Privacy Policy

Effective Date: [INSERT DATE]
Last Updated: February 2026

This Privacy Policy explains how Brikt LLC (“Brikt,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use the Brikt construction project management platform (the “Service”) and visit our websites at brikt.io and brikt.app.

We are committed to protecting your privacy and handling your data responsibly. This policy applies to all users of the Service, including account holders, authorized users, and website visitors.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account Information:

Name, email address, phone number
Company name, job title, company size
Billing address and payment information (processed by Stripe; we do not store full credit card numbers)

Project & Business Data:

Project information (names, budgets, timelines, addresses)
Purchase orders, invoices, and financial records
Material catalogs and pricing data
Crew assignments, daily logs, and labor records
Photos, documents, and files uploaded to the Service
Notes, comments, and communications within the Service

Communications:

Messages you send to us via email, chat, or support channels
Feedback, surveys, and feature requests

1.2 Information Collected Automatically

Usage Data:

Features used, pages visited, actions taken within the Service
Session duration, frequency of use, and interaction patterns
Device type, operating system, browser type, and version
IP address, approximate location (city/region level)

Log Data:

Server logs including access times, error logs, and referral URLs
API call logs for third-party integrations (e.g., Procore)

Cookies & Similar Technologies:

Session cookies (essential for authentication and functionality)
Analytics cookies (to understand how you use the Service)
We do NOT use advertising or tracking cookies
See Section 7 for our Cookie Policy

1.3 Information from Third Parties

Procore Integration: If you connect your Procore account, we receive project data, financial data, and other information you authorize through the Procore API.

Payment Processor: Stripe provides us with limited transaction data (last four digits of card, billing address, payment status). We never receive or store your full payment card details.

2. How We Use Your Information

2.1 Providing the Service

Operating, maintaining, and improving the Brikt platform
Processing your projects, budgets, purchase orders, and other construction data
Generating AI-powered insights, alerts, and recommendations
Facilitating third-party integrations (Procore, QuickBooks, etc.)
Providing customer support and responding to your requests

2.2 Billing & Account Management

Processing payments and managing subscriptions
Sending invoices, receipts, and billing notifications
Managing your account settings and preferences

2.3 Communication

Sending service-related notifications (e.g., project alerts, delivery updates)
Responding to your inquiries and support requests
Sending product updates, feature announcements, and tips (you may opt out)

2.4 Improvement & Analytics

Analyzing usage patterns to improve the Service
Developing new features and functionality
Conducting research using aggregated, anonymized data
Monitoring and improving Service performance, security, and reliability

2.5 Legal & Safety

Complying with legal obligations
Enforcing our Terms of Service
Protecting against fraud, abuse, and security threats
Responding to legal process (subpoenas, court orders)

We do not sell your personal information. We do not share your information with third parties for their marketing purposes.

3.1 Service Providers

We use trusted third-party service providers to help operate the Service:

Provider	Purpose	Data Shared
Stripe	Payment processing	Billing info, transaction data
Supabase	Database hosting & authentication	All Customer Data (encrypted at rest)
Vercel	Application hosting & delivery	Usage data, IP addresses
OpenAI / Anthropic	AI insights engine	Project data (anonymized where possible)
Resend	Email notifications	Email addresses, notification content
Sentry	Error monitoring	Technical logs, anonymized usage data

All service providers are contractually required to protect your data and use it only for the purposes we specify.

3.2 Third-Party Integrations

When you enable integrations (e.g., Procore), data flows between the Service and the third-party platform as you authorize. These integrations are governed by the third party’s own privacy policy.

3.3 With Your Consent

We may share your information with third parties when you explicitly direct us to do so (e.g., sharing a report with a client or subcontractor).

3.4 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, prevent fraud, or protect user safety.

3.5 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.

3.6 Aggregated & Anonymized Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you. This data may be used for industry benchmarking, research, and marketing purposes.

4. AI & Machine Learning

4.1 How We Use AI

The Service includes an AI intelligence engine that analyzes your project data to provide insights, alerts, and recommendations. This AI processing:

Operates on your Customer Data within our secure infrastructure
Does not share your identifiable project data with other customers
May use anonymized patterns across all customer data to improve the AI models
Is designed to assist, not replace, your professional judgment

4.2 AI Providers

We use third-party AI providers (currently OpenAI and/or Anthropic) to power certain features. When your data is sent to these providers:

It is transmitted securely (encrypted in transit)
We use API agreements that prohibit the AI provider from using your data to train their models
We minimize the data sent to only what is necessary for the specific feature
No personally identifiable information is sent when avoidable

4.3 Your Control

You may disable AI features through your account settings. Disabling AI will turn off proactive insights and recommendations but will not affect core project management functionality.

5. Data Security

5.1 Security Measures

We implement commercially reasonable technical and organizational measures to protect your information, including:

Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption
Encryption at rest: Customer Data stored in our database is encrypted at rest using AES-256 encryption
Access controls: Role-based access controls limit who can access your data
Authentication: Secure authentication with support for multi-factor authentication (MFA)
Infrastructure: Hosted on enterprise-grade cloud infrastructure with SOC 2 compliant providers
Monitoring: Continuous security monitoring and alerting for suspicious activity
Backups: Automated daily database backups with point-in-time recovery

5.2 Incident Response

In the event of a data breach that affects your personal information, we will:

Investigate and contain the breach promptly
Notify affected users within 72 hours of discovery, or as required by applicable law
Provide details about the breach and steps you can take to protect yourself
Report to relevant authorities as required by law

5.3 Your Responsibilities

You are responsible for:

Maintaining the security of your account credentials
Ensuring Authorized Users follow appropriate security practices
Promptly reporting any suspected unauthorized access

6. Data Retention

6.1 Active Accounts

We retain your Customer Data for as long as your account is active and as needed to provide the Service.

6.2 After Termination

Upon account termination or cancellation:

Your data remains accessible for 30 days to allow export
After the 30-day export period, Customer Data is permanently deleted from our active systems within 90 days
Backups containing your data are purged within 180 days of account termination
Certain data may be retained longer if required by law (e.g., billing records for tax purposes — typically 7 years)

6.3 Aggregated Data

Anonymized, aggregated data derived from your use of the Service may be retained indefinitely for analytics and improvement purposes.

7. Cookies & Tracking

7.1 Cookies We Use

Cookie Type	Purpose	Duration	Required?
Authentication	Keep you logged in securely	Session / 30 days	Yes (essential)
Preferences	Remember your settings and display preferences	1 year	Yes (functional)
Analytics	Understand how you use the Service	1 year	Optional

7.2 What We Don’t Do

❌ No advertising cookies or pixels
❌ No cross-site tracking
❌ No selling data to ad networks
❌ No Facebook Pixel, Google Ads tracking, or similar ad tech

7.3 Managing Cookies

You can manage cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8. Your Rights

8.1 All Users

Regardless of your location, you have the right to:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information
Export: Export your Customer Data through the Service at any time
Object: Object to processing of your data for certain purposes
Restrict: Request restriction of processing in certain circumstances
Withdraw Consent: Where processing is based on consent, withdraw at any time

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Categories and specific pieces of personal information collected
Right to Delete: Request deletion of personal information
Right to Opt-Out of Sale: We do not sell personal information, so this right is already satisfied
Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information: Request limits on how we use sensitive personal information

To exercise your rights, contact us at privacy@brikt.io or use the controls in your account settings.

8.3 European Economic Area (EEA) Residents

If you are located in the EEA, we process your data under the following legal bases:

Performance of a contract: Providing the Service you signed up for
Legitimate interests: Improving the Service, preventing fraud, sending product updates
Consent: Marketing communications (opt-in), optional analytics cookies
Legal obligation: Tax and legal record-keeping

You have the right to lodge a complaint with your local data protection authority.

9. Children’s Privacy

The Service is designed for business use by construction professionals. We do not knowingly collect personal information from children under 16. If we become aware that we have collected information from a child under 16, we will promptly delete that information.

10. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For EEA and UK users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to facilitate lawful data transfers.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a revised “Last Updated” date, sending an email notification, and displaying a notice within the Service. We will provide at least 30 days’ notice before material changes take effect.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Brikt LLC
Email: privacy@brikt.io
General: john@brikt.io
Website: https://brikt.io

For data protection inquiries, please include “Privacy Request” in the subject line and specify the nature of your request.

This Privacy Policy is effective as of the date listed above and applies to all users of the Brikt platform.

Privacy Policy

Effective Date: [INSERT DATE]
Last Updated: February 2026

We are committed to protecting your privacy and handling your data responsibly. This policy applies to all users of the Service, including account holders, authorized users, and website visitors.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account Information:

Name, email address, phone number
Company name, job title, company size
Billing address and payment information (processed by Stripe; we do not store full credit card numbers)

Project & Business Data:

Project information (names, budgets, timelines, addresses)
Purchase orders, invoices, and financial records
Material catalogs and pricing data
Crew assignments, daily logs, and labor records
Photos, documents, and files uploaded to the Service
Notes, comments, and communications within the Service

Communications:

Messages you send to us via email, chat, or support channels
Feedback, surveys, and feature requests

1.2 Information Collected Automatically

Usage Data:

Features used, pages visited, actions taken within the Service
Session duration, frequency of use, and interaction patterns
Device type, operating system, browser type, and version
IP address, approximate location (city/region level)

Log Data:

Server logs including access times, error logs, and referral URLs
API call logs for third-party integrations (e.g., Procore)

Cookies & Similar Technologies:

Session cookies (essential for authentication and functionality)
Analytics cookies (to understand how you use the Service)
We do NOT use advertising or tracking cookies
See Section 7 for our Cookie Policy

1.3 Information from Third Parties

Procore Integration: If you connect your Procore account, we receive project data, financial data, and other information you authorize through the Procore API.

Payment Processor: Stripe provides us with limited transaction data (last four digits of card, billing address, payment status). We never receive or store your full payment card details.

2. How We Use Your Information

2.1 Providing the Service

Operating, maintaining, and improving the Brikt platform
Processing your projects, budgets, purchase orders, and other construction data
Generating AI-powered insights, alerts, and recommendations
Facilitating third-party integrations (Procore, QuickBooks, etc.)
Providing customer support and responding to your requests

2.2 Billing & Account Management

Processing payments and managing subscriptions
Sending invoices, receipts, and billing notifications
Managing your account settings and preferences

2.3 Communication

Sending service-related notifications (e.g., project alerts, delivery updates)
Responding to your inquiries and support requests
Sending product updates, feature announcements, and tips (you may opt out)

2.4 Improvement & Analytics

Analyzing usage patterns to improve the Service
Developing new features and functionality
Conducting research using aggregated, anonymized data
Monitoring and improving Service performance, security, and reliability

2.5 Legal & Safety

Complying with legal obligations
Enforcing our Terms of Service
Protecting against fraud, abuse, and security threats
Responding to legal process (subpoenas, court orders)

We do not sell your personal information. We do not share your information with third parties for their marketing purposes.

3.1 Service Providers

We use trusted third-party service providers to help operate the Service:

Provider	Purpose	Data Shared
Stripe	Payment processing	Billing info, transaction data
Supabase	Database hosting & authentication	All Customer Data (encrypted at rest)
Vercel	Application hosting & delivery	Usage data, IP addresses
OpenAI / Anthropic	AI insights engine	Project data (anonymized where possible)
Resend	Email notifications	Email addresses, notification content
Sentry	Error monitoring	Technical logs, anonymized usage data

All service providers are contractually required to protect your data and use it only for the purposes we specify.

3.2 Third-Party Integrations

When you enable integrations (e.g., Procore), data flows between the Service and the third-party platform as you authorize. These integrations are governed by the third party’s own privacy policy.

3.3 With Your Consent

We may share your information with third parties when you explicitly direct us to do so (e.g., sharing a report with a client or subcontractor).

3.4 Legal Requirements

3.5 Business Transfers

3.6 Aggregated & Anonymized Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you. This data may be used for industry benchmarking, research, and marketing purposes.

4. AI & Machine Learning

4.1 How We Use AI

The Service includes an AI intelligence engine that analyzes your project data to provide insights, alerts, and recommendations. This AI processing:

Operates on your Customer Data within our secure infrastructure
Does not share your identifiable project data with other customers
May use anonymized patterns across all customer data to improve the AI models
Is designed to assist, not replace, your professional judgment

4.2 AI Providers

We use third-party AI providers (currently OpenAI and/or Anthropic) to power certain features. When your data is sent to these providers:

It is transmitted securely (encrypted in transit)
We use API agreements that prohibit the AI provider from using your data to train their models
We minimize the data sent to only what is necessary for the specific feature
No personally identifiable information is sent when avoidable

4.3 Your Control

You may disable AI features through your account settings. Disabling AI will turn off proactive insights and recommendations but will not affect core project management functionality.

5. Data Security

5.1 Security Measures

We implement commercially reasonable technical and organizational measures to protect your information, including:

Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption
Encryption at rest: Customer Data stored in our database is encrypted at rest using AES-256 encryption
Access controls: Role-based access controls limit who can access your data
Authentication: Secure authentication with support for multi-factor authentication (MFA)
Infrastructure: Hosted on enterprise-grade cloud infrastructure with SOC 2 compliant providers
Monitoring: Continuous security monitoring and alerting for suspicious activity
Backups: Automated daily database backups with point-in-time recovery

5.2 Incident Response

In the event of a data breach that affects your personal information, we will:

Investigate and contain the breach promptly
Notify affected users within 72 hours of discovery, or as required by applicable law
Provide details about the breach and steps you can take to protect yourself
Report to relevant authorities as required by law

5.3 Your Responsibilities

You are responsible for:

Maintaining the security of your account credentials
Ensuring Authorized Users follow appropriate security practices
Promptly reporting any suspected unauthorized access

6. Data Retention

6.1 Active Accounts

We retain your Customer Data for as long as your account is active and as needed to provide the Service.

6.2 After Termination

Upon account termination or cancellation:

Your data remains accessible for 30 days to allow export
After the 30-day export period, Customer Data is permanently deleted from our active systems within 90 days
Backups containing your data are purged within 180 days of account termination
Certain data may be retained longer if required by law (e.g., billing records for tax purposes — typically 7 years)

6.3 Aggregated Data

Anonymized, aggregated data derived from your use of the Service may be retained indefinitely for analytics and improvement purposes.

7. Cookies & Tracking

7.1 Cookies We Use

Cookie Type	Purpose	Duration	Required?
Authentication	Keep you logged in securely	Session / 30 days	Yes (essential)
Preferences	Remember your settings and display preferences	1 year	Yes (functional)
Analytics	Understand how you use the Service	1 year	Optional

7.2 What We Don’t Do

❌ No advertising cookies or pixels
❌ No cross-site tracking
❌ No selling data to ad networks
❌ No Facebook Pixel, Google Ads tracking, or similar ad tech

7.3 Managing Cookies

You can manage cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8. Your Rights

8.1 All Users

Regardless of your location, you have the right to:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information
Export: Export your Customer Data through the Service at any time
Object: Object to processing of your data for certain purposes
Restrict: Request restriction of processing in certain circumstances
Withdraw Consent: Where processing is based on consent, withdraw at any time

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Categories and specific pieces of personal information collected
Right to Delete: Request deletion of personal information
Right to Opt-Out of Sale: We do not sell personal information, so this right is already satisfied
Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information: Request limits on how we use sensitive personal information

To exercise your rights, contact us at privacy@brikt.io or use the controls in your account settings.

8.3 European Economic Area (EEA) Residents

If you are located in the EEA, we process your data under the following legal bases:

Performance of a contract: Providing the Service you signed up for
Legitimate interests: Improving the Service, preventing fraud, sending product updates
Consent: Marketing communications (opt-in), optional analytics cookies
Legal obligation: Tax and legal record-keeping

You have the right to lodge a complaint with your local data protection authority.

9. Children’s Privacy

10. International Data Transfers

For EEA and UK users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to facilitate lawful data transfers.

11. Third-Party Links

12. Changes to This Policy

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Brikt LLC
Email: privacy@brikt.io
General: john@brikt.io
Website: https://brikt.io

For data protection inquiries, please include “Privacy Request” in the subject line and specify the nature of your request.

This Privacy Policy is effective as of the date listed above and applies to all users of the Brikt platform.

Privacy Policy

1. Information We Collect

1.1 Information You Provide

1.2 Information Collected Automatically

1.3 Information from Third Parties

2. How We Use Your Information

2.1 Providing the Service

2.2 Billing & Account Management

2.3 Communication

2.4 Improvement & Analytics

2.5 Legal & Safety

3. How We Share Your Information

3.1 Service Providers

3.2 Third-Party Integrations

3.3 With Your Consent

3.4 Legal Requirements

3.5 Business Transfers

3.6 Aggregated & Anonymized Data

4. AI & Machine Learning

4.1 How We Use AI

4.2 AI Providers

4.3 Your Control

5. Data Security

5.1 Security Measures

5.2 Incident Response

5.3 Your Responsibilities

6. Data Retention

6.1 Active Accounts

6.2 After Termination

6.3 Aggregated Data

7. Cookies & Tracking

7.1 Cookies We Use

7.2 What We Don’t Do

7.3 Managing Cookies

8. Your Rights

8.1 All Users

8.2 California Residents (CCPA/CPRA)

8.3 European Economic Area (EEA) Residents

9. Children’s Privacy

10. International Data Transfers

11. Third-Party Links

12. Changes to This Policy

13. Contact Us

Privacy Policy

1. Information We Collect

1.1 Information You Provide

1.2 Information Collected Automatically

1.3 Information from Third Parties

2. How We Use Your Information

2.1 Providing the Service

2.2 Billing & Account Management

2.3 Communication

2.4 Improvement & Analytics

2.5 Legal & Safety

3. How We Share Your Information

3.1 Service Providers

3.2 Third-Party Integrations

3.3 With Your Consent

3.4 Legal Requirements

3.5 Business Transfers

3.6 Aggregated & Anonymized Data

4. AI & Machine Learning

4.1 How We Use AI

4.2 AI Providers

4.3 Your Control

5. Data Security

5.1 Security Measures

5.2 Incident Response

5.3 Your Responsibilities

6. Data Retention

6.1 Active Accounts

6.2 After Termination

6.3 Aggregated Data

7. Cookies & Tracking

7.1 Cookies We Use

7.2 What We Don’t Do

7.3 Managing Cookies

8. Your Rights

8.1 All Users

8.2 California Residents (CCPA/CPRA)