Privacy Policy
Last updated: April 5, 2026
Privacy First: Most BriskTool tools process your files entirely in your browser. Your files never leave your device and are never uploaded to our servers.
1. Data Controller
The data controller for BriskTool is:
Down Home Ventures, LLC dba BriskTool
Nashville, Tennessee, USA
Privacy inquiries: [email protected]
Data Protection Officer: [email protected]
2. Information We Collect
Information you provide:
- Email address — only if you subscribe to a paid plan or restore purchases
- Payment information — processed securely by Stripe (PCI DSS Level 1 certified). We never see, store, or have access to your card number
Information collected automatically:
- Analytics data — page views and tool usage counts via Google Analytics 4 (only with your consent)
- Technical data — browser type, operating system, screen resolution (anonymized, via analytics)
What we do NOT collect:
- Your files or file contents (processed client-side in your browser)
- IP addresses for analytics purposes
- Browser fingerprints or cross-site tracking identifiers
- Location data beyond country-level (derived from analytics, anonymized)
3. Lawful Basis for Processing (GDPR)
We process personal data under the following lawful bases:
- Consent — analytics cookies (Google Analytics 4) are only set after explicit consent via our cookie banner
- Contract performance — processing payment data to fulfill your subscription or purchase
- Legitimate interest — improving the Service, preventing fraud, and ensuring security
- Legal obligation — retaining payment records for tax and accounting purposes
You may withdraw consent for analytics at any time by clearing your browser cookies or clicking "Decline" on the cookie banner.
4. How We Use Your Information
- To provide, maintain, and improve the Service
- To process payments and manage subscriptions (via Stripe)
- To send transactional emails — receipts, account updates, security alerts
- To respond to support requests
- To analyze aggregated usage patterns to improve tools (with consent)
We do NOT sell your data. We do NOT share your personal data with third parties for advertising, marketing, or profiling purposes.
5. File Processing
Client-side tools (the majority): Files are processed entirely in your browser using JavaScript and WebAssembly. Your files never leave your device. We have zero access to your files. This applies to PDF tools, image tools, calculators, converters, audio tools, video tools, and developer tools.
Server-side tools (if applicable): If a tool requires server processing, this is clearly indicated on the tool page. Files are transmitted via 256-bit TLS encryption, processed in memory, and immediately deleted. Files are never stored on disk or retained beyond the processing session.
6. Cookies & Storage
We implement Google Consent Mode v2. Analytics cookies are blocked by default until you explicitly consent.
| Cookie/Storage | Purpose | Duration | Requires Consent |
|---|---|---|---|
brisktool_theme | Theme preference (light/dark) | 1 year | No (essential) |
brisktool_session | Pro account session | 1 year | No (essential) |
brisktool_consent | Cookie consent preference | 1 year | No (essential) |
_ga, _ga_* | Google Analytics 4 | 2 years | Yes |
| localStorage | Usage limits, preferences | Persistent (device only) | No (essential) |
7. Third-Party Services
We use the following third-party services, each with their own privacy policies:
- Google Analytics 4 — website analytics (with consent only) — Privacy Policy
- Google Tag Manager — tag management — Privacy Policy
- Cloudflare — hosting, CDN, DDoS protection, and edge computing — Privacy Policy
- Stripe — payment processing (PCI DSS Level 1) — Privacy Policy
- Google AdSense — display advertising on free tier (with consent) — Privacy Policy
8. International Data Transfers
Your personal data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place:
- Stripe — certified under the EU-US Data Privacy Framework
- Google — uses Standard Contractual Clauses (SCCs) for EU data transfers
- Cloudflare — certified under the EU-US Data Privacy Framework and uses SCCs
9. Data Retention
- Account data — retained for the duration of your account, deleted within 30 days of account closure
- Payment records — retained for 7 years to comply with tax and accounting regulations
- Analytics data — retained for 26 months (Google Analytics 4 default), then automatically deleted
- Support correspondence — retained for 2 years, then deleted
- Processed files — never retained (client-side processing; files are never on our servers)
10. Your Rights
GDPR Rights (EU/EEA/UK residents):
- Right of Access — request a copy of your personal data
- Right to Rectification — correct inaccurate personal data
- Right to Erasure — request deletion of your personal data
- Right to Restrict Processing — limit how we process your data
- Right to Data Portability — receive your data in a structured, machine-readable format
- Right to Object — object to processing based on legitimate interest
- Right to Withdraw Consent — withdraw analytics consent at any time
- Right to Lodge a Complaint — you may file a complaint with your local data protection supervisory authority
CCPA Rights (California residents):
Under the California Consumer Privacy Act, you have the right to:
- Right to Know — what personal information we collect, use, and disclose
- Right to Delete — request deletion of your personal information
- Right to Opt Out — opt out of the sale of personal information (we do NOT sell personal information)
- Right to Non-Discrimination — we will not discriminate against you for exercising your rights
Categories of Personal Information (CCPA disclosure):
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Email address | Only if you subscribe |
| Commercial info | Purchase/subscription history | Only if you subscribe |
| Internet activity | Pages visited, tools used | With consent (analytics) |
| Financial info | Payment card details | Processed by Stripe only |
| Biometric data | N/A | Never collected |
| Geolocation | N/A | Never collected |
To exercise any of these rights, email [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA).
11. Security
- All connections are encrypted with 256-bit TLS (HTTPS enforced)
- Infrastructure protected by Cloudflare WAF and DDoS mitigation
- Payment processing through Stripe (PCI DSS Level 1 certified — the highest level)
- No file storage — client-side processing eliminates server-side data breach risk
- Database access restricted to authenticated API endpoints with HMAC signature verification
12. Automated Decision-Making
BriskTool does not use automated decision-making or profiling that produces legal effects concerning you. Usage limits are applied uniformly based on your subscription tier, not on individual profiling.
13. Children's Privacy
BriskTool is not directed at children under 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly. Parents or guardians may contact us at [email protected] to request deletion.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new "Last updated" date. For material changes, we will provide notice via the Service or email (if you have an account). Continued use of the Service after the update constitutes acceptance.
15. Contact
Down Home Ventures, LLC dba BriskTool
Nashville, Tennessee, USA
Privacy & data requests: [email protected]
General inquiries: [email protected]