Header Portal

Privacy Policy

Your privacy matters to us. Learn how Bombyx collects, uses, and protects your data.
Last Updated: June 29, 2026

1. Introduction

Bombyx LLC (“Bombyx”, “we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform available at bom-byx.com.

This Policy applies to all users of the Platform, including both business customers (B2B) and individual users (B2C), and is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Data Controller Information

The data controller responsible for your personal data is:

Bombyx LLC
New Mexico, United States
Email: contact@bom-byx.com

For privacy-specific inquiries, including requests to exercise your rights, please contact us at contact@bom-byx.com.

3. Data We Collect

We collect the following categories of personal data:

  • Account & Identity Data: Name, email address, username, password (hashed), job title, organization name.
  • Contact Data: Email address, phone number, business address.
  • Usage Data: Log data, IP addresses, browser type, device identifiers, pages visited, features used, session duration, and clickstream data.
  • Logistics & Operational Data: Shipment details, route data, asset tracking information, capacity records, and operational workflows you input into the Platform.
  • Communications Data: Messages, support tickets, and correspondence with our team.
  • Payment Data: Billing address and payment method details. Note: card numbers and banking data are processed directly by Stripe and are not stored on Bombyx servers.
  • Technical Data: API keys, integration configurations, and system logs.

We do not knowingly collect data from children under the age of 16.

4. How We Collect Data

We collect data through:

  • Direct interactions: When you register, complete forms, use the Platform, or contact us;
  • Automated technologies: Cookies, web beacons, and similar tracking technologies;
  • Third-party integrations: When you connect third-party tools or services to the Platform;
  • Public sources: Publicly available business information.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data on the following legal bases:

  • Contract performance: To provide and manage your account and the Services;
  • Legitimate interests: To improve the Platform, ensure security, and communicate product updates;
  • Legal obligation: To comply with applicable laws and regulations;
  • Consent: For marketing communications and non-essential cookies (which you can withdraw at any time).

6. How We Use Your Data

We use your personal data to:

  • Create, manage, and secure your Account;
  • Provide, operate, maintain, and improve the Platform and Services;
  • Process payments and manage billing;
  • Respond to support requests and communications;
  • Send transactional and service-related communications;
  • Send marketing communications where you have consented or where permitted by law;
  • Analyse usage patterns to improve platform performance and user experience;
  • Detect, prevent, and address fraud, abuse, and security incidents;
  • Comply with our legal obligations.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

  • Service providers and processors: Stripe (payment processing), cloud hosting providers, analytics tools, and customer support platforms — bound by data processing agreements;
  • Business partners: With your explicit consent for integration purposes;
  • Legal authorities: When required by law, court order, or to protect our rights;
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections in place.

We require all third parties to implement appropriate security measures and use your data only for specified purposes.

8. International Data Transfers

As a US-based company, your data may be transferred to and processed in the United States. For transfers of personal data from the EEA, UK, or Switzerland to the US, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions where applicable.

You may request a copy of the applicable transfer safeguards by contacting us.

9. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this Policy, or as required by law. Specifically:

  • Account data: Retained for the duration of your Account plus up to 3 years thereafter;
  • Transaction records: Retained for 7 years (tax and legal compliance);
  • Usage logs: Retained for up to 12 months;
  • Support communications: Retained for 3 years.

Upon Account deletion, we will delete or anonymise your personal data within 90 days, unless we are legally required to retain it.

10. Your Privacy Rights

Right to Access
Request a copy of the personal data we hold about you.

Right to Rectification
Request correction of inaccurate or incomplete data.

Right to Erasure
Request deletion of your data (“right to be forgotten”) where applicable.

Right to Portability
Receive your data in a structured, machine-readable format.

Right to Object
Object to processing based on legitimate interests or for direct marketing.

Right to Restriction
Request that we restrict processing in certain circumstances.



California residents (CCPA)
 also have the right to: know what personal information is collected; opt out of the sale of personal information (we do not sell data); and not be discriminated against for exercising privacy rights.

To exercise any of your rights, please contact us at contact@bom-byx.com. We will respond within 30 days (or as required by applicable law). You also have the right to lodge a complaint with your local data protection authority.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform. Categories include:

  • Strictly necessary: Essential for the Platform to function (no consent required);
  • Analytics: Help us understand usage patterns (opt-out available);
  • Marketing: Used for targeted advertising (requires consent).

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect Platform functionality.

12. Data Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
  • Access controls and role-based permissions;
  • Regular security assessments and monitoring;
  • Employee training on data protection.

Please refer to our Security Center page for more details. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.

13. Children’s Privacy

The Platform is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at contact@bom-byx.com.

14. Third-Party Links and Integrations

The Platform may link to or integrate with third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the Platform.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated Policy on the Platform with a revised “Last Updated” date. For significant changes, we may provide additional notice (e.g., email). Your continued use of the Platform after such changes constitutes acceptance.