Privacy Policy
1. Introduction
Brosix is a business messaging service used by companies to organize internal communication.
This Privacy Policy explains:
- what data we collect through our website and during registration,
- how we process data on behalf of our customers when their teams use the Brosix platform, and
- what rights individuals have.
Important to know:
- For website visitors and account administrators, Brosix acts as a Data Controller.
- For end users (employees invited by customers), Brosix acts as a Data Processor, and the customer is the Data Controller.
2. Data We Collect Through the Website
2.1 Forms
- Contact form: name, email.
- Demo request: name, email, phone number.
- Free trial signup: name, email, phone number (administrator only).
- Additional details (company, address, etc.) may be added voluntarily after access to the platform.
2.2 Cookies and Tracking
- We use Google Analytics to understand how visitors use our site.
- We use advertising pixels (Google Ads, LinkedIn, Facebook) for remarketing purposes.
- Our website displays a cookie consent banner that allows you to manage your preferences.
2.3 Email Communication
- Marketing and informational emails: We may send onboarding tips, product updates, promotions, and newsletters. Every marketing email includes an unsubscribe link.
- Transactional emails: We send essential service-related emails (such as password resets, new user invitations, invoices, and payment reminders). These emails do not include an unsubscribe link, as they are required to deliver the service.
2.4 Live Chat on the Website
We occasionally provide live chat on our website using our own software. Any information you provide there is used only to respond to your request and is not shared with third parties.
3. Data We Process Through the Platform
3.1 Accounts and Profiles
- Administrators: name, email, phone number, password (always stored in hashed form).
- Users: username and password (mandatory), plus optional fields such as name, email, avatar, phone numbers, and website.
Whether users can edit their data depends on the administrator's settings. When an account is deleted, its data is immediately removed from active systems. Deleted data may remain in system backups for a limited time before being permanently erased.
3.2 Messages and Files
- Messages: stored on Brosix servers so the service can function (synchronization across devices, chat history). Customers control how long messages are retained. Brosix does not read or analyze message content.
- Files: stored temporarily on servers and automatically deleted after a defined period.
Deleted messages and files: may remain in system backups for a limited time before being permanently erased.
3.3 Logs and Technical Information
- We collect IP address, login time, and device type.
- Logs are used only for security and support purposes.
- Logs are automatically deleted after a defined retention period.
3.4 Support and Access
- Brosix has no technical ability to log into customer accounts or impersonate users.
- We never access customer messages or files under any circumstances.
- We do not collect automatic crash/error logs.
3.5 Administrator Control
Customer administrators have full control over their team network, including the ability to:
- create and delete users,
- define which features are available (chat, file transfer, history, etc.),
- set retention periods for chat history.
4. Data Location and Transfers
- By default, all customer data is stored on servers in the United States.
- European customers may request that their data be stored in the European Union.
- When personal data is transferred outside the EU, Brosix applies appropriate safeguards such as Standard Contractual Clauses (SCCs) in accordance with GDPR.
5. Agreements and Compliance
- Data Processing Agreement (DPA): Brosix offers DPAs upon request to clarify Processor ↔ Controller responsibilities.
- Business Associate Agreement (BAA): For customers in the healthcare sector, Brosix provides a HIPAA-compliant BAA upon request.
6. Data Subject Rights
- Website visitors and administrators: You have the right to request access, correction, deletion, restriction, objection, and data portability.
- Platform end users (employees): Requests should be directed to your employer (the customer administrator), who acts as the Data Controller.
To exercise your rights, please contact us
7. Data Retention
- Forms and marketing data: kept as long as necessary for the stated purpose or until you unsubscribe/request deletion.
- Platform data: retention is defined by customer administrators (default settings apply if unchanged).
- Logs: automatically deleted after a defined period.
8. Security
- Passwords are always stored in hashed form.
- All data in transit is encrypted using TLS, AES-256, and other industry-standard encryption algorithms.
- Brosix uses technical and organizational measures such as access controls, regular monitoring, and secure backups to protect information against unauthorized access, alteration, or disclosure.
9. Contact Us
If you have any questions about this Privacy Policy or our practices, please contact us