Legal

Privacy Policy

Effective date: May 1, 2026

This Privacy Policy explains how Bezelio (“Bezelio,” “we,” “us,” or “our”) processes personal data in connection with the Bezelio mobile application (the “App”) and the website at https://bezelio.com (the “Site,” together with the App, the “Services”).

It is written to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK GDPR and Data Protection Act 2018, the Swiss FADP, and other applicable data protection laws.

1. At a glance

Bezelio is offline-first. The App stores your watch collection on your device. We do not operate cloud servers that store your collection and we cannot access it.
No account is required. The App does not ask you to create a username, password, or email account.
No advertising, no profiling, no sale of data. We do not embed advertising or analytics SDKs in the App and we do not sell or share personal data for advertising purposes.
You can exercise your GDPR rights at any time — most directly within the App, and otherwise by contacting us at admin@bezelio.com.

2. Data controller

The controller responsible for any processing described in this Policy is:

Bezelio
Email: admin@bezelio.com
Place of establishment: Sri Lanka

For privacy questions, requests under the GDPR/UK GDPR, or to contact our designated point for data protection matters, please email admin@bezelio.com. We are not currently required to appoint a Data Protection Officer under Article 37 GDPR; we will appoint one and publish their details here if that changes.

EU/UK representatives: if and when the App is offered to data subjects in the EU or UK at a scale that triggers Article 27 GDPR, we will appoint a representative in the EU and the UK and update this section with their contact details. Until then, you may contact us directly at the address above.

3. The data we process and why

We have structured this section by activity. For each activity we identify the categories of personal data, the purposes, and the legal basis under Article 6(1) GDPR.

3.1 Information you enter into the App (“Collection Data”)

You may enter information about your timepieces — for example brand, reference, serial number, purchase date and price, valuations, photographs, service history, accuracy logs, strap details, warranties, reminders and notes. Some of this may constitute personal data about you (for example, ownership records or photos that show you).

Where it is stored: locally on your device. Bezelio does not transmit Collection Data to us.
Purpose: to provide the App’s core functionality (catalog, service log, accuracy tracker, strap manager, reminders, PDF export).
Legal basis: performance of a contract with you (Article 6(1)(b) GDPR — providing the Services you have requested). Because the data does not leave your device, we are typically not in a position to act as controller of it.
Retention: until you delete entries in the App or uninstall it.

3.2 Device permissions used by the App

Some features need device permissions. Each is requested only when the relevant feature is used:

Camera and Photos — to attach images. Stored locally.
Files / Storage — to import/export local backup archives and PDF reports.
Notifications — to deliver local reminders. Generated on your device; not sent through our servers.
Biometrics — to unlock the App if you enable that option. Biometric data is handled by your operating system and never reaches us.

Legal basis: consent (Article 6(1)(a) GDPR), which you can withdraw at any time by changing the permission in your device settings, with no effect on the lawfulness of processing before withdrawal.

3.3 Diagnostic information

If the App crashes, your operating system may forward anonymous crash reports through Apple or Google’s standard reporting tools. We use such reports solely to identify and fix bugs.

Categories: crash stack traces, OS version, device model, App version. No Collection Data.
Legal basis: our legitimate interest in keeping the App reliable and secure (Article 6(1)(f) GDPR). You can object under Article 21 GDPR by disabling crash reporting on your device.
Retention: up to 90 days, except where a longer period is needed to investigate a specific defect.

3.4 The website

The Site is informational. When you visit it, our hosting provider may process the following on our behalf, in server logs:

Categories: IP address (truncated where technically possible), user agent, referrer, requested URL, timestamp.
Purpose: delivery of the Site, security (abuse and DDoS prevention), aggregated reliability statistics.
Legal basis: our legitimate interest in operating and securing the Site (Article 6(1)(f) GDPR).
Retention: typically up to 30 days, after which logs are deleted or aggregated.

The Site uses only strictly necessary cookies / local storage. We do not place tracking, advertising, or non-essential analytics cookies. If we ever do, we will collect prior consent through a compliant consent banner before any non-essential cookie is set.

3.5 Correspondence (e.g. support email)

If you email us, we receive your email address and the content of your message.

Purpose: to respond, troubleshoot, and keep a record for service quality and legal claims.
Legal basis: our legitimate interest in handling enquiries and protecting our rights (Article 6(1)(f) GDPR); where you raise a contractual matter, performance of a contract (Article 6(1)(b)); where required by law, compliance with a legal obligation (Article 6(1)(c)).
Retention: generally up to 24 months from the last message, unless a longer period is necessary for legal claims.

3.6 App store distribution

When you download the App, Apple or Google process limited data (such as your account identifier and download metrics) as independent controllers under their own privacy notices. We may receive aggregated, non-identifying download statistics from those platforms on the basis of our legitimate interest in understanding the reach of the App (Article 6(1)(f) GDPR).

4. Sensitive (special-category) data

Bezelio is not designed to process special categories of personal data under Article 9 GDPR (e.g. health, religion, biometrics for identification, sexual orientation). Please do not enter such data into your collection notes. If you do, you do so on your own device and at your own discretion; the controller of that information is you.

5. Recipients of personal data

Because Collection Data stays on your device, there are no routine recipients of it. For the limited categories above we use the following types of processors / recipients, all bound by appropriate contractual safeguards:

Hosting provider — for the Site (server logs).
Email provider — for support correspondence.
App store platforms — Apple and Google, as independent controllers for distribution.
Professional advisors — lawyers, accountants and auditors, where strictly necessary.
Public authorities and courts — where required by law or legitimate legal process.

We sign data processing agreements (Article 28 GDPR) with our processors and require them to act only on our instructions and to apply appropriate technical and organisational measures.

6. International transfers

We are established in Sri Lanka, which is outside the EEA. Where personal data of data subjects in the EEA, the UK or Switzerland is transferred to us or to processors outside those regions, we rely on appropriate transfer mechanisms under Chapter V GDPR, including:

European Commission adequacy decisions, where applicable;
Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), supplemented by the UK Addendum issued by the ICO and equivalent Swiss provisions; and
additional technical and organisational safeguards (e.g. transport encryption, access controls, data minimisation) where appropriate following a transfer impact assessment.

You can request a copy of the safeguards in place by emailing admin@bezelio.com.

7. Retention

Specific retention periods are listed in section 3 alongside each activity. Where no specific period is stated, we retain personal data only as long as necessary for the purposes described in this Policy and to comply with our legal obligations (for example, tax, accounting and limitation periods for legal claims). When the retention period ends, data is deleted or irreversibly anonymised.

8. Your rights

Under the GDPR / UK GDPR you have the rights below, free of charge, in respect of personal data we hold about you:

Right of access (Article 15) — to obtain confirmation as to whether we process your personal data and a copy of that data.
Right to rectification (Article 16) — to correct inaccurate or incomplete data.
Right to erasure (Article 17, “right to be forgotten”).
Right to restriction of processing (Article 18).
Right to data portability (Article 20) — to receive data you provided in a structured, commonly used, machine-readable format.
Right to object (Article 21) — including the right to object at any time to processing based on our legitimate interests.
Right to withdraw consent (Article 7(3)) at any time, where processing is based on consent.
Right not to be subject to automated decision-making (Article 22). We do not carry out solely automated decision-making producing legal or similarly significant effects on you.
Right to lodge a complaint with a supervisory authority — see section 9.

Because Collection Data is held only on your device, you generally exercise access, rectification, erasure and portability rights directly inside the App by editing/deleting entries, exporting your data (PDF or backup file), or uninstalling the App.

For the limited categories of data we hold (correspondence, server logs, etc.), email admin@bezelio.com. We will respond within one month, extendable by a further two months for complex requests, in accordance with Article 12(3) GDPR. We may need information to verify your identity. We will not charge a fee unless a request is manifestly unfounded or excessive.

9. Right to complain to a supervisory authority

Without prejudice to any other remedy, you have the right to lodge a complaint with a data protection supervisory authority — in particular in the EU/EEA Member State of your habitual residence, place of work or place of the alleged infringement. In the UK you can complain to the Information Commissioner’s Office (ico.org.uk). A list of EEA authorities is published by the EDPB at edpb.europa.eu. We would, however, appreciate the chance to address your concerns first — please contact admin@bezelio.com.

10. Security

We implement appropriate technical and organisational measures under Article 32 GDPR, taking into account the state of the art and the risks involved. These include keeping Collection Data on your device rather than on remote servers, encryption at rest where supported by the operating system, optional password and biometric lock for the App, password-protected backups, transport encryption (HTTPS) for the Site, access controls and least-privilege access for our staff and processors.

No method of electronic storage or transmission is 100% secure. The security of locally-stored Collection Data also depends on your device’s passcode, OS updates, and how you handle exported backups. We cannot recover lost backup passwords.

Where we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay (and within 72 hours where feasible) under Article 33 GDPR, and inform affected individuals without undue delay where required under Article 34 GDPR.

11. Children

The Services are not directed to children. We do not knowingly process personal data of a child under 16, or under the lower age set by your EU Member State for information-society services (which may be as low as 13). If you believe a child has provided personal data to us, please email admin@bezelio.com and we will delete it.

12. Automated decision-making and profiling

We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.

13. Backups, exports and onward sharing

Backup archives and PDF reports you generate are stored where you choose. If you transfer them via email, messaging apps, or third-party cloud storage, those recipients and services may receive the data. From the moment you export, they become independent controllers of any data they receive. We are not responsible for their processing.

14. Statutory or contractual requirement

You are not under a statutory or contractual obligation to provide personal data to us. The only consequence of not providing the limited categories described above is that the corresponding feature will not work (for example, you cannot receive a reply if you do not send us your email address).

15. Changes to this Policy

We may update this Policy. The latest version will always be posted on this page with an updated effective date. Material changes will be highlighted within the App or Site where reasonably practicable and, where required by law, we will obtain renewed consent.

16. Contact

Questions, requests under data protection law, or complaints? Email admin@bezelio.com.