1. Introduction
Bayleaf (“Bayleaf,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and integrity of personal information entrusted to us. We recognize the importance of transparency and accountability in how data is handled and processed.
This Privacy Policy describes how Bayleaf collects, uses, discloses, and safeguards personal information in connection with its website (https://www.bayleaf.com), its development services, its hosting and managed services, and its service status portal located at https://status.bayleaf.com.
By accessing or using our services, you acknowledge that your information will be handled in accordance with this Privacy Policy.
2. Scope and Application
This Privacy Policy applies to individuals who interact with Bayleaf in a business or professional capacity, including website visitors, prospective clients, current clients, and authorized users of systems operated or managed by Bayleaf.
This Policy applies specifically to information collected through Bayleaf-controlled systems and services. It does not extend to third-party platforms or services that are not under Bayleaf’s control, even where such platforms are used in connection with service delivery. Users are encouraged to review the privacy practices of those third parties independently.
3. Information We Collect
Bayleaf collects only the information necessary to operate effectively and deliver high-quality services.
We may collect personal information provided directly by individuals, including names, business contact information, organizational details, and communications submitted through our website or other channels.
In the course of delivering development services, Bayleaf utilizes industry-standard collaboration and project management tools, including Atlassian Jira and Atlassian Confluence. Through these platforms, we may process user account details, project-related information, issue tracking records, documentation content, and associated activity logs. This information is used exclusively to support client engagements and to facilitate collaboration and service delivery.
For clients receiving hosting and managed services, Bayleaf may process operational data necessary to maintain and support client systems. This includes account credentials, authentication-related information, incident and service request records, monitoring and alerting data, system availability metrics, and audit logs relating to system access and usage.
Bayleaf also provides a service status portal at https://status.bayleaf.com. This portal presents high-level information regarding system availability, incidents, and planned maintenance. The information published to the portal is intentionally limited in scope to avoid disclosure of sensitive system architecture or security details.
In addition, Bayleaf collects certain technical data automatically when users interact with its website or systems. This may include IP addresses, browser and device information, and usage patterns. Such information supports system operation, performance monitoring, and security.
Bayleaf uses only essential cookies required for authentication, session management, and site security. We do not use cookies for advertising or behavioral tracking purposes.
4. Use of Information
Bayleaf uses personal and operational data solely for legitimate business purposes. These include delivering services to clients, managing and supporting projects, maintaining system reliability and performance, ensuring security, responding to inquiries, and meeting legal and contractual obligations.
Information processed through Atlassian tools is used to plan, execute, and document development work, track service requests, and maintain a record of project and operational activities.
We do not engage in the sale, rental, or commercialization of personal information, nor do we use such information for advertising or profiling activities.
5. Legal Basis for Processing
Where applicable under laws such as the General Data Protection Regulation (GDPR), Bayleaf processes personal data on recognized legal grounds.
Processing is undertaken where necessary for the performance of contractual obligations, including delivering services and providing access to client systems and tools. Processing may also be based on Bayleaf’s legitimate interests in maintaining secure, reliable, and effective operations, provided those interests are not overridden by individual rights.
In certain circumstances, processing may be required to comply with legal obligations or may be based on consent where individuals voluntarily provide information. Where consent is relied upon, individuals may withdraw that consent at any time.
6. Disclosure of Information
Bayleaf maintains strict controls over the disclosure of personal data. We do not sell personal information under any circumstances.
Information may be shared with trusted service providers that support our operations, including cloud infrastructure providers and Atlassian Corporation Plc, which provides the Jira and Confluence platforms used in service delivery. These providers process data on our behalf and are contractually required to maintain appropriate data protection and security standards.
Information may also be disclosed where required by law, regulation, or legal process, or where necessary to protect the rights, property, or security of Bayleaf, its clients, or others.
7. Data Processing Roles and Commitments
Depending on the context, Bayleaf may act either as a data controller or as a data processor.
Bayleaf acts as a data controller in relation to website interactions and general business contact information. In the context of client services, Bayleaf typically acts as a data processor, handling data on behalf of its clients in accordance with their instructions.
When acting as a data processor, Bayleaf is committed to processing data only as directed by the client, maintaining strict confidentiality, implementing appropriate technical and organizational safeguards, and supporting clients in fulfilling their data protection obligations.
Bayleaf may engage subprocessors where necessary to deliver services. All subprocessors are subject to appropriate contractual obligations to ensure compliance with applicable data protection standards. A Data Processing Agreement is available upon request.
8. Security
Bayleaf implements a comprehensive set of technical and organizational measures designed to protect information against unauthorized access, disclosure, alteration, or destruction.
These measures include secure transmission protocols, controlled authentication and access management, system monitoring and logging, vulnerability management processes, and regular system maintenance.
Access to systems, including Atlassian platforms, is restricted in accordance with role-based access principles. Permissions are reviewed periodically to ensure appropriate access levels.
The Bayleaf status portal is designed to provide transparent visibility into service availability while deliberately limiting exposure of sensitive or confidential system details. Information presented is controlled, high-level, and subject to internal review processes.
Despite these safeguards, no system can be completely secure. Bayleaf continuously works to improve its security posture and respond to emerging risks.
9. Data Retention
Bayleaf retains personal and operational data only for as long as necessary to fulfill the purposes for which it was collected, including service delivery, operational continuity, legal compliance, and dispute resolution.
Retention periods may vary depending on contractual requirements, business needs, and applicable laws. Upon termination of services, data may be retained for a limited period for legitimate business or legal purposes, after which it is securely deleted or anonymized where appropriate.
10. Data Breach Notification
Bayleaf maintains incident detection and response procedures designed to identify and manage potential data security incidents.
In the event of a confirmed data breach affecting personal information, Bayleaf will promptly investigate and contain the incident, assess its impact, and notify affected clients without undue delay where required by law or contractual obligations. Bayleaf will also take appropriate corrective actions to mitigate the risk of recurrence.
11. International Data Transfers
Bayleaf operates primarily in Canada but may utilize service providers located in other jurisdictions. Where data is transferred outside the originating jurisdiction, Bayleaf implements appropriate safeguards to ensure that personal information remains protected in accordance with applicable legal standards.
12. Individual Rights
Subject to applicable law, individuals may have the right to request access to their personal information, request corrections, request deletion, or object to certain types of processing.
Requests may be submitted using the contact information provided below. Bayleaf will respond in accordance with applicable legal requirements.
13. Changes to This Policy
Bayleaf may update this Privacy Policy from time to time to reflect changes in legal requirements, business operations, or data protection practices. Updated versions will be published with a revised effective date.
