PRIVACY POLICY
LAST UPDATED: APRIL 24, 2026
1. Introduction
Brizzox ("we", "our", "us") operates the Brizzox API Platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
2. Information We Collect
2.1 Account Information
- Email address (required for account creation)
- Name (optional, provided during signup or via Google OAuth)
- Authentication tokens (managed by AWS Cognito)
2.2 Billing Information
- Payment method details are processed and stored by Stripe. We do not store credit card numbers directly.
- Stripe customer ID and subscription information
- Transaction history and credit purchase records
2.3 Usage Data
- API request logs (endpoint, method, status code, latency, request parameters)
- Daily aggregated usage statistics per API
- Credit consumption records
2.4 Technical Data
- IP address, browser type, and device information (via server logs)
- Cookies for session management and preferences
3. How We Use Your Information
- To provide and maintain the Service, including authentication and API access
- To process payments and manage your subscription
- To track API usage and enforce rate limits
- To send transactional emails (welcome, billing, low credit warnings)
- To detect and prevent fraud, abuse, or security incidents
- To improve the Service based on usage patterns
4. Third-Party Services
We use the following third-party services that may process your data:
- AWS (Amazon Web Services) — Infrastructure hosting, Cognito authentication, database storage (RDS PostgreSQL), API Gateway
- Stripe — Payment processing, subscription management, billing portal
- Google — OAuth authentication (optional sign-in method)
- Resend — Transactional email delivery
Each of these services has its own privacy policy governing data handling.
5. Data Storage and Security
- Data is stored in AWS infrastructure located in the EU (eu-west-1 region)
- Database connections are encrypted with SSL/TLS
- API keys are stored using SHA-256 hashing and AES-256 encryption
- Passwords are managed by AWS Cognito with industry-standard hashing
- API request logs are retained for 90 days, then automatically deleted
6. Data Retention
- Account data is retained for as long as your account is active
- API request logs are retained for 90 days
- Aggregated usage statistics are retained indefinitely
- Billing records are retained as required by law
- Upon account deletion, personal data is removed within 30 days
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Object to or restrict processing
- Withdraw consent (where processing is based on consent)
To exercise these rights, contact us at admin@brizzox.com.
8. Cookies
We use essential cookies for authentication and session management. We also use a local storage preference for theme selection (dark/light mode). We do not use tracking cookies or share cookie data with third parties.
9. Children's Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top reflects the most recent revision.
11. Contact
For questions about this Privacy Policy or your data, contact us at admin@brizzox.com.