Data protection for California

This page explains how Buronia Business frames data protection for California state and US federal business-processing context. It is written as a product and filing-workflow notice, not as a law-firm opinion or a substitute for counsel. The purpose is to make the operating model legible before a company enters a benefit funnel: what data is requested, why the market page exists, where official sources remain authoritative, and which legal topics still require counsel-reviewed production documents.

Buronia is private preparation software for grants, credits, vouchers, export support, innovation support, IP support, and energy-efficiency workflows. It collects structured company answers, shows calculators, explains source boundaries, and prepares evidence checklists so a business can decide whether a filing is worth deeper work. It does not approve eligibility, reserve funds, guarantee tax treatment, replace the official authority, or make final submission decisions for a company.

The business funnel can process legal company name, EIN, company size, sector, incorporation year, spend or project scenario, preferred filing language, work email, lead reference, browser metadata, and later evidence files when the company chooses to continue. The first page is intentionally lighter than an official application. It should capture enough information to route the user and block obvious placeholders, while avoiding early requests for payroll, bank, tax, IP, financial statement, or building evidence before the user has asked for a real filing pack.

California pages keep their own host, programme list, calculators, signup languages, registration sanity checks, and official-source links. For legal review, the relevant checklist is US federal, state, and programme-authority sources; state or national law can add rights, notices, retention duties, breach steps, tax rules, and sector duties. This matters because a generic global privacy page is not enough for a product that routes companies by country, state, language, and programme owner.

The public authority remains the source of record for eligibility, payment, audit, repayment, appeals, missing documents, official filing language, and final portal instructions. A qualified tax, legal, accounting, privacy, or grant advisor should review edge cases before submission, especially where the benefit affects payroll, corporation tax, state aid, procurement, regulated sectors, employment records, personal data, or cross-border transfer rules.

The product should keep company-benefit data limited to the filing workflow, avoid unnecessary sensitive data in the first signup step, log lead references, and request heavier financial, payroll, IP, export, or building evidence only after the user chooses the next filing pack. A sensible retention posture separates lightweight discovery leads from later evidence rooms, because the risk profile changes once documents, contracts, payroll extracts, tax schedules, or technical descriptions are uploaded.

A business lead should move through clear stages: anonymous page view, calculator scenario, short company check, recommendation, evidence request, official-source review, and, where appropriate, adviser or authority handoff. Each stage should collect only the information needed for that stage. The legal model is weaker when a product asks for every possible document at the first click, because the user has not yet confirmed programme fit or purpose.

Buronia's product record, an adviser's working file, and an authority's official submission file are separate contexts. Depending on the production arrangement, Buronia may act as a controller for its own lead workflow, a processor for an adviser or enterprise customer, or a preparation layer before a separate authority relationship begins. The public agency is not made responsible for Buronia's lead form, and Buronia is not made responsible for the agency's official records.

Business-benefit pages can become legally and operationally risky when they paraphrase rules without preserving the official source. The page should keep source links, agency names, amount rules, deadlines, and source-status labels close to the user decision. That practice helps support review, reduces misunderstandings, and gives counsel or an adviser a concrete record to inspect when a market page, programme page, calculator, or signup route is challenged.

A company contact should be able to ask for access, correction, deletion, export, or status information about the lead record where applicable. Buronia should separate product support requests from official authority requests because a government agency, tax office, commission portal, or state awardee may keep its own records after submission. The company may therefore need two different routes: one for Buronia's preparation record and one for the public authority's official file.

A production deployment may measure page views, calculator starts, signup completions, language selection, and programme interest. Those measurements should be separated from official eligibility statements and explained in the cookie or privacy layer where applicable. Analytics can improve the product, but it should not silently turn sensitive company-benefit details into broad advertising profiles or obscure the reason a company shared a funding scenario.

Some filings should involve accountants, tax advisers, lawyers, grant consultants, engineers, or sector specialists. The legal workflow should make it possible to involve a professional without confusing that adviser's judgement with Buronia's software output. A checklist can organize evidence, but a professional may still need to decide whether a cost category is eligible, whether a statement is supportable, or whether a claim belongs in a tax return or official portal.

When a company uses a prepared checklist for an official filing, the audit trail should preserve the programme reference, assumptions, source date, calculator scenario, user confirmations, and final documents used. This is practical rather than decorative. Public authorities can ask follow-up questions, request evidence, audit claims, or require repayment, so the company must be able to reconstruct what was submitted and why.

A market-indexed legal page is useful because California has its own business-benefit routes, source links, language expectations, registration labels, and authority boundaries. The legal baseline should travel with that market context instead of forcing every user back to a generic global notice. That does not make the page a full legal policy; it makes the product workflow easier to review before counsel finalises production terms.

The first company check and a later evidence room should be treated differently. A light lead can usually be handled with ordinary contact and routing safeguards, while an evidence room may contain payroll, financial statements, tax schedules, technical project descriptions, contracts, IP files, export records, or building data. Escalating to that stage should bring stricter access, retention, support, and deletion rules.

AI can help convert programme text into checklists, draft narrative prompts, identify missing evidence, and explain calculator assumptions. It should not make eligibility decisions, invent award amounts, submit official forms without review, or hide the source of an assumption. A production workflow should preserve human review, source links, and user confirmation before any authority-facing statement is used.

A complete production legal pack needs counsel-reviewed privacy policy, data-processing terms, cookie notice, processor/subprocessor list, retention schedule, incident response workflow, state or country addenda, accessibility review, support handling rules, and programme-specific disclaimers. This page is the market-indexed SEO and product baseline for that work: it explains the shape of the compliance problem without pretending that a generated business page is a final legal instrument.