Privacy Policy
1. Who we are
Brimky is operated by Custom Software Solutions LLC, a Delaware limited liability company. Mailing address: 8 The Green #18856, Dover, DE 19901, United States.
We are the controller of personal data we collect for our own purposes (running the Brimky platform) and a processor / service provider for personal data Client uploads or collects through their site (see the section on customer websites below).
Privacy questions: [email protected].
2. Data we collect
- Client name, business info, email, phone
- Billing information and payment records (processed via Stripe / our payment processor)
- CMS login and session data
- CMS submissions and support messages
- Website content Client uploads
- Form submissions, if routed through us
- IP addresses, device and browser data
- Server logs and security logs
- Abuse-screening logs and AI screening outputs
- AI chat-assistant conversation content (your messages and the assistant’s replies, persisted to our database when you are signed in). Pre-sales chat on the marketing page is stateless — the content is sent to our AI provider for that exchange and not stored on our servers.
- Real-person (“human team”) chat messages you exchange with us — persisted so the build team can read and reply.
- Behavioural analytics events on the marketing pages: page views, template interactions, outbound link clicks, chat opens. Stored against a random browser token only — no name, email, or account identifier — see our Cookie Policy for the full list and opt-out controls.
- Cookies and analytics data — see our Cookie Policy
3. How we use data
- To provide and maintain the Services
- To host Client websites
- To process payments and manage subscriptions
- To provide customer support
- To secure the platform and detect abuse
- To screen submitted CMS changes
- To improve the Services
- To comply with legal obligations
- To enforce our Terms and AUP
4. AI / internal screening disclosure
We may process submitted website changes and related metadata using automated or AI-assisted tools to help identify security, abuse, spam, malware, policy, or operational risks. AI does not make final legal or compliance determinations — see the AI screening clause in our Terms.
5. Third-party processors
We share data, by category, with:
- Hosting providers
- Domain and DNS providers
- Payment processors
- Email providers
- Analytics providers
- AI and security tool providers
- Customer-support tools
- Cloud-storage providers
- Contractors and service providers under written agreement
A current subprocessor list is available on request from [email protected].
6. Retention
- Account information: while the account is active
- Security and operational logs: for security, legal, and business purposes
- Backups: for limited periods; some data may remain in backups after deletion until those backups expire
- Payment and tax records: as required by applicable law
7. Customer websites
If Client uses the Services to collect information from visitors, leads, or customers, Client is responsible for providing legally adequate privacy notices, obtaining required consents, and complying with applicable privacy laws (including GDPR / UK GDPR, CCPA, and state-level laws such as Delaware’s privacy law where applicable).
For business clients subject to GDPR, a Data Processing Addendum is available on request.
8. Your rights
Depending on where you live you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing. To exercise these rights, email [email protected]. We may need to verify your identity before acting on a request.
California residents (CCPA / CPRA)
California residents may have additional rights including the right to know what categories of personal information we collect, request deletion or correction, and limit the use of sensitive information. We do not sell personal information and we do not share it for cross-context behavioral advertising. To exercise CCPA rights or designate an authorized agent, contact [email protected].
EU / UK residents (GDPR / UK GDPR)
EU and UK residents have rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to lodge a complaint with your supervisory authority. Where we are processor on behalf of a Client (e.g. form submissions through Client’s site), please contact the Client first; we will cooperate with the controller on lawful requests.
9. Data security
We apply reasonable administrative, technical, and physical safeguards to protect personal data — including encryption in transit, restricted internal access, two-factor authentication on admin accounts, regular software patching, and least-privilege roles. No system is perfectly secure, and we cannot guarantee that unauthorized access will never occur.
10. Breach notification
Where we become aware of a personal-data breach affecting Client or Client-customer data, we will notify the affected Client without undue delay and provide reasonable information to support the Client’s own notification obligations under applicable law.
11. International transfers
Brimky is operated from the United States. Data may be processed in the United States and in countries where our subprocessors operate. Where required, we rely on standard contractual clauses or other lawful transfer mechanisms.
12. Children
The Services are not intended for use by children under 13. We do not knowingly collect personal information from children under 13. See also the Children / Sensitive Data section of our CMS Submission Policy.
13. Changes to this Privacy Policy
We may update this Privacy Policy. Material changes will be announced via the Brimky website, the dashboard, or by email.