Legal

Privacy Policy

Effective: July 5, 2026

1. What We Collect

We collect information you provide when creating an account (email, name), information generated by your use of the Platform (deployment configurations, usage metrics, audit logs, support tickets), and technical information (IP address, browser type, access timestamps).

2. How We Use Your Information

We use your information to operate and improve the Platform, send transactional emails (welcome, password reset, support receipts), enforce our Terms of Service and Acceptable Use Policy, detect and prevent fraud and abuse, and comply with legal obligations.

3. Data Storage

Your data is stored in a managed PostgreSQL database hosted on Microsoft Azure in the West US 2 region. Secrets (API keys, credentials) are encrypted at rest in Azure Key Vault. Backups are retained for 30 days.

4. Third-Party Services

We use the following third-party services to operate the Platform: Microsoft Azure (compute, storage, networking), Resend (transactional email), Stripe (payment processing — payment card data never touches our servers), and GoDaddy (domain registration infrastructure). Each sub-processor is governed by their own privacy policy.

5. Data Retention

We retain account data for as long as your account is active. After account deletion, most personal data is purged within 30 days; audit logs may be retained for up to 12 months for legal and security purposes. Usage metrics are aggregated and anonymised after 90 days.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing privacy@bricqsai.com. We will respond within 30 days. In some cases we may be unable to delete data required for legal compliance.

7. Cookies

We use session cookies to maintain your logged-in state. We do not use tracking cookies or third-party advertising cookies. You can clear cookies at any time via your browser settings.

8. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, short-lived JWT access tokens (15-minute TTL), refresh token revocation, and per-organisation access isolation. No security measure is 100% foolproof; in the event of a breach we will notify affected users within 72 hours.

9. Children

BRICQS is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us at privacy@bricqsai.com and we will delete the account.

10. Changes

We may update this Privacy Policy from time to time. We will notify you by email when material changes are made. The current effective date is always shown at the top of this page.

11. Contact

Privacy questions: privacy@bricqsai.com. BRICQS, hello@bricqsai.com.