This Privacy Policy describes how PHP BUSINESS ADVISORS LTDA ("we", "our", "us") handles data in connection with the PHP Business Authenticator Application ("Application") distributed through the Bitrix24 Marketplace.
Summary: the Application is designed with a zero-knowledge architecture. All data — including authentication secrets — is stored exclusively inside the user's own Bitrix24 portal. We do not operate any external database or tracking infrastructure.
We want to be explicit about what we do not collect, process, or have access to:
All the above remains within your Bitrix24 portal under your exclusive control.
The Application stores the following data inside a Smart Process Automation (SPA) in your own Bitrix24 portal:
This data is governed by your agreement with Bitrix24 and any applicable data-protection laws (LGPD in Brazil, GDPR in the EU, etc.). We do not have access to it.
If you voluntarily contact our support team via email, WhatsApp or chat, we may process the following data solely to resolve your request:
This data is retained only for the duration necessary to handle your request and is not shared with third parties.
When we process personal data in the context of support, the legal basis is:
We do not sell, rent or trade any personal data. We may share data with:
TOTP secrets are encrypted with AES-GCM (256-bit) before being stored in the Bitrix24 SPA. The encryption key is generated using cryptographically secure random bytes (random_bytes(32)) on first installation and stored both in app.option and inside a hidden SPA item for resilience.
All communication between your browser and the Bitrix24 REST API uses HTTPS/TLS.
Since we do not store your personal data on our own infrastructure, most data-subject rights are exercised directly through your Bitrix24 portal and/or your Bitrix24 account settings. For data we process during support, you have the right to:
Since we do not store application data on external servers, there is no retention on our side. Data inside your Bitrix24 portal is retained according to your own policies. Support correspondence is kept for up to 24 months for quality and legal purposes.
The Application is intended for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.
Data processed during support may be stored on servers located in Brazil. Any international transfer (e.g., for email providers based outside Brazil) is protected by standard contractual clauses or equivalent safeguards.
We may update this Privacy Policy at any time. The "Last updated" date at the top of this page reflects the latest revision. Material changes will be communicated via the Bitrix24 Marketplace and/or the Application itself.
For any privacy-related questions, or to exercise your data-subject rights, please contact us using the details below.