Version 1.1 · Effective 5 May 2026

Privacy Policy

This Privacy Policy explains what personal data BCDock ("we", "us", "our") collects when you use the BCDock platform ("Service"), how we use it, and your rights over it.

1. Data We Collect

Account data

Your email address — used to authenticate you and send service notifications.

Usage data

Environment creation and deletion times, running duration, and BC version/country selections — used for billing calculations and service improvement.

Technical data

IP address, browser type, and page visit timestamps collected automatically for security, abuse prevention, and analytics.

Communications

Any messages you send us via email are retained for support and record-keeping.

We do not collect or access any Business Central data, AL code, or database contents inside your environments.

2. How We Use Your Data

  • Service delivery — provisioning and managing your environments.
  • Authentication — verifying your identity via email codes.
  • Billing — calculating charges based on environment runtime.
  • Service communications — sending verification codes, provisioning status, and important service updates.
  • Analytics — understanding how the service is used to improve it. Aggregated and anonymised where possible.
  • Security — detecting and preventing abuse or unauthorised access.

We do not sell your data to third parties.

3. Third Parties

Microsoft Azure

All infrastructure runs on Azure (Australia / US). Your environment data is hosted in the Azure region you select at signup. Azure's data processing terms apply.

Email delivery

Transactional emails (verification codes, notifications) are sent via a third-party email provider. Only your email address is shared for delivery purposes.

Analytics

We use privacy-respecting, self-hosted analytics. No data is shared with advertising networks.

4. Data Retention

  • Account data — retained while your account is active. When you request deletion, see Section 5 below for the deletion process.
  • Usage records — retained for 2 years for billing audit purposes.
  • Environment data — deleted from Azure infrastructure when the environment is stopped or deleted. Hibernation backups are retained while the environment is hibernated and deleted when the environment is hard-deleted or your account is anonymised.
  • Email verification codes — deleted immediately after use or expiry (10 minutes).

5. Your Rights

You can exercise the following rights at any time. Most are self-service through your profile in the BCDock portal — for everything else, email hello@bcdock.io.

  • Access & portability — request a ZIP of all personal data we hold about you (environments, usage, audit log, billing history, email log) directly from your profile page. The export is delivered via a 24-hour download link by email.
  • Correction — update your display name, time zone, and company region from the profile page; for anything else, email us.
  • Deletion — request account deletion from your profile page. See Section 6 for what happens next.
  • Objection — object to processing for analytics purposes by emailing us.

For email requests we respond within 30 days; self-service exports and deletions process automatically.

6. Account Deletion

When you request deletion from your profile page:

  • Immediately — your account is marked for deletion. Running environments are hibernated to stop active billing. Companies you co-own with other people are unaffected and ownership transfers to a co-member.
  • 30-day grace period — you can sign back in and cancel the deletion at any time during these 30 days. The account is fully recoverable.
  • After 30 days — your account and the company workspaces you sole-own are anonymised: personally identifying fields (email, display name, OAuth identifiers, time zone, last-login data, company name and slug) are overwritten with generic placeholders. Hibernation backup blobs are deleted. Active sessions are terminated.
  • What we keep after anonymisation — usage records, audit log entries, billing history, and the row identifier for foreign-key integrity. These no longer link back to you as an identified person.
  • Abuse-prevention signal — to prevent misuse of free trials by repeated sign-ups, we retain a one-way cryptographic hash of your email address combined with a server-side secret value. This hash cannot be reversed to recover your email; it is used only to recognise that an account previously associated with a given email has been anonymised, and to apply our trial-use policy on a future sign-up. This is the only personal-data-derived value retained beyond anonymisation, and it is permitted under GDPR Art. 17(3)(e) (legal claims) and APP 11.2(c) (legitimate interest in preventing fraud).

If you sign up again with the same email after anonymisation, your account is restored on the first verified sign-in. If your previous account had used the free trial, the trial is not available again and you will be required to choose a paid plan to continue.

7. Cookies

We use two httpOnly session cookies — bcdock_token (15-minute access token) and bcdock_refresh_token (7-day refresh token) — to keep you authenticated. No advertising or tracking cookies are used. You can delete these cookies at any time via your browser settings, which will sign you out.

8. Security

We use industry-standard security measures: TLS for all data in transit, encrypted secrets management via Azure Key Vault, and access controls limiting who can view customer data. No system is 100% secure — please use a unique, strong password for your email provider.

9. Changes to This Policy

We may update this policy as the Service evolves. We will notify you by email at least 14 days before material changes take effect.

10. Contact

Privacy questions or requests: hello@bcdock.io

Terms of ServicePrivacy PolicyLimitations ↗