Brizy Shops is here! Build your store & save with early-bird pricing 👉 Explore Brizy Shops →

Privacy Policy

Last updated: May 30th, 2025

ProWebCraft LTD ("Brizy," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your personal information ("Personal Data"), as well as your rights regarding that information. It applies to all users of our services, including individuals and agencies/companies using Brizy’s website-building platform for their clients (collectively, "Users," "you," or "your").

This Privacy Policy covers all Brizy services Brizy for WordPress, Brizy Cloud, AI Website Builder, Brizy for Shopify, including our website, our platforms, and all subpages (collectively, the "Services"):

By accessing or using our Services, you confirm that you have read, understood, and agreed to this Privacy Policy and our Terms of Service. If you do not agree with our practices, you must immediately discontinue using our Services. If you have any questions or concerns, please contact us at dpo@brizy.io.

Brizy is committed to ensuring the protection of your rights and freedoms in relation to the processing of your Personal Data. We process your data securely and in accordance with all applicable legal obligations. Our Privacy Policy is designed to comply with the highest standards, including the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the UK GDPR.

This Privacy Policy outlines the information we collect about you through our Website and Services. It also explains your choices regarding the processing of your data, including how you can access, update, and object to certain uses of your Personal Data.

We may update this Privacy Policy periodically to reflect changes in our data processing practices or legal requirements. Any updates will be posted on this page, and we encourage you to review the policy regularly.

Summary

We encourage you to read this Privacy Policy in full to understand how we handle your Personal Data. However, for your convenience, here are key points:

We do not sell your Personal Data to third parties, nor do we use it for commercial purposes beyond providing our Services.
We collect only the minimum necessary data to fulfill the purposes outlined in this Privacy Policy.
You have rights under the GDPR, including the right to access, rectify, delete, or restrict the processing of your data. You may contact us at any time to exercise these rights.
We may share your Personal Data with trusted third parties under contractual obligations, such as service providers, IT infrastructure providers, or payment processors, solely for the purpose of delivering our Services.

If you have any questions about this Privacy Policy, your rights, or how we handle your data, please contact us at dpo@brizy.io

Who Are We?

Brizy is the commercial name of ProWebCraft LTD, a company registered in the United Kingdom under company number 14303873. Our registered office is located at 71–75 Shelton Street, Covent Garden, London, England, WC2H 9JQ.

Brizy is a digital technology company that provides a visual website builder and design platform. Our services empower individuals, agencies, and businesses to create professional websites without writing code. We operate globally and offer both cloud-based and self-hosted solutions to accommodate diverse user needs.

In this Privacy Policy, references to “Brizy”, “we”, “us”, or “our” refer to ProWebCraft LTD, acting as the data controller or data processor depending on the context of data collection and processing.

Our Role as Data Controller and Data Processor

Brizy acts in different capacities depending on the nature of the data processing activities involved:

1. Brizy as a Data Controller:

Brizy functions as a data controller when we directly collect and process personal data from Users who create accounts, access workspaces, manage projects, subscribe to newsletters, participate in webinars, engage in affiliate marketing, or otherwise communicate through our platform. This category includes data processed for the purposes of account creation, user authentication, platform analytics, marketing and promotional activities, customer support, and any cookies set by Brizy on our website to enhance User experience and service functionality.

Examples of data collected as a data controller include:

Registration and account details (e.g., name, email address, login credentials).
Information collected for newsletter subscriptions and marketing communications.
Data from User interactions with our website, including cookies used for analytics and personalized advertising.
Information related to participation in webinars and other promotional or informational events hosted by Brizy.
Information related to affiliate marketing partnerships.

2. Brizy as a Data Controller:

Brizy acts as a data processor when providing our website-building platform and hosting services to our clients, such as Agencies or other commercial Users, who use Brizy’s infrastructure to create and manage websites. In these circumstances, the Client is the data controller, as they determine the purposes and means of processing their end users' data. Brizy only processes such personal data under the instructions provided by our clients and does not independently control this data processing.

Responsibilities of Brizy as a data processor include:

Hosting websites and providing technical infrastructure on AWS for our clients.
Storing data related to client-managed projects, including leads collected via client websites, as directed by the clients.
Ensuring backups and secure storage of clients' website data and related information.

Brizy does not independently set cookies, deploy tracking scripts, or control any data processing performed by our clients on their end-users' data. Clients remain solely responsible for compliance with applicable data protection laws, including transparency, obtaining necessary consents, managing cookie usage, and ensuring the lawful processing of their end users’ personal data.

We strongly recommend end-users visiting websites built with Brizy to consult the respective Client’s privacy policy to understand their data processing activities and practices.

Brizy does not control the content of websites built with our platform nor do we independently collect personal data from end users visiting these sites. The responsibility for the collection, processing, and management of end users' personal data lies entirely with the business or individual managing the respective website. This Privacy Policy applies exclusively to the data processing activities where Brizy acts as a data controller, as described above, and does not cover activities where we operate solely as a data processor on behalf of our clients.

Periodic updates to this Privacy Policy will be posted on this page to reflect any changes in our data processing practices or relevant legal obligations.

Your Personal Data

Personal Data You Provide Us

Customer Account Details:

When creating a Brizy account, we collect your email address, first name, last name, and password. This information is used to authenticate your account, provide you with secure access to our services, and communicate essential information about your account or subscription.

Payment and Billing Information:

When you subscribe to any of our paid services, your payments are securely processed by trusted third-party payment processors. Brizy does not directly access or store your full credit card details. However, we do collect partial payment details provided by our payment processors (such as the last four digits of your card, expiration date, and country of issuance), your billing address, and, if applicable, your business-related details required by payment processors, including bank account details, address, phone number, date of birth, government-issued identification numbers (social security number, passport number, driver's license number), tax identifier (EIN), and nationality. This data is collected and retained to fulfill contractual obligations and to comply with applicable financial and legal regulations.

Communication and Customer Support Information:

When you contact us through our support channels, customer forums, or direct email, we collect and store information provided by you, including your name, email address, phone number, company, and details of your inquiry or communication. This information allows us to effectively respond to your requests and provide assistance.

Marketing Preferences and Webinar Registrations:

If you choose to subscribe to our newsletters, webinars, promotional events, or affiliate marketing programs, we collect your first name, last name, job title, company name, phone number, country, email address, and company size. This information is used to provide relevant marketing content, promotional offers, event invitations, and other communications based on your interests and consent. You can unsubscribe or change your preferences at any time.

Survey, Research, and Promotion Information:

When you voluntarily participate in surveys, research activities, contests, or promotional campaigns, we collect the personal information you choose to provide. This information helps us improve our services, develop new features, and administer promotional activities effectively.

Enterprise Sales Information:

If you or your company engages with us regarding our enterprise offerings, we collect contact details and professional information including names, email addresses, job titles, phone numbers, and may also store recordings of sales conversations with your consent. This information helps us provide tailored business services and support to potential enterprise clients.

Affiliate Marketing Program Information:

If you choose to participate in Brizy’s Affiliate Marketing Program, we collect the information you provide when applying or logging into your affiliate account. This includes your full name, website URL, Brizy account email, and any additional information submitted through the affiliate application form. For the purpose of processing affiliate commissions, we also collect your preferred payment details, such as your PayPal or Payoneer account information.
This data is processed to assess your application, manage your affiliate status, track performance, and ensure accurate and timely payment of earned commissions. The legal basis for this processing is the execution of a contractual relationship and our legitimate interest in administering the affiliate program. You may contact us at any time to update your affiliate profile or terminate your participation.

Personal Data We Collect Automatically

Site Usage Information:

When you interact with our website or platform, we automatically collect certain technical data. This includes: IP addresses, preferences, web pages you visited prior to coming to our or our Users’ sites, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services and our Users’ sites (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors). This data is collected via cookies or analytics tools and is used to analyze and enhance user experience, functionality, and security of our website and services.

Mobile Application Information:

If you access our services via mobile applications and have enabled location services on your device, we may also collect precise geolocation data to optimize your experience and provide relevant service functionality.

Personal Data Collected by Third Parties

We collaborate with trusted third-party service providers, such as payment processors, analytics providers, and hosting services (AWS), who collect personal data on our behalf or provide us with additional data required to deliver our services efficiently. These third parties are contractually required to process personal data securely and strictly in line with our instructions and applicable privacy regulations.

Third-Party Login (Google and LinkedIn)

You have the option to register or log in to your Brizy account using your existing Google or LinkedIn credentials. If you choose this method, we receive your basic profile information from the selected third-party service, which typically includes your name, email address, profile picture, and unique identifier. By using this option, you authorize Brizy to collect, store, and use this data in accordance with this Privacy Policy. We recommend reviewing the privacy policies of Google or LinkedIn for further details regarding their data processing practices.

Cookies & Technologies used to collect information about you:

We collect the following data directly and through the use of third parties. We collect this data by using certain technologies, such as cookies. Please refer to our Cookies Policy to learn more about your rights and responsibilities with respect to cookies and other technologies. If you have any questions about your rights under our Cookies Policy, we encourage you to contact us at dpo@brizy.io

Cookies (or browser cookies). Cookies are text files with small pieces of data that are used to identify your computer as you use a network. Specific cookies are used to identify specific users and improve their web browsing experience. When you access our website, you have the choice to refuse, or to accept browser cookies by activating the appropriate setting on your browser. However, if you refuse the use of cookies, you may be unable to access certain parts of the Website.
Analytics. Analytics are tools we use, such as Google Analytics, to help provide us with information about traffic to the Website and use of the Website, which Google may share with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network. Learn more on how Google Analytics may use your data.

Purpose of Data Processing

Brizy processes your personal data based on one or more of the following legal bases:

Processing is necessary for the conclusion or performance of a contract with you.
Processing is required to comply with our legal obligations (e.g., fiscal regulations, reporting to authorities).
Processing is necessary to fulfill our legitimate interests.
Processing is based on your explicit consent.

Below you will find details on how we use your personal data:

To provide and manage our services

We process your personal data to deliver and manage the services you request from Brizy. This includes:

Account Creation and Management: When you register an account with Brizy, we collect and process your email address, first and last name, and password to create and secure your user account. You can also choose to log in using Google or LinkedIn, in which case we collect limited profile data from these providers (name, email, and profile photo). This processing is necessary for us to fulfill our contractual obligations and provide you with access to our platform.

Payment Processing and Billing: When you purchase a subscription or other paid services, your payment details are securely processed by trusted third-party payment providers. Brizy receives limited payment information from these processors (such as the last four digits of your card, billing address, expiration date, and issuing country) as well as invoicing details, including tax identification numbers or bank details, to comply with applicable fiscal and financial obligations.

Service Administration and Account History: We process information related to your account usage, such as trials, subscription status, discount code usage, and other relevant transactional details to manage and improve your experience with our platform. This processing is based on our legitimate interest to maintain service quality and perform our contractual duties.

To personalize your experience and enhance our services

Platform Analytics and User Experience:

We analyze information collected through your interactions with our website and platform—including IP addresses, device information, browser type, and user behavior—to optimize and improve our services. Typically, this information is anonymized, pseudonymized, or aggregated. The legal basis for this processing is our legitimate interest in ensuring the functionality and continual enhancement of our platform.

To communicate with you effectively

We use your personal data to communicate important information and provide support:

Customer Support: If you contact us through forms, live chat, email, or by phone, we collect your name, email address, phone number, company information, and details of your inquiry to respond effectively and promptly. This processing is based on our legitimate interest to deliver quality customer service.

Service Updates and Notifications: We may use your contact details to inform you about important changes to our services, subscription renewals, updates, or other essential notifications related to your account. The legal basis for this processing is our contractual obligation and legitimate interest in keeping you informed.

Marketing Communications: With your consent or based on our legitimate interest, we use your data (including name, job title, email address, phone number, company size, and country) to send newsletters, promotional emails, webinar invitations, and marketing messages relevant to your interests. You can withdraw your consent or opt-out at any time.

To conduct research, surveys, and promotions

We may collect your personal data if you voluntarily participate in surveys, forums, research projects, contests, sweepstakes, or promotional activities. This information allows us to understand our customers better and continuously enhance our offerings. Processing in this context is typically based on your consent or our legitimate interest.

To facilitate enterprise services and business development

For potential enterprise customers, we collect and process data such as name, email address, phone number, job title, and company details. This processing is based on our legitimate interest in expanding our business and facilitating enterprise partnerships.

To ensure security and integrity of our platform

We use your personal data to detect, prevent, and investigate security incidents, fraud, and other illegal or unauthorized activities. This processing is necessary for our legitimate interest in maintaining the security and integrity of our services.

To comply with legal obligations

We process personal data to fulfill applicable legal requirements, such as tax obligations, regulatory compliance, reporting to authorities, and responding to legal inquiries or law enforcement requests. This processing is based on our compliance with relevant laws and regulations.

Third-party websites and user-generated content (User Content)

Brizy hosts websites created by our Clients (such as agencies, SaaS providers, and other Users). Any personal data processed by these websites, including data collected from end users, is solely controlled by the respective clients. Brizy does not independently collect or control this data, nor do we set cookies or tracking scripts on these sites. End users should refer to the specific privacy policy of the website they visit for information on their data processing practices.

For How Long Do We Keep Your Personal Data?

We retain your personal data only for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal, regulatory, or contractual obligations, or protect our legal rights.

In general, your personal data will be stored as follows:

Account and User Data: Personal data related to your Brizy account (such as email address, name, contact details, and billing information) will be retained as long as your account remains active, or as necessary to provide you with the requested services. If your account becomes inactive or you request account deletion, we will retain your data for a period up to 3 years after the termination of the account, unless a longer retention period is mandated by law (e.g., for financial, tax, or regulatory reasons).
Payment and Financial Data: Personal data related to payments, transactions, invoicing, and accounting will be retained for as long as required by applicable fiscal, financial, or tax legislation (generally between 5 to 10 years, depending on jurisdiction). After this period, such data will be securely deleted or anonymized.
Marketing and Communications Data: Personal data used for marketing purposes (e.g., newsletter subscriptions, webinar registrations, promotional communications) will be retained until you withdraw your consent, unsubscribe, or request the deletion of your data. Upon withdrawal or unsubscription, your data will be removed from our active marketing databases without undue delay.
Survey, Research, and Promotional Information: Information collected through voluntary participation in surveys, research initiatives, contests, or promotional activities will be retained only as long as necessary for the completion of the activity or campaign, and for an additional period of up to 2 years thereafter, unless you request earlier deletion.
Website and Platform Analytics: Technical data collected automatically through cookies or other analytics tools will be retained for up to 2 years from collection. This data is typically aggregated or anonymized promptly to ensure minimal privacy impact.
Enterprise Sales and Business Development Data: Personal data related to potential enterprise customers, including correspondence, proposals, and sales discussions, will typically be retained for up to 3 years following the last meaningful interaction or until you explicitly request deletion.
Legal and Security Data: We may retain certain personal data for longer periods when required for legal claims, dispute resolution, regulatory compliance, or investigation of fraud and security incidents. Such data will be retained as long as legally necessary to protect Brizy’s legitimate interests.

After the expiry of the relevant retention period, we securely delete or anonymize your personal data to ensure that it cannot be associated with you.

If you have questions about our data retention practices or wish to request deletion or access to your personal data, please contact us at dpo@brizy.io.

Newsletter & Marketing Communications

Types of Communications

Brizy may send you email communications for various purposes related to your use of the platform. These include, but are not limited to:

Product Updates & Feature Releases – Notices about new functionality, improvements, or important changes.
Monthly Newsletters – Curated summaries including product news, case studies, promotions, blog content, and community highlights.
Sales Promotions & Offers – Occasional announcements of discounts, bundles, and upgrades.
Onboarding & Educational Flows – Helpful emails with tutorials, platform guidance, and account activation tips.
Event & Webinar Invitations – Resources related to Brizy-hosted events, webinars, and training sessions.
Transactional or Operational Messages – Password resets, billing notices, system alerts, and account status updates.

Each email includes a clear unsubscribe link, allowing you to opt out of promotional communications or adjust your preferences at any time.

Legal Basis for Email Communication

We rely on the following legal bases under the General Data Protection Regulation (GDPR) and related laws to send you email communications:

(a) Legitimate Interest

We process and send certain email communications under the legal basis of legitimate interest (Article 6(1)(f) GDPR) when:

You create an account (including a free trial), make a purchase, or engage with our Services;
We need to welcome you, provide onboarding instructions, share account-related guidance, or help you get started with your plan;
We send product-related resources or documentation that improve your experience as a registered user.

Even if you choose not to subscribe to newsletters, you may still receive emails based on our legitimate interest in helping you successfully use the Services and maintain platform functionality. You may object to such processing at any time by contacting support@brizy.io, though doing so may impact your ability to receive important product information.

(b) Consent

Where required, we rely on your express consent (Article 6(1)(a) GDPR) to send promotional emails such as newsletters or special offers that are not directly related to your account or services. You give this consent by actively opting in, such as by ticking a checkbox on a form. You may withdraw this consent at any time by using the unsubscribe link in our emails or contacting us directly.

(c) Soft Opt-In (EU/UK only)

If you are an existing customer, have signed up for a free trial, or requested information from us, we may send you occasional emails about similar Brizy products, features, or offers. This is in line with applicable laws (e.g., Article 13(2) of the ePrivacy Directive and UK PECR), which allow marketing on the basis of a prior relationship — known as a "soft opt-in."

You can opt out at any time by clicking the unsubscribe link in any email or contacting us at dpo@brizy.io

Unsubscribing and Managing Preferences

You can manage your email preferences or unsubscribe from certain types of communications at any time by clicking the appropriate link in the footer of any Brizy marketing email.

Note that opting out of promotional communications does not affect service-related emails, such as billing reminders, security alerts, or onboarding support messages necessary for the performance of our contract with you or our legitimate interest.

Protecting your personal data

Brizy has implemented robust technical and organizational security measures to protect your personal information against accidental loss, unauthorized access, disclosure, alteration, or any other unlawful processing. Your personal data is securely stored within protected networks, accessible only to a limited number of authorized personnel who are required to maintain confidentiality. All sensitive information you provide, especially financial details, is securely transmitted via Secure Socket Layer (SSL) encryption technology. Transactions are exclusively processed by trusted third-party payment gateways, and full payment details are never stored on Brizy’s servers.

To ensure high-level security, Brizy hosts all data on GDPR-compliant cloud servers provided by Amazon Web Services (AWS), a leading global cloud infrastructure provider. For more details about Amazon's data security and compliance practices, please review Amazon's Data Protection Addendum here.

All employees, collaborators, and third-party service providers are bound by confidentiality agreements and data protection obligations, and they access personal data strictly according to their professional responsibilities. Additionally, our internal systems and endpoint devices are secured by password protection, regularly updated antivirus software, anti-spam solutions, firewalls, and secure encryption protocols, ensuring continuous protection of your personal data.

Despite these comprehensive measures, please understand that no online platform or transmission method is completely secure. Should you have any concerns regarding the security of your personal data or if you wish to learn more about our security practices, please contact us at dpo@brizy.io.

Sharing Your Personal Data

We may disclose information about you in the following circumstances:

Vendors

We share information with vendors that perform services on our behalf. These vendors only process personal data as instructed by us and in accordance with applicable data protection laws:

Customer Support Vendors: These vendors help us host our support resources (such as chats, message boards, or forums) and track, manage, and respond to customer inquiries. We may share data such as Customer Account Details and Communication Information to enable them to provide these services effectively.
Sales and Marketing Vendors: These vendors assist us in sending marketing communications, newsletters, and other promotional materials. We may disclose Customer Account Details and Account History Information to facilitate targeted communications and promotional campaigns.
Information Technology Vendors: These vendors (including cloud hosting providers) enable us to operate Brizy’s Services reliably and at scale. We disclose Customer Account Details, Account History Information, Payment Information, and Site Usage Information to them so they can provide essential infrastructure, data hosting, and related IT services.
Safety and Security Vendors: we may use specialized service providers to monitor, detect, and investigate suspicious or fraudulent activities, as well as potential violations of our policies. We share Customer Account Details and Site Usage Information with these vendors to safeguard our Services and users.
Payments Services Vendors: These vendors (such as Stripe or PayPal) enable Brizy to operate payment-related services and functionalities. They may conduct identity or bank verification and help prevent or investigate suspicious or fraudulent behavior. We may disclose Customer Account Details, Payment Services Information, Account History Information, and Site Usage Information with them to facilitate secure transactions and maintain compliance with legal obligations.

Professional Advisors

In limited cases, we may share your information with our professional advisors (e.g., external legal counsel or financial advisors) to ensure compliance with our legal and financial obligations, or to protect our rights and interests. Depending on the circumstances, we may share any of the categories of personal data described in our “Personal Data We Collect” section with these advisors.

Business Partners

We also work with various partners who may receive certain data about you, always subject to appropriate safeguards:

Reseller Business Partners: We partner with entities authorized to resell Brizy’s products on our behalf to Customers. If you purchase a resold Service or request support via a reseller, we may share information, such as Account History Information, to help both the reseller and Brizy address your request or issue.
Online Advertising Partners: We collaborate with advertising platforms to present tailored ads and measure their effectiveness. For example, we may share limited data (like Account History Information or, if you’re a Customer, Site Usage Information) with social media or ad-serving platforms so they can either exclude existing customers from seeing new-customer offers or show relevant ads to users who haven’t yet upgraded their accounts.
Payments Services and Financial Product Partners: Brizy partners with other payment services and financial product providers to help Customers process transactions, receive additional services, or learn about third-party financial offerings. We share relevant Customer Account Details, Payment Services Information, and Account History Information as needed to facilitate these services and product offerings.
Third-Party Plugins and Social Networks: We may disclose information if you use third-party plugins (e.g., social media login) or deliberately interact with a social network. For instance, if you log into your Brizy account with a third-party service, we share the fact that you used that service for authentication.

Process Payments

We transmit your Payment Information to our third-party payment processors through encrypted channels to process transactions. Your payment details are not stored on our servers beyond the limited billing and verification information needed for record-keeping and compliance.

Following the Law or Protecting Rights and Interests

We disclose information if we believe such disclosure is necessary to:

Comply with the law (e.g., in response to lawful requests from government authorities).
Protect our rights, property, or interests.
Prevent fraud or abuse of Brizy, our Customers, or their End Users.
Investigate or prevent criminal or other illegal activities.

Depending on the circumstances, we may share any of the categories of personal data described in our “Personal Data We Collect” section to meet these obligations.

Business Transfers

If Brizy undertakes or is involved in any merger, acquisition, reorganization, sale of assets, or other business transaction, we may disclose personal data as part of the negotiation, due diligence, or completion of such a transaction. In such cases, appropriate measures will be taken to ensure the confidentiality and integrity of the data transferred.

When these third parties act as our data processors, we ensure that data processing agreements are in place under Article 28 of the GDPR (or equivalent obligations in other jurisdictions). These agreements obligate the service providers to protect your personal data and process it solely in accordance with our instructions and applicable legal standards.

Consult our list of approved sub-processors as of March 31, 2025, in Appendix 2.

International Data Transfers

Brizy is a global company, and some of our trusted service providers may be located outside your country of residence. If you are based in the EU, we primarily host data on servers within the EU to comply with GDPR and safeguard your privacy. However, certain providers, including those offering analytics, communication tools, or payment processing services, may store or process personal data in the United States or other locations. In such situations, we ensure the existence of adequate data protection measures, such as the European Commission’s Standard Contractual Clauses (SCCs), relevant adequacy decisions, or similar mechanisms required by local regulations. These measures are in place to protect your personal data and uphold your privacy rights regardless of where the data is processed.

If you have any questions or concerns about data transfers, please contact us at dpo@brizy.io

What Are Your Rights?

Under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU GDPR, you have certain rights regarding your personal data. These rights may vary depending on your jurisdiction, but generally include:

Right of Access: You can ask us to confirm whether we process your personal data. If we do, you have the right to request a copy of the personal data we hold about you. We will also provide information about the purposes of processing, the categories of data processed, any recipients (or categories of recipients) to whom data is disclosed, the envisaged retention period, and your rights concerning your data.
Right to Rectification: If you believe your personal data is inaccurate or incomplete, you may request that we correct or update it. We may verify the accuracy of the data before making any changes.
Right to Erasure (“Right to be Forgotten”): You may request that we delete your personal data in certain circumstances, such as when:

The data is no longer necessary for the purposes for which it was collected.
You have withdrawn your consent and no other legal basis for processing applies.
The data was processed unlawfully.
You have exercised a legal right to object, and there is no overriding legitimate ground for processing.
We have a legal obligation to erase the data.

We are not obliged to comply with all requests for erasure (e.g., when we must retain data to comply with a legal obligation or to establish, exercise, or defend legal claims).

4. Right to Restrict Processing: You can request that we restrict (i.e., store but not further process) your personal data in limited circumstances, for example when:

You contest the accuracy of the data (for a period enabling us to verify it).
The processing is unlawful, but you oppose erasure and request restriction instead.
We no longer need the data for the original purpose, but you require it to establish, exercise, or defend legal claims.
You have objected to processing pending verification of whether we have overriding legitimate grounds.
We may continue to process your data if we have your consent or need it to establish, exercise, or defend legal claims, or to protect the rights of Brizy or another natural or legal person.

5. Right to Data Portability: Where we process your personal data based on your consent or the necessity to perform a contract with you, and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer your data directly to another data controller where technically feasible.

6. Right to Object You have the right to object to the processing of your personal data when it is based on our legitimate interests or those of a third party, if you believe your fundamental rights and freedoms outweigh those interests. You can also object to direct marketing at any time by using the “unsubscribe” link in such communications or contacting us.

7. Right Not to be Subject to Automated Decisions: You may request not to be subject to decisions based solely on automated processing (including profiling) which produce legal or similarly significant effects on you. This right does not apply if:

The automated decision is necessary for entering into or performing a contract with you.
It is authorized by law and safeguards are in place to protect your rights and freedoms.
It is based on your explicit consent.

8. Right to Lodge a Complaint

With Brizy:

If you have any concerns or complaints regarding the processing of your personal data, we encourage you to contact us first at dpo@brizy.io. We will do our best to investigate and address your concerns promptly.

Alternatively, you can contact us by post at:

ProWebCraft LTD: 71-75 Shelton Street, Covent Garden, WC2H 9JQ, London, United Kingdom

However, please note that given the global reach of our app, we strongly recommend that you contact us by email. We cannot guarantee the arrival on time by post. If you, however, choose to submit a request through the mail, we recommend that you mail your request with confirmation of receipt.

We will consider and act upon any request in accordance with applicable data protection laws.

With the ICO (UK):

If you are located in the United Kingdom and feel that we have not adequately resolved your complaint or concern, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk/
Helpline: +44 (0)303 123 1113
With Other Data Protection Authorities (EU/EEA):
. If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

We aim to respond to any valid request relating to your rights within one month, or within two months if the request is complex or if you have made multiple requests. In such cases, we will let you know about the delay and provide an explanation. You may also send your request by post if needed:

For any questions or concerns about this Privacy Policy or how we manage your personal data, please contact us at dpo@brizy.io.

Opting out of promotional communications

You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us at dpo@brizy.io. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Links to Other Websites

Our services may include links to third-party websites, mobile applications, or social media platforms. Brizy does not control and is not responsible for the content, accuracy, or practices of any third-party websites or materials accessible through such links. Any interactions with these external sites are governed by their own privacy policies and terms of service, and we encourage you to review them carefully before engaging in any transaction or providing personal data. We disclaim all responsibility and liability for your use of or access to any external websites. If you have difficulty locating a third party’s privacy policy, please contact them directly for more information or reach out to us at dpo@brizy.io for assistance.

Applicable Law

Unless otherwise required by local law, this Privacy Policy, and any dispute or claim arising from or related to its subject matter, shall be governed by and interpreted in accordance with the laws of the United Kingdom. You agree to submit to the exclusive jurisdiction of the state or federal courts located in the United Kingdom, with respect to any matter arising out of or relating to this Privacy Policy or the processing of your personal data.

Updates to This Notice

We reserve the right to update this Privacy Policy from time to time. The most current version of this Policy will be posted on our website under the “Last Updated” date. Any material changes will become effective as soon as they are posted, and we may also provide notice of significant updates via email or directly within our services. We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your information.

Contact us

We welcome any questions, comments, or concerns you may have about this Privacy Policy or our data processing practices. Please contact us at:

Email: dpo@brizy.io

Mailing Address: ProWebCraft LTD

71-75 Shelton Street, Covent Garden, WC2H 9JQ

London, United Kingdom

We will make every effort to address and resolve any issues promptly and professionally.

Appendix 1: State and Regional Privacy Rights

Certain jurisdictions provide individuals with specific rights regarding their personal data. Brizy respects and complies with these legal obligations. If you reside in one of the regions listed below, you may have additional rights under applicable data protection laws.

A. United States – State Privacy Laws

California (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents have the following rights (subject to applicable legal limitations):

The right to know the categories of personal information we collect and disclose.
The right to access specific pieces of personal information collected about you.
The right to request deletion of your personal information.
The right to correct inaccurate personal information.
The right to opt out of the “sale” or “sharing” of personal information (as defined under the CPRA).
The right to limit the use of sensitive personal information.

We do not knowingly Sell or Share the personal information of children under 16.

You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Brizy does not discriminate against California Residents for exercising their rights.

Brizy does not sell your personal information in exchange for monetary value. However, we may use third-party analytics or advertising services that could be considered a “sale” or “sharing” under the CPRA. You may exercise your rights by contacting us at dpo@brizy.io.

Nevada

Nevada residents have the right to opt out of the sale of certain personal information as defined under Nevada Revised Statutes Chapter 603A. Brizy does not currently sell personal information as defined under Nevada law. However, you may submit a request to opt out by emailing dpo@brizy.io.

Virginia (VCDPA)

Virginia residents have the following rights under the Virginia Consumer Data Protection Act (VCDPA):

The right to access and confirm personal data processed by Brizy.
The right to correct inaccuracies in your personal data.
The right to request deletion of your personal data.
The right to obtain a copy of your data in a portable format.
The right to opt out of targeted advertising, profiling, and the sale of personal data.

To exercise your rights, please contact dpo@brizy.io.

Appendix 2: List of sub-processors

Third-party	Purpose	Entity Location
1Password	Password management and secure storage	United States, Canada, & the EU
aMember	Membership and subscription management platform	USA (assumed)
AWS	Cloud infrastructure and hosting services	Global (notably USA, Europe, Asia-Pacific)
Brevo	Email marketing and CRM	France (headquarters), European Union
Close	Sales CRM and lead management	USA
Customer.io	Customer engagement and marketing automation platform	USA
Dext	Expense management and receipt processing	United Kingdom
DigitalOcean	Cloud hosting and virtual servers	USA, Netherlands, Germany, Singapore, India, Australia, Canada
Discord	Internal communication and collaboration	USA
Docker	Containerization and software deployment	USA
Figma	Design and prototyping collaboration	USA
Fusion Consulting SRL	Externalized development, maintenance, and operations	Republic of Moldova
GitHub	Code hosting, version control, and collaboration	USA
Google Analytics	Website traffic analytics and user behavior tracking	USA
Jumpshare	File sharing, collaboration, and quick media capture	USA
Miro	Collaborative online whiteboarding and visual workspace	USA
Notion	Project management and knowledge management	USA
Paddle	Payment processing and subscription management	USA and Europe
Slack	Team communication and collaboration	USA
Stripe	Payment processing and financial transaction management	North America, Europe, and Asia-Pacific
OpenAI	AI Content Generation	USA
Xero	Accounting software and financial management	New Zealand, USA
Zendesk	Customer service and support platform	USA, Europe, Asia-Pacific
Clarity	Analytics alternative to Google Analytics	USA
Piwik PRO	Analytics alternative to Google Analytics	Europe (Poland HQ)
YouTube	Posting and sharing video content	USA
Facebook	Social media marketing	USA, Europe, and Asia
Instagram	Social media marketing	USA
LinkedIn	Professional networking and advertising	USA
Google Ads	Creation of targeted advertisements	USA
ChartMogul	Financial reporting and analytics	Germany
ChurnBuster.io	Cart recovery and abandoned checkout management	USA
Ahrefs	SEO tool	Singapore
BunnyCDN	Content delivery network (CDN)	Slovenia
DocuSign	Digital signing of documents	USA
Namecheap	SSL certificates and domain registration	USA
Sentry	Error tracking and analytics	USA
Sucuri.net	Website security and Web Application Firewall (WAF)	USA
Typeform	Online forms and surveys	Spain
UptimeRobot	Service monitoring	USA and Europe
Wise	Payments and international transfers	Europe, Asia-Pacific, and the USA

Appendix 3: Technical and Organizational Measures (TOMs)

Pursuant to Article 32 GDPR – Security of Processing

Brizy has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of Regulation (EU) 2016/679 (GDPR). These measures are designed to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services, and are reviewed and updated regularly based on the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.

Brizy has appointed a Data Protection Officer (DPO), who may be contacted at privacy@brizy.io for any data protection-related matters.

1. Physical Access Control

Measures to prevent unauthorized persons from gaining physical access to data processing equipment:

Biometric access controls at the data center
Manual locking systems
Doorbell system with camera
Video surveillance at facility entrances
24/7 on-site security guard staffing (at the data center)
Visitor registration and escort protocol

2. Logical Access Control

Measures to prevent unauthorized access to data processing systems:

Access restricted through individual usernames and strong passwords
Two-factor authentication (2FA) for critical systems
Single Sign-On (SSO)
Role-based access control (RBAC)
Strict access permissions for databases and storage locations
Logging and monitoring of database access
Use of firewall systems

3. Authorization Control

Measures to ensure that persons authorized to use data processing systems access only the data they are permitted to:

Assignment of access rights based on least privilege
Periodic review of user access rights
Access restricted to specific data areas
Logging of access to applications
Certified SSL encryption and SSH-secured access
Limiting the number of users with administrative rights
Regular audits of access rights

4. Separation Control

Measures to ensure data collected for different purposes is processed separately:

Segregation of development, staging, and production environments
Multi-tenancy controls in place
Logical separation of test and production systems

5. Transfer Control

Measures to protect personal data during transmission:

Use of encrypted transmission protocols (e.g., HTTPS, SFTP)
Logging of access and transfer activities

6. Input Control

Measures to ensure that personal data is entered, modified, or removed only by authorized individuals:

Assignment of data modification rights
Control and review of system logs (manual and automated)

7. Availability and Resilience

Measures to protect data from accidental destruction or loss:

Redundant data storage across geographically distributed locations
Comprehensive backup strategy (including automated snapshots)
Implementation of AWS CloudFormation for disaster recovery
Use of AWS RDS and S3 with backup versioning

8. Monitoring and Alerting (AWS Infrastructure)

Measures to ensure infrastructure integrity and performance:

AWS CloudWatch for system performance monitoring
AWS Auto Scaling to maintain service availability
Elastic Load Balancing (ELB) for load distribution
Direct Connect or VPN for secure infrastructure access
Formalized process for handling information requests

9. Subprocessor and Vendor Management

Measures to ensure third parties meet applicable security and privacy obligations:

Contractual agreements in place with all data processors
Non-disclosure agreements (NDAs) signed with contractors
Ongoing review of legal basis for processing with subprocessors

10. Data Subject Rights Management

Measures to ensure compliance with GDPR Chapter III:

Documented procedures for responding to data subject requests (e.g., access, erasure, objection)
Timely handling of such requests in accordance with legal timelines
Record-keeping of all requests and responses
Cooperation with supervisory authorities, including prompt response to inquiries

Brizy reviews and updates these measures on an ongoing basis in line with technological developments and regulatory requirements.