.png)
Welcome to our Privacy Policy, please make sure you read everything carefully.
If you still have any questions, please don't hesitate to reach out!
This Privacy Policy explains how BeyondRejection Limited (company number 77798816), operating beyondrejection.com ("we," "us," "our"), collects, uses, stores, and protects your personal data when you use our website, subscribe to our plans, or access our SaaS accountability app for creators. We are a Hong Kong Limited company committed to compliance with the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") and, for EU/EEA users, the General Data Protection Regulation ("GDPR").
BeyondRejection Limited, registered in Hong Kong (company number 77798816), is the data controller responsible for your personal data. Our registered address is available upon request via info@beyondrejection.com. Hong Kong's PDPO does not require a Data Protection Officer, but we maintain internal privacy management practices for compliance. For EU users, we process data lawfully under GDPR Article 6(1)(b) (contract performance) and Article 6(1)(c) (legal obligations). Non-EU companies targeting EU users may need an EU representative under GDPR Article 27 if processing is not occasional/low-risk; we monitor compliance and can provide details on request.
All data is stored in secure Supabase databases hosted in GDPR-compliant regions, meeting PDPO Data Protection Principle 4 (security) and GDPR adequacy standards where applicable. We do NOT sell your data.
We collect the following personal data when you subscribe to one of our plans and access the app:
This collection is necessary, fair, and limited under PDPO DPP1 and GDPR data minimisation principles. Progress logs and birthday enable core accountability features; no sensitive data (e.g., health, politics) is collected.
Your data supports these service-related purposes (PDPO DPP3, GDPR purpose limitation):
Optional phone use requires consent at signup. No unrelated marketing without opt-in.
Data is shared only with processors under data processing agreements (DPAs).
We share data with:
Stripe for payments and subscriptions (located in USA under EU-US Data Privacy Framework with DPA and adequacy safeguards); Supabase for database storage of all data including chats and post logs (EU/US compliant regions with encryption and DPA); Resend for service emails (USA with DPA and SCCs); WhatsApp (Meta) for optional notifications (Ireland EU under Business API terms).
No sales to third parties. International transfers use Standard Contractual Clauses (SCCs) or adequacy mechanisms per PDPO DPP3 and GDPR Chapter V. Business owners access data solely for service delivery with role-based controls.
Data is retained for the subscription term (up to 1 year), then securely erased (PDPO DPP2, GDPR storage limitation). Post logs retained for progress tracking during active support. Security includes AES-256 encryption, access controls, and audits per PDPO DPP4 and GDPR Article 32.
Under PDPO DPP6 and GDPR Chapters III/VIII:
Requests to info@beyondrejection.com receive response within 30 days (GDPR) or one month (PDPO).
Essential cookies enable functionality; no tracking. IP logged for security. Manage via browser.
Updates post here with "Last Updated" date. Continued use means acceptance.
Effective: December 25, 2025.
Contact: info@beyondrejection.com