B1GoB1Gofor SAP Business One
Legal

B1Go Privacy Policy

This Privacy Policy explains how E.F VISIONSOFT LTD collects, uses, stores and protects personal data in connection with B1Go.

Effective date: 15 June 2026 Version: 1.0
Authoritative Language. These legal documents are drafted and maintained in English by E.F VISIONSOFT LTD. The English version is the single legally binding version for all portal languages. Any translated interface labels are provided only for convenience and do not modify, translate or replace the legal text.

Contents

1. Who we are and scope2. Our data-protection roles3. Personal data we process4. Sources of personal data5. Why we process personal data and our legal bases6. Customer Data and SAP Business One content7. Cookies, local storage and similar technologies8. Recipients and service providers9. International data transfers10. Retention11. Security12. Your data-protection rights13. Automated decision-making and children14. Personal-data incidents15. Questions, requests and complaints16. Changes to this Policy

1. Who we are and scope

E.F VISIONSOFT LTD, a Cyprus private limited company with registration number HE 176128 ("VisionSoft", "we", "us" or "our"), provides B1Go. Our business contact address is 12 Stisichorou Street, Eleni Court, Floor 1, Office 101, 4156 Kato Polemidia, Limassol, Cyprus.

This Privacy Policy applies to the B1Go mobile application, the B1Go Backoffice Portal, B1Go APIs, licensing and device-management services, SAP Business One connectivity, webhooks, notification services, support, documentation and any related website or service that links to this Policy (together, the "Services").

This Policy is intended to explain our practices under Regulation (EU) 2016/679 (the General Data Protection Regulation or "GDPR"), Cyprus Law 125(I)/2018 and other applicable privacy and electronic-communications laws.

It does not govern third-party products or services that have their own privacy notices, including SAP Business One, Microsoft, Google, Cloudflare, app stores or telecommunications providers.

2. Our data-protection roles

For account administration, licensing, security, sales, support, service analytics and our own business operations, VisionSoft normally acts as data controller.

Where a customer uses B1Go to access, transmit, synchronize, store or otherwise process personal data held in the customer’s SAP Business One environment or entered by the customer’s authorized users, the customer is normally the controller and VisionSoft acts as processor on the customer’s documented instructions. The customer remains responsible for determining whether the processing is lawful, providing required notices and managing data-subject requests.

A separate signed order, support agreement or data processing agreement may provide additional or different details. If it conflicts with this Policy on processor obligations, that agreement controls for the relevant processing.

3. Personal data we process

Depending on how the Services are configured and used, we may process the following categories:

  • Account and identity data: name, business email, telephone number, job role, display name, company affiliation, user permissions, preferred language and profile settings.
  • Authentication and security data: password hashes, session identifiers, authentication tokens, multi-factor authentication details, SSO provider identifiers, email-verification status, IP addresses, IP-whitelist rules, security events and CAPTCHA or Turnstile verification results.
  • Company and licensing data: company name, address, VAT number, contact details, SAP installation number, system identifier, company database identifier, subscription, trial, licence assignment, billing status and related commercial records. We do not intentionally store full payment-card details in B1Go.
  • Device and application data: unique device and system identifiers, device name, platform, operating-system version, application version, SAP user code, user name, push-notification token, settings, authorizations and device activity.
  • SAP and operational data: Service Layer connection information, encrypted credentials, selected SAP master-data identifiers, webhook events, document identifiers, transaction requests, failed-transaction payloads, administrator edits, status histories and information required to post or troubleshoot SAP Business One operations.
  • Communications and support data: emails, SMS delivery records, support requests, attachments, feedback, help content and correspondence with us.
  • Technical and usage data: request paths, timestamps, HTTP method, status codes, logs, error details, user agent, diagnostics, feature use and audit records.
  • Notification data: recipient device, notification title and body, delivery status and related payload data.
  • AI-assisted authoring data: only when an authorized portal administrator deliberately uses an AI help-authoring function, the prompt and selected help content may be sent to the configured AI provider.
Do not enter special-category personal data, criminal-offence data, unnecessary identity documents, health information or payment-card data into free-text, payload, support or help-authoring fields unless this is strictly required, lawful and expressly agreed with VisionSoft.

4. Sources of personal data

We obtain data directly from users and customer administrators; automatically from browsers, devices and the B1Go application; from the customer’s SAP Business One environment and configured integrations; from Microsoft or Google when a user chooses SSO; from service providers that deliver email, SMS, push notifications or security checks; and from public or professional sources where necessary for customer due diligence, contracting or legal compliance.

5. Why we process personal data and our legal bases

  • To create and administer accounts, authenticate users, provide trials, subscriptions, licences, device registration and the Services. Legal basis: performance of a contract or steps requested before entering a contract.
  • To connect to SAP Business One, synchronize settings, process webhooks, store and retry failed transactions, deliver notifications and provide requested support. Legal basis: contract; and, for customer-controlled data, processing on the customer’s documented instructions.
  • To secure the Services, prevent fraud and abuse, enforce access controls, maintain audit trails, diagnose incidents and protect our rights and systems. Legal basis: our legitimate interests and compliance with legal obligations.
  • To manage customer relationships, invoices, accounting, licence usage and business communications. Legal basis: contract, legal obligations and legitimate interests.
  • To improve reliability, usability and documentation using aggregated operational information and limited diagnostic data. Legal basis: legitimate interests, balanced against users’ rights.
  • To send marketing communications where permitted. Legal basis: consent where required, or legitimate interests where applicable law allows; every electronic marketing message will provide an appropriate opt-out.
  • To comply with tax, accounting, corporate, sanctions, law-enforcement and regulatory requirements and to establish, exercise or defend legal claims. Legal basis: legal obligation and legitimate interests.
  • For any other purpose disclosed at collection, with consent where consent is the required legal basis.

Where we rely on legitimate interests, those interests include operating a secure enterprise service, supporting customers, preventing misuse, improving the Services and protecting VisionSoft, customers and users. You may object as described below.

6. Customer Data and SAP Business One content

B1Go is designed for business use and may process data belonging to the customer, its personnel, suppliers, customers or other individuals ("Customer Data"). VisionSoft does not determine the customer’s business purposes for that data. Customer administrators control users, device access, SAP credentials, settings, authorizations, workflows and much of the content submitted to the Services.

We process Customer Data only to provide, secure, support and maintain the Services; follow documented customer instructions; comply with law; or protect the Services and users. We do not sell Customer Data or use it for third-party advertising.

7. Cookies, local storage and similar technologies

The Portal uses strictly necessary cookies and browser storage to maintain authentication, security, language and interface preferences and to operate interactive sessions. These technologies are necessary to provide a service requested by the user and cannot always be disabled without preventing login or normal operation.

When Cloudflare Turnstile is enabled, Cloudflare may process technical data needed to distinguish legitimate users from abusive traffic under Cloudflare’s own privacy terms. If Turnstile is not configured, B1Go uses its built-in security check.

At the effective date, B1Go does not intentionally use advertising cookies. If we introduce non-essential analytics or advertising technologies, we will provide the information and consent controls required by applicable law.

8. Recipients and service providers

We disclose personal data only as reasonably necessary and subject to appropriate contractual, confidentiality and security safeguards. Recipients may include:

  • VisionSoft personnel, contractors and professional advisers who need access for their duties.
  • Hosting, infrastructure, backup, cybersecurity, monitoring and database providers.
  • Microsoft and Google for optional SSO and, where configured, Microsoft-based email delivery.
  • Google Firebase for push-notification delivery.
  • Cloudflare for Turnstile security verification when enabled.
  • Email and SMS delivery providers configured by VisionSoft or the customer.
  • OpenAI or another configured AI provider only when an authorized administrator invokes AI-assisted help authoring; users should exclude confidential or personal data that is not needed.
  • SAP Business One systems, customer-controlled infrastructure and other integrations selected by the customer.
  • Courts, regulators, law-enforcement bodies, tax authorities or other recipients where disclosure is legally required or necessary to protect rights and safety.
  • A buyer, investor or successor in a merger, financing, reorganization or sale, subject to confidentiality and applicable law.

Third-party services remain governed by their own terms and privacy notices.

9. International data transfers

Some providers or support resources may process data outside Cyprus or the European Economic Area. Where EU/EEA personal data is transferred to a country without an adequacy decision, we use an approved transfer mechanism where required, such as the European Commission’s Standard Contractual Clauses, together with supplementary safeguards where appropriate. Information about relevant safeguards may be requested using the contact details below, subject to protection of confidential and security-sensitive information.

10. Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, including the duration of the customer relationship, account administration, support, security, backup recovery, dispute handling and legal, tax or accounting obligations.

Retention depends on the type of data, customer instructions, the sensitivity and volume of data, security needs, limitation periods and statutory obligations. Account, licence, invoice and contractual records may be retained after termination where required by law. Security and audit logs are retained for a period proportionate to incident detection and investigation. Failed transaction payloads and support material should be removed or anonymized when no longer required for recovery or support.

Deletion from active systems may not immediately remove data from protected backups; backup copies are isolated, access-controlled and overwritten according to the applicable backup cycle.

11. Security

We use technical and organizational measures designed to protect personal data, including role-based access, authentication controls, encryption of selected credentials and secrets, transport encryption, audit logging, tenant separation, backups, security monitoring and controlled administrative access.

No system is completely secure. Customers and users must protect credentials and devices, configure SAP and network access appropriately, apply updates, restrict administrators, review logs and notify us promptly of suspected compromise. Do not send passwords or secrets through ordinary email unless an approved secure method is used.

12. Your data-protection rights

Subject to the GDPR and applicable law, individuals may have the right to request access, correction, deletion, restriction, portability and information about processing; to object to processing based on legitimate interests or direct marketing; and to withdraw consent at any time without affecting earlier lawful processing.

Where VisionSoft acts as processor, requests concerning Customer Data should normally be directed to the relevant customer, employer or organization as controller. We will assist the controller as required by law and contract. We may need to verify identity and authority before acting, and legal exceptions may apply.

13. Automated decision-making and children

B1Go does not intentionally make decisions based solely on automated processing that produce legal or similarly significant effects on individuals. Security systems may automatically block or challenge suspicious access, but authorized administrators can review account and access issues.

The Services are intended for business users who are at least 18 years old or otherwise legally capable of entering the relevant agreement. They are not directed to children. Customers must not knowingly create accounts for children or submit children’s data unless expressly agreed and lawful.

14. Personal-data incidents

If we become aware of a personal-data breach affecting data for which we act as processor, we will notify the relevant customer without undue delay after becoming aware, provide available information reasonably needed for the customer’s obligations and take appropriate mitigation measures. Controller notifications to individuals or authorities remain the controller’s responsibility unless the parties agree otherwise or law requires VisionSoft to notify directly.

15. Questions, requests and complaints

Contact us at info@visionsoft.com.cy, by telephone at +357 25 001138, or by post at 12 Stisichorou Street, Eleni Court, Floor 1, Office 101, 4156 Kato Polemidia, Limassol, Cyprus. Please state that the request concerns B1Go privacy and provide enough information for us to identify the relevant account and processing activity.

You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus or another competent supervisory authority, particularly in the EEA country where you live or work or where an alleged infringement occurred. We encourage you to contact us first so we can investigate and respond.

16. Changes to this Policy

We may update this Policy to reflect legal, technical or service changes. The updated version will show a new effective date and version number. Material changes will be communicated through the Portal, the application, email or another reasonable channel before they take effect where required. Previous versions may be retained for audit and contractual reference.

© 2026 E.F VISIONSOFT LTD. All rights reserved.
Privacy Policy Terms / EULA Contact