Privacy Policy - Brizzy

Last updated: 2025-10-30
Contact: brizzy.app@gmail.com

Brizzy (“we”, “us”, “our”) provides a web application available at brizzy.app. We act as the data controller for personal data we collect and process. We operate in the EU and aim to comply with applicable data-protection laws (including the GDPR) and relevant U.S. requirements.

Data we collect

• Account & authentication
  • Your email address and basic identifiers necessary to authenticate you (via Magic Link and/or Google OAuth).
• Future, optional profile questions (not required today)
  • Gender, Country, and Age (with options 18+ only).
• AI Assistant (voice & chat)
  • When you use the assistant, your voice/audio is processed and a transcript may be created to run the conversation.
  • Audio is sent to our voice AI processor (ElevenLabs). Brizzy does not store assistant audio on our servers.
• Service & security
  • Technical logs and diagnostics (e.g., IP address, device/browser metadata, timestamps) needed to secure accounts, prevent abuse, and troubleshoot.
• Usage analytics
  • High-level, privacy-friendly metrics via Simple Analytics (GDPR-compliant, cookieless, no personal profiling).
  • We do not use Google Analytics.

How we use your data (legal bases)

• Provide and secure the service
  • Create and maintain your account, send login links, authenticate, and protect from abuse/fraud.
  • GDPR legal bases: contract and/or legitimate interests.
• Operate and improve Brizzy
  • Understand product usage in aggregate and improve performance and reliability.
  • Legal basis: legitimate interests (Simple Analytics is cookieless).
• AI Assistant (voice)
  • Provide real-time voice guidance and conversation.
  • Legal basis: consent. You can withdraw consent by not using the assistant and revoking microphone access in your browser.
• Social features
  • Use your email as an identifier for features such as “invite a friend”.
• Legal compliance
  • Meet legal obligations where applicable.

Sharing with service providers

We use trusted processors to run Brizzy:

• Supabase - authentication, database, transactional emails; row-level security is configured.
• Vercel - hosting and performance/ops telemetry; no direct access to your private database rows.
• Simple Analytics - privacy-first usage statistics.
• Google - only if you choose Google OAuth for sign-in.
• ElevenLabs - voice processing (ConvoAI); receives your audio and transcript while the assistant is active and may use their own model providers as sub-processors.

These providers process data under contractual safeguards and, where relevant, appropriate transfer mechanisms (e.g., Standard Contractual Clauses) for international data flows.

Retention

• Account data is kept while your account is active.
• Security logs and operational records are retained only as needed for the purposes above, then deleted or anonymized.
• Assistant audio and transcripts: Brizzy does not store assistant audio or transcripts on our servers. Our processor (ElevenLabs) may retain limited data for a short period to operate and improve their service (see their privacy notice).

Your rights

Where applicable (e.g., EEA/UK), you can access, correct, delete, restrict, or export your data and object to certain processing. You may withdraw consent where processing is based on consent. You can also lodge a complaint with your local supervisory authority.
To exercise rights, contact brizzy.app@gmail.com.
You may withdraw consent for the assistant at any time by not using it and revoking microphone access in your browser.

Age requirement

Brizzy is intended for users 18 years and older.

International transfers

When data is transferred outside your region, we rely on lawful transfer tools and implement appropriate safeguards. Assistant processing by ElevenLabs may occur outside your region; we rely on lawful transfer tools (e.g., SCCs) and contractual safeguards.

Changes

We may update this policy; we will post changes here and update the effective date.