Privacy Policy

When you use HisabLab, we collect several types of information to provide and improve our services. Below is a detailed breakdown of what we collect and why:

The information we collect is used exclusively for the following purposes:

• To create, manage, and secure your HisabLab account
• To store, display, and process your business data (sales, purchases, inventory, reports)
• To generate invoices, financial reports, and business analytics
• To send password reset emails and important security alerts
• To notify you of new features, updates, and service announcements
• To process your subscription payments and manage premium access
• To identify and resolve technical issues and bugs
• To improve the platform based on usage patterns
• To comply with applicable legal obligations

We take data security seriously and implement industry-standard measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS protocol, ensuring your data cannot be intercepted in transit.
• Password Hashing: Your password is hashed using the bcrypt algorithm before being stored. This means we never store your plain-text password, and even our team cannot see it.
• CSRF Protection: Every form submission uses a CSRF token to prevent cross-site request forgery attacks.
• SQL Injection Prevention: All database queries use PDO prepared statements to prevent SQL injection attacks.
• XSS Protection: All user-submitted content is sanitized before being displayed to prevent cross-site scripting attacks.
• Secure Session Management: Sessions are managed securely with automatic expiry and protection against session hijacking.
• Regular Backups: Your data is backed up regularly to prevent data loss.
• Server Security: Our servers are protected by firewalls and intrusion detection systems.
• Access Control: Only authorized personnel have access to production systems, and all access is logged.

We do not sell, rent, or trade your personal information to any third party. Your data may only be shared in the following strictly limited circumstances:

• Legal Obligations: We may disclose your information if required to do so by law, court order, or government authority under Bangladesh law.
• Hosting & Infrastructure: Our trusted hosting provider has physical access to server infrastructure. However, they are bound by confidentiality agreements and have no right to access your application data.
• With Your Explicit Consent: We will only share your information with third parties if you have given us clear, informed consent to do so.
• Emergency Safety: In cases where there is an imminent threat to the life or safety of any person, we may contact relevant authorities.
• Business Transfer: In the unlikely event of a merger or acquisition, your data may be transferred to the new owner, who will be bound by this Privacy Policy.

HisabLab uses a minimal set of cookies that are strictly necessary for the platform to function. We do not use any advertising, tracking, or analytics cookies.

• Session Cookie (PHPSESSID): This cookie maintains your login session while you use HisabLab. It is deleted automatically when you close your browser. Without this cookie, you would need to log in on every page.
• Remember Me Cookie: If you check "Remember Me" during login, a secure token is stored in a cookie for up to 30 days so you don't need to log in again on that device.
• CSRF Security Token: A security token stored in your session to protect against cross-site request forgery attacks.

We do not use Google Analytics, Facebook Pixel, advertising cookies, or any third-party tracking technologies.

As a HisabLab user, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of all personal data we hold about you.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold.
• Right to Erasure: You have the right to request permanent deletion of your account and all associated data. We will process this within 30 days.
• Right to Data Portability: You have the right to receive your data in a structured, machine-readable format so you can transfer it to another service.
• Right to Restrict Processing: You have the right to request that we limit how we use your personal data in certain circumstances.
• Right to Object: You have the right to object to certain types of processing of your personal data.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Unsubscribe: You may opt out of non-essential communications (such as feature announcements) at any time.

To exercise any of these rights, please contact us at noreply@hisablab.com. We will respond to all legitimate requests within 30 days.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law:

• Account Data: Retained for as long as your account remains active. If you delete your account, we will delete your personal data within 30 days.
• Business & Transaction Data: Retained for up to 7 years for legitimate business record-keeping purposes and legal compliance requirements.
• Server Log Data: Automatically deleted after a maximum of 90 days.
• Payment Records: Retained for up to 7 years as required for financial compliance.
• Inactive Accounts: Accounts that have been inactive for more than 2 years may be subject to deletion after prior notification via email.

HisabLab uses a limited number of third-party services that are essential for operating the platform:

• Web Hosting Provider: We use a trusted hosting provider to run our servers. They provide infrastructure only and have no access to your application data. They are bound by strict data processing agreements.
• Email Delivery Service: We use an email service provider to send transactional emails such as password resets and subscription notifications. Only your email address and the necessary message content are shared for this purpose.
• Google Fonts: Our platform loads fonts from Google Fonts CDN. This may transmit your IP address to Google's servers for font delivery. Google's privacy policy applies to this interaction.
• Font Awesome: We use Font Awesome CDN for icons. Similar to Google Fonts, your IP may be shared with Cloudflare for icon delivery.

Our platform does not integrate with any social media platforms, advertising networks, or analytics services that would track your behavior across the web.

HisabLab is a business management platform designed exclusively for adults. We are committed to protecting children's privacy online.

• Our services are not directed at, and we do not knowingly collect personal information from, individuals under the age of 18.
• If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately.
• Upon receiving such a report, we will promptly investigate and delete the relevant account and all associated data.
• If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete that information.

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, or legal requirements. When we make changes:

• The "Last Updated" date at the top of this page will be revised to reflect the date of the latest update.
• For significant changes that materially affect your rights or our use of your data, we will notify you via email or through a prominent notice within the HisabLab platform at least 14 days before the changes take effect.
• Your continued use of HisabLab after any changes are posted constitutes your acceptance of the revised Privacy Policy.
• If you do not agree with the updated terms, you must stop using our services and may request account deletion.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

This Privacy Policy is governed by and construed in accordance with the laws of Bangladesh, including the Digital Security Act and applicable data protection regulations. The legal bases on which we process your personal data are as follows:

• Contractual Necessity: We process your data as necessary to provide the services you have signed up for and to fulfill our obligations under our Terms of Service.
• Legitimate Interests: We process certain data for our legitimate business interests, such as improving the platform, detecting fraud, and ensuring security — provided these interests are not overridden by your rights.
• Legal Obligation: We process data where required by applicable Bangladesh law, including financial and tax record-keeping requirements.
• Consent: Where we send non-essential communications or notifications, we rely on your consent, which you may withdraw at any time.

Any disputes arising from this Privacy Policy or your use of HisabLab shall be subject to the exclusive jurisdiction of the competent courts of Bangladesh.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your concerns promptly and transparently.

We aim to respond to all privacy-related inquiries within 72 hours on business days.