Privacy Policy | Brizzy

This Privacy Policy explains how Brizzy, provided by Vanclaro OÜ (“Brizzy”, “Vanclaro”, “we”, “us”, or “our”), collects, uses, stores, and shares personal data when you use the Brizzy website, web application, and related services available at brizzy.app (collectively, the “Service”).

We aim to comply with applicable data protection laws, including the GDPR where applicable.

By using the Service, you acknowledge that your personal data may be processed as described in this Privacy Policy.

1. Who we are

For the purposes of applicable data protection law, Vanclaro OÜ is the data controller for the personal data described in this Privacy Policy.

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

2. Data we collect

Depending on how you use the Service, we may collect the following categories of personal data.

a) Account and authentication data

When you create or use an account, we may collect:

• your email address;
• authentication-related identifiers;
• sign-in method details, such as Magic Link or Google OAuth;
• basic account metadata needed to manage access and security.

b) Optional profile data

If we enable profile features, we may collect optional information you choose to provide, such as:

• gender;
• country;
• age bracket or confirmation that you are 18 or older.

Providing optional profile information is not required unless clearly indicated.

c) Voice assistant and chat data

If you use voice or conversational assistant features, we may process:

• your audio input while the feature is active;
• transcripts generated from that audio;
• text prompts, responses, and related interaction data needed to operate the assistant.

Brizzy does not store assistant audio recordings on our own servers unless we explicitly state otherwise in the Service. Audio and transcript processing may be handled by third-party processors that support the assistant functionality.

d) Technical, device, and security data

We may collect technical and operational information such as:

• IP address;
• browser type and version;
• device type and operating system;
• timestamps;
• log data;
• error reports, diagnostics, and security-related events.

We use this data to secure the Service, prevent abuse, troubleshoot problems, and maintain reliability.

e) Usage analytics

We collect limited usage information about how the Service is used, such as page visits, feature interactions, and general traffic patterns.

We use Simple Analytics, a privacy-friendly analytics provider. We do not use Google Analytics.

f) Payment and billing data

If you purchase a paid subscription, payment processing is handled by Stripe. We do not store your full card details on our servers.

We may receive limited billing-related information such as:

• subscription status;
• payment confirmation;
• billing identifiers;
• country or tax-related information where required.

3. How we use your data

We use personal data for the following purposes:

a) To provide and maintain the Service

This includes:

• creating and managing accounts;
• sending login links and transactional emails;
• authenticating users;
• operating the features you request;
• providing customer support.

b) To secure the Service and prevent abuse

This includes:

• monitoring suspicious activity;
• detecting fraud, misuse, or unauthorized access;
• troubleshooting errors and service incidents;
• protecting users, systems, and infrastructure.

c) To operate and improve Brizzy

This includes:

• understanding how the Service is used in aggregate;
• improving performance, reliability, and usability;
• developing, testing, and refining features.

d) To provide assistant and voice features

If you use assistant features, we process the relevant audio, transcript, and interaction data to deliver real-time responses and conversational functionality.

e) To process subscriptions and payments

This includes:

• managing paid plans;
• confirming payments;
• handling billing-related operations;
• maintaining financial and accounting records where legally required.

f) To comply with legal obligations

We may process personal data where necessary to comply with applicable law, lawful requests, tax and accounting obligations, or regulatory requirements.

4. Legal bases for processing

Where the GDPR or similar laws apply, we rely on one or more of the following legal bases:

a) Performance of a contract

We process personal data as necessary to provide the Service you request, including account access, authentication, billing, and core functionality.

b) Legitimate interests

We process certain data where necessary for our legitimate interests, including:

• securing the Service;
• preventing abuse and fraud;
• maintaining infrastructure;
• improving performance and usability;
• understanding usage through privacy-friendly analytics.

Where we rely on legitimate interests, we consider the impact on your rights and freedoms.

c) Consent

We rely on consent where appropriate, including for voice or microphone-based assistant functionality where your audio is processed while the feature is active.

You may withdraw consent at any time by stopping use of that feature and revoking microphone permissions in your browser or device settings.

d) Legal obligation

We may process personal data where necessary to comply with legal or regulatory obligations.

5. Analytics, cookies, and similar technologies

We use Simple Analytics to understand general usage of the Service in a privacy-friendly way.

Simple Analytics is designed to operate without invasive profiling and without traditional advertising tracking. We do not use Google Analytics.

We may still use technically necessary cookies or similar storage mechanisms required for:

• authentication;
• session management;
• security;
• load balancing;
• basic Service functionality.

We do not use cookies for behavioral advertising or cross-site ad profiling.

6. How we share personal data

We do not sell your personal data.

We may share personal data with trusted service providers that help us operate the Service, including:

• Supabase - authentication, database infrastructure, and transactional service functions;
• Vercel - hosting, deployment, and operational infrastructure;
• Simple Analytics - privacy-friendly usage analytics;
• Stripe - payment processing and billing;
• Google - only if you choose Google OAuth or related Google sign-in features;
• ElevenLabs - voice processing and conversational assistant support, if and when assistant features are used.

These providers process personal data on our behalf or as independent providers of services you choose to use, depending on the context.

We may also disclose personal data:

• if required by law or legal process;
• to protect rights, safety, users, or the integrity of the Service;
• in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate safeguards.

7. International data transfers

Some of our service providers may process personal data outside your country or outside the EEA.

Where personal data is transferred internationally, we rely on lawful transfer mechanisms and appropriate safeguards where required, including contractual protections such as Standard Contractual Clauses (SCCs) where relevant.

Assistant-related processing by providers such as ElevenLabs may involve international transfers.

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

In general:

• account data is retained while your account remains active and for a limited period afterward where necessary for legal, security, or operational reasons;
• security logs and technical records are retained for limited periods as needed to prevent abuse, investigate incidents, and maintain reliability;
• billing and payment-related records may be retained as required by tax, accounting, and legal obligations;
• analytics data is retained in a form appropriate to the privacy-friendly analytics approach we use;
• assistant audio is not stored by Brizzy on our own servers unless explicitly stated otherwise in the Service.

If a third-party processor such as ElevenLabs temporarily retains audio, transcript, or related interaction data to operate or improve its services, that retention is governed by the processor’s own privacy terms and contractual safeguards.

9. Your rights

Depending on where you live and which laws apply, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete personal data;
• request deletion of your personal data;
• request restriction of processing;
• object to certain processing;
• request portability of personal data, where applicable;
• withdraw consent where processing is based on consent;
• lodge a complaint with your local supervisory authority.

If you want to exercise your rights, contact us at support@vanclaro.com.

We may need to verify your identity before fulfilling certain requests.

If you are in the EEA, you may also lodge a complaint with the supervisory authority in your country of residence, work, or where the alleged infringement occurred.

10. Age requirement

Brizzy is intended only for users who are 18 years of age or older.

We do not knowingly provide the Service to children under 18. If you believe someone under 18 has provided personal data to us in violation of this policy, contact us and we will take appropriate steps.

11. Security

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

However, no system is completely secure, and we cannot guarantee absolute security.

12. Third-party services

The Service may contain links to or integrations with third-party services. Their privacy practices are governed by their own policies and notices.

We encourage you to review the privacy policies of third-party providers you choose to use, including Stripe, Google, Supabase, Vercel, Simple Analytics, and ElevenLabs where relevant.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will post the updated version on the Service and update the “Last updated” date above. Where appropriate, we may also provide additional notice.

Your continued use of the Service after the updated Privacy Policy takes effect means you acknowledge the revised policy.

14. Contact

If you have questions about this Privacy Policy or how we process personal data, contact us at: