Privacy Policy
Last updated 1 July 2026
This Privacy Policy explains how [Registered Entity Name], a company registered in the Republic of Cyprus (reg. no. [•]), registered office [•] (“BIGR Agency”, “we”, “us”) collects, uses, shares and protects personal data when you use our website and services. BIGR Agency is the data controller for the personal data described here. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Cyprus Law 125(I)/2018.
Who we are & how to contact us
For any privacy question, or to exercise your rights, contact us at email us.
The personal data we collect
- Account & contact data — name, email, phone, and the details you add to your profile.
- Identity & age verification data — government ID details, date of birth, and a biometric facial check, processed through our verification provider (see below).
- Agreement data — the contracts you sign, the consents you give, and a signing audit trail (timestamp, IP address, device).
- Billing data — invoicing and payment information, processed through Stripe.
- Usage data — how you interact with our website and dashboard.
Identity & age verification (Didit)
To meet our legal obligations and to confirm that everyone we represent is at least 18 years old, we verify identity and age using Didit (Didit Identity Spain, S.L.), a third-party identity verification provider acting as our processor. During verification you provide a government-issued identity document and a selfie. Didit reads your name, date of birth and document details, and performs a biometric liveness / face-match check to confirm the document belongs to you.
We receive only the verification result together with your name and date of birth. The identity document images and biometric data are processed and stored by Didit, not by BIGR Agency. Didit operates EU-based infrastructure and is certified to SOC 2 Type II and ISO 27001. The biometric facial check is special-category data, and we carry it out on the basis of your explicit consent, which you may withdraw (though we may then be unable to represent you).
Why we use your data (lawful bases)
- Legal obligation — age and identity verification, tax and record-keeping.
- Performance of a contract — providing our management services to you.
- Legitimate interests — securing our platform and preventing fraud.
- Explicit consent — the biometric identity check, and any consents captured at signing.
Who we share it with
We share personal data only with processors that help us deliver the service: Didit (identity verification), Stripe (billing), and our hosting and email providers. Each acts on our instructions under a data processing agreement. We do not sell your personal data.
International transfers & storage
We aim to keep personal data within the European Economic Area. Where a provider processes data outside the EEA, we rely on an adequacy decision or the EU Standard Contractual Clauses to protect it.
How long we keep it
We keep personal data for as long as we provide services to you and for as long afterwards as we are required to for legal, tax and regulatory purposes, after which it is deleted or anonymised.
Your rights
Under the GDPR you have the right to access, rectify, erase, restrict or object to the processing of your personal data, to data portability, and to withdraw consent. To exercise any of these, contact email us. You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus.
Changes to this policy
We may update this policy from time to time. The date at the top shows when it was last revised.