Privacy Policy - BriskTool

Privacy First: Most BriskTool tools process your files entirely in your browser. Your files never leave your device and are never uploaded to our servers.

1. Data Controller

The data controller for BriskTool is:

BriskTool
Nashville, Tennessee, USA
Privacy inquiries: [email protected]
Data Protection Officer: [email protected]

2. Information We Collect

Information you provide:

Email address - only if you subscribe to a paid plan or restore purchases
Payment information - processed securely by Stripe (PCI DSS Level 1 certified). We never see, store, or have access to your card number

Information collected automatically:

Analytics data - page views and tool usage counts via Google Analytics 4 (only with your consent)
Technical data - browser type, operating system, screen resolution (anonymized, via analytics)

What we do NOT collect:

Your files or file contents (processed client-side in your browser)
IP addresses for analytics purposes
Browser fingerprints or cross-site tracking identifiers
Location data beyond country-level (derived from analytics, anonymized)

3. Lawful Basis for Processing (GDPR)

We process personal data under the following lawful bases:

Consent - analytics cookies (Google Analytics 4) are only set after explicit consent via our cookie banner
Contract performance - processing payment data to fulfill your subscription or purchase
Legitimate interest - improving the Service, preventing fraud, and ensuring security
Legal obligation - retaining payment records for tax and accounting purposes

You may withdraw consent for analytics at any time by clearing your browser cookies or clicking "Decline" on the cookie banner.

4. How We Use Your Information

To provide, maintain, and improve the Service
To process payments and manage subscriptions (via Stripe)
To send transactional emails - receipts, account updates, security alerts
To respond to support requests
To analyze aggregated usage patterns to improve tools (with consent)

We do NOT sell your data. We do NOT share your personal data with third parties for advertising, marketing, or profiling purposes.

5. File Processing

Client-side tools (the majority): Files are processed entirely in your browser using JavaScript and WebAssembly. Your files never leave your device. We have zero access to your files. This applies to PDF tools, image tools, calculators, converters, audio tools, video tools, and developer tools.

Server-side tools (if applicable): If a tool requires server processing, this is clearly indicated on the tool page. Files are transmitted via 256-bit TLS encryption, processed in memory, and immediately deleted. Files are never stored on disk or retained beyond the processing session.

6. Cookies & Storage

We implement Google Consent Mode v2. Analytics cookies are blocked by default until you explicitly consent.

Cookie/Storage	Purpose	Duration	Requires Consent
`brisktool_theme`	Theme preference (light/dark)	1 year	No (essential)
`brisktool_session`	Pro account session	1 year	No (essential)
`brisktool_consent`	Cookie consent preference	1 year	No (essential)
`_ga`, `_ga_*`	Google Analytics 4	2 years	Yes
localStorage	Usage limits, preferences	Persistent (device only)	No (essential)

7. Third-Party Services

We use the following third-party services, each with their own privacy policies:

Google Analytics 4 - website analytics (with consent only) - Privacy Policy
Google Tag Manager - tag management - Privacy Policy
Cloudflare - hosting, CDN, DDoS protection, and edge computing - Privacy Policy
Stripe - payment processing (PCI DSS Level 1) - Privacy Policy
Google AdSense - display advertising on free tier (with consent) - Privacy Policy

8. International Data Transfers

Your personal data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place:

Stripe - certified under the EU-US Data Privacy Framework
Google - uses Standard Contractual Clauses (SCCs) for EU data transfers
Cloudflare - certified under the EU-US Data Privacy Framework and uses SCCs

9. Data Retention

Account data - retained for the duration of your account, deleted within 30 days of account closure
Payment records - retained for 7 years to comply with tax and accounting regulations
Analytics data - retained for 26 months (Google Analytics 4 default), then automatically deleted
Support correspondence - retained for 2 years, then deleted
Processed files - never retained (client-side processing; files are never on our servers)

10. Your Rights

GDPR Rights (EU/EEA/UK residents):

Right of Access - request a copy of your personal data
Right to Rectification - correct inaccurate personal data
Right to Erasure - request deletion of your personal data
Right to Restrict Processing - limit how we process your data
Right to Data Portability - receive your data in a structured, machine-readable format
Right to Object - object to processing based on legitimate interest
Right to Withdraw Consent - withdraw analytics consent at any time
Right to Lodge a Complaint - you may file a complaint with your local data protection supervisory authority

CCPA Rights (California residents):

Under the California Consumer Privacy Act, you have the right to:

Right to Know - what personal information we collect, use, and disclose
Right to Delete - request deletion of your personal information
Right to Opt Out - opt out of the sale of personal information (we do NOT sell personal information)
Right to Non-Discrimination - we will not discriminate against you for exercising your rights

Categories of Personal Information (CCPA disclosure):

Category	Examples	Collected
Identifiers	Email address	Only if you subscribe
Commercial info	Purchase/subscription history	Only if you subscribe
Internet activity	Pages visited, tools used	With consent (analytics)
Financial info	Payment card details	Processed by Stripe only
Biometric data	N/A	Never collected
Geolocation	N/A	Never collected

To exercise any of these rights, email [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA).

11. Security

All connections are encrypted with 256-bit TLS (HTTPS enforced)
Infrastructure protected by Cloudflare WAF and DDoS mitigation
Payment processing through Stripe (PCI DSS Level 1 certified - the highest level)
No file storage - client-side processing eliminates server-side data breach risk
Database access restricted to authenticated API endpoints with HMAC signature verification

12. Automated Decision-Making

BriskTool does not use automated decision-making or profiling that produces legal effects concerning you. Usage limits are applied uniformly based on your subscription tier, not on individual profiling.

13. Children's Privacy

BriskTool is not directed at children under 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly. Parents or guardians may contact us at [email protected] to request deletion.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new "Last updated" date. For material changes, we will provide notice via the Service or email (if you have an account). Continued use of the Service after the update constitutes acceptance.

15. Contact

BriskTool
Nashville, Tennessee, USA

Privacy & data requests: [email protected]

General inquiries: [email protected]