Privacy Policy.

This Privacy Policy applies to Brevor Tech, Inc. and its operating subsidiaries (Brevor Tech NY, LLC; Brevor Tech Florida, LLC; Brevor Tech Canada Inc.; Brevor Tech APAC Pte. Ltd.) when we act as a controller of personal information. When Brevor acts as a processor on behalf of an enterprise customer, the customer's privacy policy and our Data Processing Addendum govern that processing instead.

The Policy applies to information we collect through our products (the Bridge product family), our website (brevortech.com), our recruitment process, and our business operations. It applies to website visitors, prospective customers, customer end users where Brevor is a controller, partners, investors, and operators.

Specific deployment-level practices may add to or refine what is described here. Customers and their data subjects should consult the deployment-specific documentation provided at deployment kickoff.

Information you provide directly: We collect information you submit when you contact sales (talk@brevortech.com), press and research (research@brevortech.com), careers (careers@brevortech.com), or general (contact@brevortech.com). This typically includes your name, email address, employer, and the contents of your communication.

Information collected automatically: When you visit brevortech.com, we collect technical information necessary to operate the site — IP address, browser type, operating system, referring URL, pages accessed, and timestamps. We do not use third-party analytics that profile visitors. We do not use advertising cookies.

Cookies: brevortech.com uses essential cookies necessary to operate the site. Analytics and marketing cookies are disabled by default and require explicit consent.

Information from third parties: When you are introduced to Brevor by an existing customer, operator, or partner, we may receive your name, role, and organization from the introducer.

Information through products: Bridge products process information on behalf of customer organizations. Brevor's role in that processing is governed by the DPA at /legal/dpa.

We use information to respond to inquiries, scope deployments, deliver products, operate our business, and meet legal obligations.

For website visitors: we use information to operate brevortech.com, secure our infrastructure, and analyze aggregate site performance. We do not profile individual visitors.

For prospective customers: we use information to respond to inquiries, schedule scoping calls, and provide product information.

For active customers: deployment-specific processing is governed by the DPA. As a controller, we hold business-contact information under this Policy.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use personal information to train models — Bridge products are not trained on customer data.

Where the GDPR applies, our lawful bases for processing are: contractual necessity, legitimate interests, consent (for non-essential cookies), and legal obligation.

For deployments where Brevor acts as a processor, the customer organization is the controller and identifies the lawful basis. Brevor processes such data only on documented instructions from the customer, per the DPA.

We retain personal information only as long as necessary. Active inquiries are retained throughout the conversation; closed inquiries for 3 years. Customer business-contact information is retained for the duration of the relationship and for 7 years thereafter. Operator information is retained for the duration of employment and 7 years thereafter. Website logs are retained for 90 days.

Deployment-level retention is governed by the customer's instructions and the DPA. Audit trails follow the retention configured per deployment (default 7 years; 10 years HIPAA-aligned for Bridge Health).

We use sub-processors to operate our infrastructure (Amazon Web Services, Microsoft Azure, Google Cloud Platform, Snowflake, Databricks, Okta, Datadog, Cloudflare). The current sub-processor list is at /security.

We share information with sub-processors only as necessary, under appropriate data protection agreements. We do not disclose personal information for third-party marketing purposes.

Brevor operates from offices in the United States, Canada, and Singapore, with sub-processors in additional regions. We transfer personal information internationally under appropriate safeguards including Standard Contractual Clauses and adequacy decisions.

Customers with data localization requirements should discuss them with their account team during deployment scoping. Single-tenant deployments support data residency in specific cloud regions.

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal information, and to withdraw consent. You can exercise these rights by writing to privacy@brevortech.com. We respond within 30 days.

For data subjects of customers' Bridge deployments: please direct rights requests to the customer organization, which is the controller. We support customers in responding under the DPA.

You may lodge complaints with your data protection supervisory authority.

Brevor Tech does not knowingly collect personal information from children under 13 through our website or operations.

Bridge Edu deployments to K-12 institutions process student data on behalf of educational institutions under FERPA, COPPA, and equivalent laws. The institution is the controller; Brevor is the processor.

We update this Policy as our practices, products, or applicable laws change. Material changes are notified to active customers through their account team and to website visitors through a banner. The 'Last updated' date reflects the most recent revision.

For privacy inquiries and data subject rights requests: privacy@brevortech.com.

For deployment-level requests: please contact the customer organization that is the controller for your data; Brevor will support the customer's response.

Postal: Brevor Tech, Inc., 169 11th Street, San Francisco, CA.