Privacy Policy

1. Introduction

BravoScheduler, Inc. ("we", "us", or "our") operates the BravoScheduler platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy applies to information we collect through the Service and through email, text, and other electronic communications.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Personal Information

We collect information that identifies, relates to, describes, or could reasonably be linked with you ("Personal Information"). The categories of Personal Information we collect include:

• Account Information: Name, email address, password, company name, and role
• Profile Information: Job title, department, work schedule, availability preferences
• Billing Information: Payment method details, billing address, transaction history (processed securely by Stripe)
• Communication Data: Email correspondence, support tickets, feedback
• Usage Data: Project data, task information, schedules, team member assignments, time tracking data

2.2 Automatically Collected Information

When you access or use the Service, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, time spent on pages, referring URLs
• Cookies and Tracking: Session data, preferences, authentication tokens
• Analytics Data: Feature usage, performance metrics, error logs

2.3 Information from Third Parties

We may receive information about you from third-party services you connect to our platform, such as calendar integrations, authentication providers, or payment processors. We only collect information necessary to provide and improve the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Create and manage your account, process transactions, deliver core platform functionality
• Improve the Service: Analyze usage patterns, develop new features, optimize performance, fix bugs
• Communication: Send service updates, security alerts, billing notifications, respond to inquiries
• Marketing: Send promotional materials, product announcements (with your consent, and you can opt-out)
• Security: Detect and prevent fraud, abuse, and security incidents, enforce our Terms of Service
• Legal Compliance: Comply with legal obligations, respond to lawful requests from authorities
• AI Features: Process your data to provide AI-powered scheduling, recommendations, and analytics
• Analytics: Understand how users interact with the Service, measure effectiveness of features

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your Personal Information under the following legal bases:

• Contract Performance: Processing necessary to provide the Service you have subscribed to
• Legitimate Interests: Improving our Service, preventing fraud, ensuring security
• Legal Obligations: Compliance with applicable laws and regulations
• Consent: Marketing communications, certain data processing activities (you can withdraw consent at any time)

5. How We Share Your Information

We do not sell your Personal Information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

• Hosting and Infrastructure: Vercel, Supabase (for database and application hosting)
• Payment Processing: Stripe (for subscription billing and payment processing)
• Email Services: Resend (for transactional and marketing emails)
• Analytics: Service analytics providers (if applicable)
• AI Services: OpenAI or similar providers (for AI-powered features)

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

5.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, national security requests).

5.4 Protection of Rights

We may disclose information where we believe it necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Service.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Retention

We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: We retain data for as long as your account is active
• Deleted Accounts: We delete or anonymize your data within 90 days of account deletion, except where retention is required for legal compliance
• Billing Records: We retain billing and transaction data for 7 years to comply with tax and accounting regulations
• Legal Holds: We may retain data longer when required for litigation, investigations, or regulatory compliance

You can request deletion of your account and data at any time by contacting us at privacy@bravoscheduler.com.

7. Data Security

We implement appropriate technical and organizational security measures to protect your Personal Information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data in transit is encrypted using TLS 1.2 or higher; data at rest is encrypted using AES-256
• Access Controls: Strict role-based access controls, multi-factor authentication for administrative access
• Infrastructure Security: Hosting on secure, SOC 2 compliant infrastructure
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Incident Response: Documented procedures for responding to data breaches
• Employee Training: Regular security awareness training for all team members

While we strive to protect your Personal Information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any breach that compromises your data.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to access your Personal Information and request a copy in a portable format. You can export your data directly from the platform or request it by contacting us.

8.2 Correction and Update

You can update your account information, profile details, and preferences at any time through your account settings. Contact us if you need assistance correcting your information.

8.3 Deletion

You have the right to request deletion of your Personal Information. You can delete your account through account settings or by contacting privacy@bravoscheduler.com. Note that we may retain certain information as required by law or for legitimate business purposes.

8.4 Objection and Restriction

You have the right to object to certain processing of your Personal Information and to request restriction of processing. Contact us to exercise these rights.

8.5 Withdraw Consent

Where we rely on your consent to process Personal Information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

8.6 Marketing Opt-Out

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by updating your communication preferences in account settings.

8.7 Do Not Track

Some browsers have a "Do Not Track" feature. Currently, we do not respond to Do Not Track signals because there is no industry standard for how to interpret them.

9. International Data Transfers

We are based in the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for international data transfers:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with all sub-processors
• Compliance with applicable data protection frameworks

10. Children's Privacy

The Service is not intended for use by children under the age of 18. We do not knowingly collect Personal Information from children under 18. If we become aware that we have collected Personal Information from a child under 18, we will take steps to delete that information. If you believe we have collected information from a child under 18, please contact us immediately at privacy@bravoscheduler.com.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of Personal Information we have collected about you
• Right to Delete: You can request deletion of your Personal Information, subject to certain exceptions
• Right to Opt-Out: We do not sell Personal Information, so there is no need to opt-out of sales
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, contact us at privacy@bravoscheduler.com. We will verify your identity before processing your request.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information and to improve and analyze our Service.

12.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service
• Performance Cookies: Collect information about Service performance

12.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service. Most browsers accept cookies automatically, but you can modify your browser settings to decline cookies if you prefer.

13. Third-Party Links

Our Service may contain links to third-party websites or services that are not owned or controlled by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit.

14. Data Breach Notification

In the event of a data breach that compromises your Personal Information, we will notify you and any applicable regulatory authorities within 72 hours of becoming aware of the breach, as required by law. The notification will include the nature of the breach, the data affected, and steps we are taking to address the breach.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for material changes)
• Displaying a prominent notice in the Service

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after we post modifications constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you also have the right to lodge a complaint with your local supervisory authority.