
§ 02 Scope & controllers
Bennu operates the Platforms as a hosted service. The underlying software
— Chatwoot, Mautic, and Postiz — is open source and licensed
from their respective communities. Bennu is responsible for the operation,
configuration, and security of the hosted instances at
chatwoot.izzatissa.site, mautic.izzatissa.site, and
postiz.izzatissa.site.
Where you provision a tenant, workspace, or account on a Platform and upload data about your end‑users (your customers, contacts, or audience), you are the data controller and Bennu acts as the data processor. For Site visitors, account‑level metadata, billing, and security data, Bennu acts as the controller. Section 06 covers the distinction in detail.
§ 03 Data we collect
3.1 Site visitors
When you visit izzatissa.site we record standard server‑log information — IP address, user‑agent, browser language, referring URL, and the date and timestamp of each request. We use this to understand traffic patterns and to detect abuse. We do not load third‑party tracking scripts or analytics SDKs on this site.
3.2 Account & identity data
When you register for a Platform we collect your name, email address, a hashed password, organisation name, profile picture (if you upload one), workspace membership, and preferences. If you contact our support team we keep a record of the conversation and any context you provide.
3.3 Platform‑specific data
- Chatwoot — customer‑support conversations, attachments, contact records, agent assignments, canned responses, and integration metadata for connected channels (email, WhatsApp, Instagram, SMS, Telegram, and similar).
- Mautic — marketing contact records, segmentation rules, campaign content, email‑send logs, opens/clicks, form submissions, landing‑page interactions, and lead‑score events.
- Postiz — OAuth tokens (encrypted at rest) for connected social platforms, scheduled and published content, media uploads, captions, AI prompts you submit, engagement metrics returned by social platforms, and team‑collaboration metadata.
3.4 Billing data
Plan status, invoice history, and billing address. Card and bank‑account details are collected and stored directly by our payment processors (Stripe and similar); Bennu only receives a tokenised reference and metadata about successful or failed charges.
3.5 Logs, usage & device data
IP address, browser and device identifiers, application telemetry, pages visited, features used, session events, and error reports. These are kept in operational logs for security, performance, and debugging purposes.
3.6 What we do not intentionally collect
We do not knowingly collect government identifiers (e.g. SSN), genetic information, or health records. You may, however, store such information yourself inside a Platform — for example, by pasting it into a Chatwoot conversation or uploading it as an attachment. If you do, we hold it under the same security obligations as any other content.
§ 04 Purposes & legal bases
We process personal data for the following purposes, on the legal bases noted:
- Service delivery — authentication, account management, content publishing, support. (Performance of contract.)
- Billing & payments — invoicing, subscriptions, fraud prevention. (Performance of contract; legal obligation.)
- Security — detecting and preventing abuse, brute‑force attacks, account takeover, spam, and infrastructure attacks. (Legitimate interests; legal obligation.)
- Operations — monitoring, debugging, performance measurement. (Legitimate interests.)
- Communications — service notices, security alerts, and (with consent) the occasional product update. (Performance of contract; consent.)
- Legal compliance — responding to lawful requests and enforcing our rights. (Legal obligation.)
We do not use the content of your Platform conversations, campaigns, scheduled posts, or media uploads to send you advertising, and we do not sell that content.
§ 05 AI‑assisted features
Postiz includes optional AI features for caption generation, hashtag suggestion, and analytics summaries. To provide them we transmit your prompts and any inputs you choose to include to third‑party model providers (for example, Anthropic and OpenAI) acting as our sub‑processors. We instruct these providers not to use your inputs or outputs to train their models and rely on their enterprise‑tier data‑handling commitments where available.
You can opt out by not using these features. AI‑assisted features are clearly labelled inside the product.
§ 06 Controller vs processor
Controller role. For account, billing, site analytics, marketing, and security data, Bennu determines the means and purposes of processing and is the data controller.
Processor role. For data you upload into a Platform — your end‑customer conversations in Chatwoot, your contact lists in Mautic, your audience and content in Postiz — Bennu acts as a data processor on your behalf and processes that data according to your instructions and your account configuration. You remain responsible for the lawful basis under which you collected that data and for any notices or consents you owe to your end‑users.
On request we will sign our standard Data Processing Addendum (DPA), which incorporates the European Commission Standard Contractual Clauses for international transfers.
§ 07 Sharing & sub‑processors
We share personal data only with the following categories of recipients:
- Bennu personnel and contractors who need access to operate the Platforms, all bound by confidentiality obligations.
- Sub‑processors — cloud hosting, content delivery networks, error monitoring, transactional email, payment processors, and (for Postiz only) AI model providers.
- Connected third‑party platforms — the social and messaging networks you choose to connect to Postiz, Chatwoot, or Mautic. Data flowing to these platforms is governed by their own terms and privacy policies.
- Workspace members — people you invite to your workspace, with access scoped by the role you assign them.
- Professional advisors — auditors, lawyers, accountants, when reasonably required.
- Authorities — when we are legally required to disclose, or where disclosure is necessary to prevent fraud, abuse, or harm.
- Successors — in the context of a merger, acquisition, or business reorganisation, with continued protection of your data.
We will not rent or sell potentially personally identifying or personally identifying information to anyone. An up‑to‑date list of sub‑processors is available on request from [email protected].
§ 08 International transfers
Bennu and its sub‑processors may process personal data in jurisdictions including the European Union, the United Kingdom, the United States, and others. Where personal data subject to the GDPR or UK GDPR is transferred to a country without an adequacy decision, we rely on the European Commission Standard Contractual Clauses and equivalent UK addenda, together with supplementary technical and organisational measures.
§ 09 Retention
- Account data — deleted or anonymised within 90 days of account closure.
- Platform content (Chatwoot conversations, Mautic contacts, Postiz scheduled posts) — retained for the lifetime of the account, or until you delete it through the Platform UI.
- OAuth tokens — while a connection is active; revoked promptly when you disconnect a channel.
- Billing records — up to 7 years, as required by tax and accounting law.
- Operational logs — up to 12 months.
- Backups — 30 to 90 days, depending on tier.
Longer retention may apply where we are legally required to preserve information, or where it is necessary for the establishment, exercise, or defence of legal claims.
§ 10 Security
We maintain administrative, technical, and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
Measures include:
- TLS for data in transit; encryption at rest for sensitive fields.
- Encryption of OAuth tokens and password hashing using modern algorithms.
- Role‑based access controls and audit logging.
- Multi‑factor authentication for administrative access.
- Regular vendor reviews and incident‑response procedures.
- An always‑on web‑application firewall and behavioural rate limiting.
No system is fully secure, and we cannot guarantee absolute security. If you become aware of a vulnerability, please write to [email protected].
§ 11 Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you and receive a portable copy.
- Correct inaccurate or incomplete information.
- Delete your data, subject to retention obligations described above.
- Object to or restrict processing based on legitimate interests.
- Withdraw consent for processing that depends on consent.
- Lodge a complaint with your local supervisory authority.
Most of these requests can be handled directly inside the Platform UI. For everything else, write to [email protected]. We respond within 30 days; complex requests may take longer, in which case we will let you know within the initial 30‑day window. Requests are processed free of charge except where they are manifestly unfounded or repetitive.
§ 12 California rights
California residents have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act, including the right to know what categories of personal information are collected and for what purposes, the right to delete, the right to correct, and the right to limit the use of sensitive personal information. Bennu does not engage in the “sale” or “sharing” of personal information for cross‑context behavioural advertising. We do not discriminate against you for exercising these rights.
§ 13 Cookies & tracking
We use a small number of first‑party cookies for authentication, session continuity, security, and storing your preferences. The marketing site (izzatissa.site) does not load third‑party analytics, advertising, or social‑tracking pixels. You can block or delete cookies through your browser settings; doing so may affect Platform functionality.
Because we do not track users across third‑party services, we do not need to respond differently to Do Not Track browser signals.
§ 14 Children
The Platforms are intended for business and professional use and are not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us so that we can delete it.
§ 15 Changes to this policy
We may update this policy from time to time. Material changes will be announced by email to account holders or by an in‑product notice a reasonable time before they take effect. The “Last revised” date at the top of this page reflects the most recent update. Continued use of the Platforms after a change constitutes acceptance.
§ 16 Contact
Bennu International S.A.
Privacy inquiries: [email protected]
General contact: [email protected]
Security disclosures: [email protected]
For privacy concerns, please use the subject line “Privacy Concern” so we can route the message correctly.