Effective date: 2026-04-30 Version: 1.0.0
This Privacy Policy explains how BCAX LLC (“we”, “us”, “BCA”) collects, uses, shares, and protects personal data when you use bettercallaxel.com and app.bettercallaxel.com (the “Service”). It applies in addition to our Terms of Service and Cookie Policy.
If you do not agree with this policy, do not use the Service.
1. Who we are
BCA is a back-office service for individuals and businesses needing U.S. business formation (Wyoming and other state LLCs), tax filing, ITIN procurement, Bali real-estate brokerage, and related compliance work. The legal entity behind the Service is described in the Legal Entity section.
2. What data we collect
Categories of Personal Data We May Collect
| Category | Examples | Source |
|---|---|---|
| Identity & Contact | Name, email, phone, business name, role | You, when you sign up or contact us |
| Account & Authentication | Account ID, hashed password, OAuth tokens (Google, TikTok, Meta, where applicable), 2FA secrets | You; identity providers |
| Billing & Transaction | Billing address, last 4 digits of card, Stripe customer ID, invoice history | You; Stripe (we never store full card numbers) |
| Usage & Telemetry | IP address, browser/device, pages visited, feature interactions, referrer | Automatically, via cookies and server logs |
| Content You Provide | Files, messages, prompts, lists, listings, reviews you upload to the service | You |
| Communications | Support tickets, emails to/from us, chat transcripts | You and us |
| Cookies & Similar Tech | First-party session cookies, anti-CSRF tokens, optional analytics cookies | Your browser |
Categories of Sensitive Data
We do not intentionally collect sensitive personal data (health, biometrics, racial/ethnic origin, political opinions, religious beliefs, sexual orientation, precise geolocation) unless you voluntarily provide it in user-generated content. Where collected, processing is based on your explicit consent (Art. 9(2)(a) GDPR).
Children’s Data
Our services are not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.
In addition, because BCA performs regulated work on your behalf, we may also collect:
- Identity-verification documents — passport scan, government ID, proof of address — required for KYC/AML by our partner banks (Stripe, Mercury, Wise) and by IRS/state-of-Wyoming filings
- Tax-related data — Social Security Number (SSN) or ITIN, EIN, prior-year returns, dependents, financial figures — required to file IRS Form 1040, 1040-NR, SS-4, W-7, and state equivalents
- Real-estate transaction data — passport details of all parties, payment history, signed agreements — required for Bali notarial filings and KYC of counterparties
3. Why we collect it (legal bases)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the Service you signed up for | Performance of a contract — Art. 6(1)(b) |
| Verify your identity for KYC/AML | Legal obligation — Art. 6(1)(c) |
| File regulated documents (taxes, formations) on your behalf | Performance of a contract + legal obligation |
| Process payments via Stripe | Performance of a contract |
| Send service-related emails (status updates, signing requests) | Legitimate interest — Art. 6(1)(f) |
| Send marketing emails (only if you opt in) | Consent — Art. 6(1)(a) |
| Detect fraud, abuse, and security incidents | Legitimate interest |
| Improve, secure, train, and develop the Service using de-identified aggregate data | Legitimate interest |
| Defend ourselves in actual or threatened legal claims, audits, or regulatory inquiries | Legitimate interest + legal obligation |
| Transfer to a successor in connection with a merger, sale, financing, or reorganization of BCAX LLC | Legitimate interest |
| Comply with court orders, IRS summons, regulatory requests | Legal obligation |
For sensitive data (e.g. SSN, ITIN), processing is based on explicit consent under GDPR Art. 9(2)(a), or where applicable, the substantial-public-interest exception under Art. 9(2)(g) for tax compliance.
4. Who we share it with
We share the minimum necessary data with:
- Stripe, Inc. (United States) — payments processing. Stripe Privacy Policy
- Mercury / Choice Financial Group — business banking, when you open an account through us
- Wise — international transfers
- DocuSeal (self-hosted, Hostinger VPS in Frankfurt) — e-signatures
- Resend / Sinch — transactional email and fax delivery
- Supabase, Inc. (United States, hosted on AWS) — database and storage
- Hostinger / Contabo — VPS hosting
- Google Workspace — email infrastructure for
@bettercallaxel.comaddresses - U.S. Internal Revenue Service, state Secretaries of State, Indonesian notaries — for documents we file on your behalf
- Our professional advisors — accountants, attorneys, tax preparers — under written confidentiality
- Successors in interest — in the event of a merger, acquisition, sale of all or substantially all of our assets, financing, reorganization, bankruptcy, or any similar transaction involving BCAX LLC, your data may transfer to the successor as a regular business asset; we will use commercially reasonable efforts to give notice but are not liable for failure to do so
We do not sell your personal data for monetary consideration. We do not share your data with advertising networks, third-party analytics, or data brokers. We may use de-identified, aggregated data (data that no longer identifies any natural person, alone or in combination) for any lawful purpose, including improving and training the Service — such data is no longer “personal data” under GDPR Recital 26 or “personal information” under CCPA §1798.140(v).
5. International transfers
BCAX LLC is established in the United States. Data is processed in the U.S., the European Union (Hostinger Frankfurt, Resend Ireland), and Indonesia (real-estate-related). For transfers from the EEA/UK to the U.S. and Indonesia, we rely on:
- the European Commission’s Standard Contractual Clauses (SCCs, 2021/914) where required;
- your explicit informed consent under GDPR Art. 49(1)(a) for transfers to Indonesia (which lacks an adequacy decision); and
- the EU–U.S. Data Privacy Framework, where the recipient is certified.
A copy of the SCCs we rely on is available on request to [email protected].
6. Retention
See our Data Retention Policy for category-by-category retention periods. In summary:
- Tax records — 7 years (IRS audit window, IRC §6501)
- KYC documents — 5 years after end of customer relationship (FinCEN BSA)
- Real-estate transaction data — 20 years (Indonesian notarial requirement)
- Account / billing — for the life of the account + 6 years (statute of limitations)
- Marketing — until you unsubscribe
- Anonymized analytics — indefinitely
7. Security
We use TLS for all transit, encryption at rest for backups, role-based access for staff, audit logs, multi-factor authentication, and least-privilege Supabase Row-Level-Security on every table. No transmission or storage system is 100% secure, and we disclaim any warranty of perfect security. You acknowledge that you provide personal data at your own risk. In the event of a personal-data breach that, in our reasonable assessment, is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority within 72 hours (GDPR Art. 33) and the affected individuals where required (Art. 34). Notification timing under U.S. state breach-notification laws is the timing required by the relevant law and not sooner.
8. Your rights
Your Rights
If you are in the European Economic Area, United Kingdom, or Switzerland (GDPR / UK-GDPR)
You have the right to:
- Access — request a copy of the personal data we hold about you (Art. 15 GDPR)
- Rectification — correct inaccurate or incomplete data (Art. 16)
- Erasure — request deletion of your data, also known as the “right to be forgotten” (Art. 17)
- Restriction — limit how we process your data while a dispute is resolved (Art. 18)
- Portability — receive your data in a structured, machine-readable format (Art. 20)
- Object — object to processing based on our legitimate interests, including direct marketing (Art. 21)
- Withdraw consent — at any time, where processing is based on consent (Art. 7(3))
- Lodge a complaint — with your local supervisory authority (a list is available at edpb.europa.eu)
To exercise any of these rights, email [email protected] with the subject line DSR Request. We may need to verify your identity before responding.
If you are a California resident (CCPA / CPRA)
You have the right to:
- Know what categories of personal information we have collected, the sources, the purposes, and any third parties with whom we share it
- Delete personal information we have collected from you (subject to certain exceptions)
- Correct inaccurate personal information
- Opt out of the “sale” or “sharing” of personal information (we do not sell your personal information)
- Limit use of sensitive personal information
- Non-discrimination — we will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right
We do not knowingly collect personal information from California consumers under 16 years of age.
To exercise these rights, email [email protected] or use the “Do Not Sell or Share My Personal Information” link in the site footer (where applicable).
If you are in another jurisdiction
We extend the substantive rights above to all users where reasonably possible, regardless of residence. Email [email protected] for assistance.
9. Automated decisions
We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on you. Internal LLM-based drafting (e.g. of escalation letters in Claims HQ) is reviewed by a human before any external action is taken.
10. Changes to this policy
When we make material changes, we will notify you by email (to the address on your account) at least 30 days in advance, and update the version and effective date at the top of this page. Your continued use after the effective date constitutes acceptance.
11. Legal Entity
Legal Entity
Better Call Axel is a service operated by:
BCAX LLC 30 N Gould St Ste R Sheridan, WY 82801 United States of America
Employer Identification Number (EIN): 42-2153191 State of formation: Wyoming, USA
This entity is the data controller and contracting party for all users of bettercallaxel.com.
Governing Law & Jurisdiction
These terms are governed by the laws of the State of Wyoming, United States, without regard to its conflict-of-laws principles. The exclusive forum for any dispute shall be the state and federal courts located in Sheridan County, Wyoming, except where applicable consumer-protection law of your country of residence grants you a non-waivable right to a local forum.
Contact
Legal & data-protection inquiries: [email protected]
For data-subject-rights requests (access, deletion, portability, objection), use the same email with subject line DSR Request. We respond within 30 days as required under GDPR Article 12 and within 45 days under California CCPA §1798.130.