Legal

Privacy Policy

How BrioSync collects, uses, stores and protects your data — and the rights you have over it.

Last updated: 27 May 2026 · Effective: 27 May 2026

Lawyer review note: This document is a baseline policy template tailored to BrioSync's data model. Before relying on it for compliance (GDPR, CCPA, India DPDP, etc.) please have it reviewed by qualified legal counsel in your operating jurisdiction.

1. Who we are

BrioSync ("we", "us", "our") provides a cloud-hosted services-team workspace at briosync.com and app.briosync.com. This policy explains how we handle information when you visit our website, sign up, or use BrioSync.

2. What we collect

2.1 Account & profile data

  • Name, email address, profile photo (if you upload one)
  • Company name and role inside your workspace
  • Authentication identifiers (Google account ID if you sign in with Google)

2.2 Workspace content

  • Projects, tickets, tasks, time logs, attachments, comments, and any other content you create inside BrioSync
  • Customer records you input (names, email, company)
  • Configuration data (rates, leave records, settings)

2.3 Technical data

  • IP address, browser type, device type, operating system
  • Usage logs (pages visited, features used, timestamps) for product analytics and abuse prevention
  • Cookies for session management and minimal analytics — see Cookies below

2.4 Billing data (where applicable)

  • Billing email, billing address
  • Payment is processed by our PCI-compliant payment partner; we do not store full card numbers

3. How we use your data

  • Operate the service: authenticate you, render your workspace, send transactional emails
  • Improve the product: aggregate usage analytics to understand which features are used and where users get stuck
  • Communicate with you: service announcements, security alerts, and (with your consent) product updates
  • Comply with legal obligations (tax, accounting, regulatory)

4. Data isolation between companies

BrioSync is multi-tenant. Every document is tagged with the owning company's ID and access is enforced at the database level using Firebase Security Rules. Other companies on the platform cannot read or write your data — not through the UI, not through URL manipulation, not through API access.

5. Who we share data with

We do not sell your data. We share it only with the limited sub-processors needed to run the service:

  • Google Cloud / Firebase — hosting, database, authentication, file storage
  • Payment processor — billing (you'll see the processor name on your receipt)
  • Email delivery service — transactional email (signup, password reset, notifications)
  • Error monitoring & product analytics — to detect bugs and understand usage

All sub-processors are bound by data processing agreements with confidentiality and security obligations.

6. Where data is stored

Data is stored on Google Cloud infrastructure. Default region is configurable on Enterprise plans; for Starter/Pro the region defaults to the closest available to your team. Cross-border transfers, where they occur, rely on Standard Contractual Clauses or equivalent legal mechanisms.

7. How long we keep data

  • Active workspaces: data is retained as long as the workspace is active
  • Cancelled workspaces: data is kept in read-only / export-only mode for 30 days, then permanently deleted
  • Backups: rolling 30-day backup retention
  • Billing records: retained as required by tax law (typically 7 years)

8. Your rights

Depending on your jurisdiction (GDPR, CCPA, India DPDP, etc.) you have rights that may include:

  • Access to the data we hold about you
  • Correction of inaccurate data
  • Deletion of your data ("right to be forgotten")
  • Portability — export of your data in a machine-readable format
  • Objection to certain processing
  • Withdrawal of consent

To exercise any of these, email us at hello@briosync.com. We will respond within 30 days.

9. Cookies

We use a minimal set of cookies:

  • Session cookies: to keep you logged in
  • Preference cookies: to remember UI preferences (theme, table sort order)
  • Analytics cookies: aggregate usage; you can disable in your browser at any time

We do not use cross-site advertising cookies.

10. Security

  • All traffic encrypted in transit (TLS 1.3)
  • Data encrypted at rest on Google Cloud infrastructure
  • Multi-tenant isolation enforced at the database level via security rules
  • Role-based access control inside each workspace
  • Audit log retained per plan tier
  • Annual security review on Enterprise plans

11. Children's privacy

BrioSync is not intended for children under 16 and we do not knowingly collect data from them.

12. Changes to this policy

If we make material changes, we will notify active workspace admins by email at least 30 days before the change takes effect. The "Last updated" date at the top of this page always reflects the latest version.

13. Contact

Questions about this policy: hello@briosync.com