Privacy Policy

As part of its activity, the company BFIRST Oü, with its head office located at Sepapaja 6 – 15551 Tallin in Estonia, collects and processes information, some of which is qualified as “personal data”. BFIRST Oü attaches great importance to respect for privacy, and only uses data in a responsible and confidential manner and for a specific purpose.

Personal data

On the website, there are 2 types of data that may be collected:

  • Data transmitted directly

These data are those that you send us directly, via a contact form, an order or by direct contact by email.
Are mandatory :

  • in the contact form, the fields “Your name”, “Your e-mail address”, “Subject” and “Your message”;
  • in the order form the fields “First name”, “Last name”, “Country”, “Postal code”, “Telephone”, “City” and “E-mail address”.

During your visits, once your consent has been given (by clicking on the “I accept” button on the banner informing of the presence of cookies or by continuing to browse the site after the appearance of this banner), we may collect information. “web analytics” type information relating to your browsing, the duration of your consultation, your IP address, your browser type and version. The technology used is the cookie.

Use of data

The data you send us directly is used for the purpose of re-contacting you and / or as part of the request you make to us. Thus, the data collected in the order form are necessary for the proper execution of our service and its invoicing. “Web analytics” data are collected anonymously (by recording anonymous IP addresses) by Google Analytics, and allow us to measure the audience of our website, visits and any errors in order to constantly improve the experience. users. These data are used by BFIRST Oü, data controller, and will never be transferred to a third party or used for purposes other than those detailed above.

Legal basis

Personal data is only collected after mandatory user consent. This consent is validly collected (buttons and checkboxes), free, clear and unequivocal.
The collection of your personal data is essential for the conclusion of a license agreement for the use of our plug-in or our API as well as for the fulfillment of contractual obligations and services. If you do not provide us with the information requested when finalizing the order, neither the conclusion of a contract nor other contractual services will be possible.
Insofar as we have obtained your consent for the processing of personal data, Article 6 (1) (1) (1) A GDPR applies as the legal basis.
As long as the processing of personal data is necessary for the performance of the license agreement for our plug-in and / or our API, Article 6 (1) (1b) GDPR applies as the legal basis.

The duration of the conversation

All personal data that we collect during your visit, through the use of cookies, will be automatically deleted as soon as the purpose of their disclosure is achieved. Session data is saved until the session ends (when leaving or closing the website).


Here is the list of cookies used and their purpose:

  • cookie_notice_accepted: Allows you to remember the fact that you accept cookies so as not to bother you during your next visit. (Expiration 1 year)
  • PHPSESSID: Session data (Expires when you leave the session)
  • _ga: Google Analytics cookie to measure site traffic and audience (2-year expiration)
  • _gid: Google Analytics cookie to measure site traffic and audience (24 hour expiration)
  • paddlejs_checkout_variant: Cookie installed by our payment provider Paddle (Expiration 3 months)

Your rights regarding personal data

You have the right to consult, modify or delete all of your personal data. You can also withdraw your consent to the processing of your data by contacting us:

  • by mail: contact [at]
  • by the contact form: click here


You can contact the Commission Nationale Informatique et Libertés (CNIL) at any time and file a complaint by writing to CNIL – 3 place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, or directly online:

  • in the event of a failure to respond following a request for access, rectification or deletion of your data;
  • in the event of a clear breach of personal data protection rules by the responsible of the website.