BizBuyScore
Sign inTry Free

Privacy Policy

bizbuyscore.com/privacy · v1.0 · Effective March 2026
Last updated: March 2026 | Version 1.0

1. Introduction

Boon Han Yeo ABN: 90 816 553 130, trading as BizBuyScore (‘BizBuyScore’, ‘we’, ‘us’, ‘our’) is committed to protecting the privacy of individuals in accordance with the Privacy Act 1988 (Cth) (‘Privacy Act’) and the Australian Privacy Principles (‘APPs’) contained in Schedule 1 of that Act.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in connection with your use of the BizBuyScore platform, website, and tools (the ‘Platform’).

By using the Platform, you consent to the practices described in this policy. If you do not agree, please do not use the Platform.

2. About Us

BizBuyScore is operated by Boon Han Yeo ABN: 90 816 553 130 as a sole trader. The Platform provides AI-assisted and rules-based tools for evaluating small-to-medium business acquisition opportunities.

We are an APP entity for the purposes of the Privacy Act. Our Privacy Policy Officer can be contacted at hello@bizbuyscore.com.

3. Personal Information We Collect

3.1 Account information

When you create an account, we collect: name, email address, password (stored as a cryptographic hash), plan type (free or Pro), date of account creation, and Terms of Use acceptance record (version, timestamp).

3.2 Usage and platform data

We collect information about how you use the Platform, including: evaluation inputs (asking price, revenue, earnings, industry), generated BAS Scores and sub-scores, PDF extraction method preference, evaluations saved to your dashboard, and session activity logs (including checkbox acknowledgement timestamps).

3.3 Uploaded documents

If you use the PDF extraction feature (Pro plan), we temporarily process the document you upload. The handling of document content depends on your selected extraction method — see Clause 7.

3.4 Payment information

Payments for the Pro plan are processed by Stripe. BizBuyScore does not collect or store credit card numbers or other payment credentials. Stripe’s privacy policy governs Stripe’s handling of payment data.

3.5 Technical data

We may collect standard technical information including: IP address, browser type, operating system, referring URLs, and pages visited. This data is used for security, fraud prevention, and service improvement.

3.6 Communications

If you contact us, we collect the content of your communication and any contact details you provide.

4. How We Collect Personal Information

We collect personal information:

  • directly from you, when you create an account, use the Platform, or contact us;
  • automatically, through cookies, analytics tools, and server logs; and
  • from third-party services, such as Stripe for payment processing.

5. How We Use Personal Information

We use personal information for the following purposes:

  • providing, operating, and improving the Platform and its features;
  • processing your account registration and managing your subscription;
  • sending service-related communications (account confirmations, Terms updates, billing notices);
  • processing PDF extraction requests and returning results to you;
  • maintaining records of Terms of Use acceptance and disclaimer acknowledgements;
  • detecting and preventing fraud, abuse, and security incidents;
  • complying with our legal obligations; and
  • with your consent, sending marketing communications about new features or services.

We will not use your personal information for any purpose that is inconsistent with these purposes without your consent or as otherwise permitted by the APPs.

6. Disclosure of Personal Information

6.1 Third-party service providers

We disclose personal information to third-party service providers who assist us in operating the Platform, including:

  • Supabase Inc (USA): database hosting and user authentication. Supabase stores account data, evaluation data, and user preferences.
  • Anthropic PBC (USA): AI extraction processing, when you select the Online LLM extraction method. Document content is transmitted to Anthropic’s API. See Clause 7 for detail.
  • Stripe Inc (USA): payment processing for Pro subscriptions.
  • Vercel Inc (USA): web hosting and deployment infrastructure.
  • Analytics provider: website analytics and usage tracking.

6.2 Other disclosures

We may also disclose personal information:

  • where required or authorised by law;
  • to enforce these Terms or protect our rights;
  • in connection with a merger, acquisition, or sale of all or part of our business (on notice to you); or
  • with your consent.

6.3 No sale of personal information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. PDF Extraction and Overseas Disclosure (APP 8)

7.1 Local extraction methods

If you use the Local Rules-Based Extractor or Local LLM (when available), all extraction is performed within our infrastructure. Document content is not disclosed to any overseas entity.

7.2 Online LLM extraction — overseas disclosure

If you select the Online LLM extraction method, your uploaded document is transmitted to Anthropic PBC, a company incorporated in the United States, for AI-assisted data extraction.

Under APP 8 of the Privacy Act, before disclosing personal information to an overseas entity, we must either: (a) take reasonable steps to ensure the overseas recipient does not breach the APPs; or (b) obtain your consent to the disclosure.

By selecting the Online LLM method and confirming the upload modal, you expressly consent to this overseas disclosure for the purposes of APP 8(2)(a) and acknowledge that the APPs may not apply to Anthropic’s handling of the transmitted content.

We have reviewed Anthropic’s API usage policy and privacy documentation and note that, as at March 2026, Anthropic does not use API-submitted content to train its models by default. However, you should review Anthropic’s current policy before uploading sensitive documents.

Document content transmitted via Online LLM is: (a) transmitted securely via TLS; (b) used only for the purpose of returning extraction results to BizBuyScore; and (c) not stored by BizBuyScore beyond the processing session.

7.3 Confidential documents

You must not upload documents that are subject to any confidentiality agreement, NDA, or other legal obligation prohibiting disclosure to a third-party AI service via the Online LLM method. Use the Local Rules-Based Extractor for such documents.

8. Cookies and Analytics

We use cookies and similar tracking technologies to:

  • maintain session state and keep you logged in;
  • understand how the Platform is used and improve features; and
  • detect and prevent fraudulent or abusive activity.

You may disable cookies through your browser settings. Disabling certain cookies may affect Platform functionality.

We do not use cookies for cross-site behavioural advertising.

9. Data Retention and Deletion

9.1 Account data

We retain account data for as long as your account is active. If you close your account, we will delete or de-identify your personal information within 90 days, unless a longer retention period is required by law.

9.2 Evaluation data

Evaluation inputs and BAS Scores saved to your dashboard are retained until you delete them or close your account. Deleting an evaluation from your dashboard is permanent.

9.3 Uploaded documents

Document content transmitted via Online LLM extraction is not stored by BizBuyScore beyond the processing session. Document content processed by local extractors is retained in memory only during the extraction process and is not written to persistent storage.

9.4 Compliance records

Terms of Use acceptance records, disclaimer acknowledgement logs, and Online LLM upload confirmation records are retained for a minimum of seven years for compliance and audit purposes.

9.5 Deletion requests

You may request deletion of your personal information at any time by contacting hello@bizbuyscore.com. We will process verified deletion requests within 30 days, subject to any retention obligations under clause 9.4 or applicable law.

10. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • encryption of data in transit (TLS) and at rest;
  • access controls limiting staff access to personal information on a need-to-know basis;
  • regular security reviews of our infrastructure and third-party providers; and
  • password hashing using industry-standard algorithms.

No transmission over the internet is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.

In the event of a data breach that is likely to result in serious harm, we will comply with our notifiable data breach obligations under Part IIIC of the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner (‘OAIC’) as required.

11. Your Rights — Access, Correction, and Complaints

11.1 Access

Under APP 12, you have the right to request access to the personal information we hold about you. To request access, contact hello@bizbuyscore.com. We will respond within 30 days. We may charge a reasonable fee for providing access in complex cases.

11.2 Correction

Under APP 13, if you believe personal information we hold about you is inaccurate, out of date, incomplete, or misleading, you may request correction. We will take reasonable steps to correct the information or, if we disagree, note your request alongside the information.

11.3 Opt-out of marketing

If you have consented to marketing communications, you may opt out at any time by clicking ‘unsubscribe’ in any marketing email or by contacting hello@bizbuyscore.com.

11.4 Complaints

If you believe we have handled your personal information in breach of the Privacy Act or these APPs, you may:

  1. first contact us at hello@bizbuyscore.com — we will respond within 30 days;
  2. if unresolved, lodge a complaint with the OAIC at oaic.gov.au or by calling 1300 363 992; or
  3. seek external dispute resolution through any other applicable scheme.

12. Children

The Platform is not directed at children under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from a child under 18, we will take prompt steps to delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify registered users of material changes by email and by an in-app notification.

The updated policy will be effective from the date it is posted at bizbuyscore.com/privacy. Continued use of the Platform after that date constitutes acceptance of the updated policy.

We maintain an archive of previous versions of this policy. To request a previous version, contact hello@bizbuyscore.com.

14. Contact and Privacy Officer

For all privacy-related enquiries, access requests, correction requests, or complaints:

Privacy Officer, Boon Han Yeo ABN: 90 816 553 130 (trading as BizBuyScore)
Email: hello@bizbuyscore.com
Website: bizbuyscore.com
Address: 5 Keith St, Dulwich Hill, NSW 2000