Privacy policy
Principles BPS applies to protect customer personal data.
BPS respects customer privacy and complies with Vietnam Decree 13/2023/ND-CP on personal data protection. This policy describes how BPS collects, uses, stores and protects your data when you visit bps.com.vn or interact with BPS via Zalo.
1. Data we collect
- Identity: full name, phone, email, shipping address (province / district / ward / street).
- Order data: products purchased, payment method, order notes, transaction history.
- Account data: password is hashed with bcrypt — BPS never sees the plaintext.
- Chat data: messages you send to our Zalo OA are stored for customer care and AI training.
- Technical data: NextAuth session cookies, IP address, user agent, access logs kept for 30 days.
2. Purpose of use
- Order processing, delivery and after-sales support.
- Order confirmation, payment and delivery status notifications.
- Personalised consultation via AI assistant and our care team.
- Sending product news / promotions (only if you subscribe; you can unsubscribe anytime).
- Internal analytics to improve product and site experience.
3. Sharing with third parties
BPS does not sell or rent customer data. Data is shared only in limited cases:
- Logistics partners (GHTK, GHN, Viettel Post, J&T...): name, phone, address — for delivery.
- Payment gateway VideoSaaS (VIETQR): amount and order code — for transaction confirmation.
- AI providers (Google Gemini, Groq): conversation content with unnecessary identifiers removed.
- Government authorities upon valid written request.
4. Storage & security
- Stored on PostgreSQL hosted on a firewalled VPS, access restricted via SHA-256 hashed tokens.
- Passwords hashed with bcrypt; uploads stored separately and served via cache URLs.
- Periodic backups; encrypted in transit via HTTPS / TLS 1.2+.
- Retention: order data up to 5 years per accounting law; access logs 30 days; Zalo chats 12 months.
5. Customer rights
- Right to access and edit personal info via the Account page.
- Right to request deletion (except data legally required to retain).
- Right to withdraw consent for marketing communications at any time.
- Right to lodge a complaint with BPS or competent authorities for misuse.
6. Cookies & tracking
The site uses NextAuth session cookies, next-intl locale cookies and cart cookies. No third-party advertising cookies. You may block cookies in your browser, but some features (login, cart) may stop working.
7. Privacy contact
For any data request, email anhsang.nkbm@gmail.com or call 0909 958 737. BPS will respond within 7 business days.