Get In Touch
131 Continental Dr, Newark, DE 19713, USA
[email protected]
Ph: +260.95.492.2329
Work Inquiries
[email protected]
Ph: +260.95.492.2329
Back

Privacy Policy

Effective Date: December 30, 2025
Last Updated: December 30, 2025

Introduction

Welcome to Broos Action Inc (“Broos Action,” “we,” “us,” or “our”). We are committed to protecting your privacy and ensuring transparency about how we collect, use, store, and share your personal information. This Privacy and Cookie Policy explains our data practices in compliance with the General Data Protection Regulation (GDPR), the ePrivacy Directive, the California Consumer Privacy Act (CCPA), the Digital Markets Act (DMA), and other applicable data protection laws worldwide.

This policy applies to all visitors, users, and customers of our websites, applications, and services (collectively, the “Services”), including but not limited to:

  • broosaction.com, broos.io, broos.app, broos.link, and all subdomains
  • Aria Studio (our low-code development platform)
  • Broos Action Office (our privacy-focused collaboration suite)
  • Cloud Hosting Services
  • API Services
  • All other products and services provided by Broos Action

By accessing or using our Services, you agree to the terms outlined in this Privacy and Cookie Policy. If you do not agree, please discontinue use of our Services immediately.

1. Information We Collect

We collect various types of information to provide, maintain, improve, and secure our Services. The categories of information we collect include:

1.1 Personal Information You Provide

When you interact with our Services, you may voluntarily provide us with personal information, including but not limited to:

Account Registration Information:

  • Full name
  • Email address
  • Company name
  • Phone number
  • Business address
  • Job title
  • Username and password (stored as cryptographic hashes)
  • Profile picture (optional)
  • Payment information (processed securely by third-party payment processors)

Communication Information:

  • Contact details when you reach out to our support team
  • Content of your messages, emails, and chat communications
  • Support tickets and customer service interactions
  • Feedback, survey responses, and testimonials

Business Information:

  • Tax identification numbers (for business accounts)
  • Billing addresses
  • Purchase history and transaction records
  • Subscription preferences
  • Contract and agreement documentation

User-Generated Content:

  • Content you create, upload, or store using our Services (e.g., applications built on Aria Studio, files stored on our cloud infrastructure, documents in Broos Action Office)
  • Comments, reviews, and forum posts

1.2 Information Automatically Collected

When you access our Services, we automatically collect certain technical information:

Device Information:

  • IP address (masked or anonymized where required by law)
  • Browser type and version
  • Operating system and device type (desktop, mobile, tablet)
  • Device identifiers (e.g., advertising ID, device ID)
  • Screen resolution and display settings
  • Time zone and language preferences

Usage Information:

  • Pages visited and features used
  • Time and date of visits
  • Duration of sessions
  • Clickstream data (navigation paths through our website)
  • Referral source (which website or ad directed you to us)
  • Search queries within our Services
  • Error logs and diagnostic data

Location Information:

  • Approximate geographic location derived from IP address (city, region, country)
  • Precise location data (only if you explicitly grant permission, such as for mobile apps)

Cookies and Similar Technologies:

  • Information collected via cookies, web beacons, pixels, local storage, and similar tracking technologies (see Section 5 for full details)

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

Business Partners:

  • Resellers, affiliates, and referral partners who recommend our Services
  • Integration partners whose services you connect with our platform

Data Enrichment Services:

  • Third-party data providers who help us verify and enhance contact information for business purposes

Social Media Platforms:

  • If you choose to connect your social media accounts, we may receive profile information you’ve made publicly available

Public Databases:

  • Publicly available business information, such as company directories and industry databases

1.4 Sensitive Personal Information

We generally do not collect or process sensitive personal information (such as health data, biometric data, racial or ethnic origin, political opinions, or religious beliefs) unless required for specific services and with your explicit consent.

2. How We Collect Information

We collect information through various methods:

2.1 Direct Interactions

You provide information directly when you:

  • Create an account or subscribe to our Services
  • Fill out forms on our website or applications
  • Contact our customer support or sales teams
  • Participate in surveys, webinars, or events
  • Subscribe to newsletters or marketing communications
  • Post comments, reviews, or forum contributions

2.2 Automated Technologies

We collect information automatically through:

  • Cookies and tracking technologies (see Section 5)
  • Server logs that record technical information about your interactions
  • Analytics tools that measure website and application performance
  • Error tracking systems that capture diagnostic information when issues occur

2.3 Third-Party Sources

We receive information from:

  • Payment processors who handle transactions on our behalf
  • Authentication providers if you use single sign-on (SSO) services
  • Advertising networks that provide campaign performance data
  • Data partners who help us maintain accurate business contact information

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery and Performance

  • Provide Services: Deliver, operate, and maintain our Services, including account management, hosting, APIs, and software platforms
  • Process Transactions: Handle billing, payments, invoicing, and subscription management
  • Customer Support: Respond to inquiries, troubleshoot issues, and provide technical assistance
  • Personalization: Customize your experience based on preferences, usage patterns, and account settings
  • Communication: Send transactional emails (e.g., order confirmations, password resets, service notifications)

3.2 Service Improvement and Development

  • Analytics: Analyze usage patterns, feature adoption, and performance metrics to improve our Services
  • Research and Development: Develop new features, products, and services based on user feedback and market trends
  • Testing: Conduct A/B testing and experimentation to optimize user experience
  • Bug Fixes: Identify and resolve technical issues, errors, and security vulnerabilities

3.3 Security and Fraud Prevention

  • Security Monitoring: Detect, prevent, and respond to security incidents, unauthorized access, and malicious activity
  • Fraud Detection: Identify and prevent fraudulent transactions, abuse, and violations of our Terms of Service
  • Authentication: Verify user identity and prevent account takeovers
  • Compliance: Ensure adherence to legal obligations and internal policies

3.4 Marketing and Advertising

  • Promotional Communications: Send newsletters, product updates, special offers, and marketing materials (with your consent where required)
  • Targeted Advertising: Display personalized ads based on your interests, behavior, and demographics (with your consent where required under GDPR, CCPA, and similar laws)
  • Retargeting: Show ads to users who have previously visited our website or engaged with our content
  • Campaign Measurement: Analyze the effectiveness of our marketing campaigns and optimize advertising spend

3.5 Legal and Compliance Purposes

  • Legal Obligations: Comply with applicable laws, regulations, legal processes, and governmental requests
  • Dispute Resolution: Resolve disputes, enforce our agreements, and protect our legal rights
  • Auditing: Conduct internal and external audits for compliance and quality assurance
  • Business Transfers: Facilitate mergers, acquisitions, asset sales, or other corporate transactions

3.6 With Your Consent

  • Special Projects: Use your information for purposes not listed here, with your explicit consent obtained at the time of collection

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal information based on the following legal grounds:

4.1 Contractual Necessity

We process your information to fulfill our contractual obligations when you:

  • Sign up for an account
  • Subscribe to paid Services
  • Enter into agreements with us

Examples: Account creation, service delivery, billing, customer support.

4.2 Legitimate Interests

We process your information based on our legitimate business interests, which include:

  • Improving and developing our Services
  • Marketing and promoting our products (where not requiring explicit consent)
  • Preventing fraud and ensuring security
  • Analyzing website and application performance

Balancing Test: We ensure our legitimate interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 11).

4.3 Consent

We obtain your explicit consent before processing personal information for:

  • Personalized advertising (including interest-based ads, retargeting, and demographic targeting)
  • Analytics cookies (for detailed user behavior tracking)
  • Marketing communications (newsletters, promotional emails)
  • Precise location tracking (if applicable)

You may withdraw your consent at any time by adjusting your cookie preferences, unsubscribing from emails, or contacting us.

4.4 Legal Obligations

We process your information to comply with:

  • Tax and accounting requirements
  • Data protection and privacy laws
  • Court orders, subpoenas, and legal processes
  • Regulatory investigations and audits

4.5 Vital Interests

In rare cases, we may process your information to protect vital interests, such as preventing harm or safeguarding life.

5. Cookies and Similar Technologies

We use cookies, web beacons, pixels, local storage, and similar tracking technologies to collect information, improve user experience, and deliver personalized content and advertising.

5.1 What Are Cookies?

Cookies are small text files placed on your device (computer, smartphone, tablet) by websites you visit. They allow websites to recognize your device, remember your preferences, and track your activity across sessions.

Types of Cookies:

Session Cookies: Temporary cookies that expire when you close your browser. Used for essential functions like maintaining login sessions.

Persistent Cookies: Remain on your device for a specified period or until manually deleted. Used for remembering preferences and tracking long-term behavior.

First-Party Cookies: Set by Broos Action directly. Used for core website functionality and analytics.

Third-Party Cookies: Set by external services (e.g., advertising networks, analytics providers). Used for advertising, tracking, and measurement across multiple websites.

5.2 Categories of Cookies We Use

We classify cookies into the following categories based on their purpose:

5.2.1 Strictly Necessary Cookies

Purpose: Essential for the operation of our Services. Without these cookies, core features (e.g., secure login, account access, shopping cart) would not function.

Examples:

  • Authentication cookies (keep you logged in)
  • Security cookies (prevent fraud and unauthorized access)
  • Load balancing cookies (distribute traffic across servers)
  • Session management cookies

Legal Basis: These cookies do not require consent under GDPR and ePrivacy Directive, as they are necessary for the service you’ve requested.

Opt-Out: You cannot disable these cookies without losing access to essential functionality. However, you can delete them by clearing your browser cache.

5.2.2 Performance and Analytics Cookies

Purpose: Collect information about how visitors use our Services, including which pages are visited most often, navigation paths, error messages, and performance metrics. This helps us improve website functionality and user experience.

Examples:

  • Google Analytics
  • Hotjar
  • Mixpanel
  • Custom analytics platforms

Legal Basis: Consent (GDPR, ePrivacy Directive). These cookies are not strictly necessary and require your explicit consent before being set.

Opt-Out: You can disable these cookies via our cookie consent banner or browser settings. Disabling them will not affect core functionality but may limit our ability to improve Services based on usage data.

Data Collected:

  • Pages viewed, time on page, bounce rate
  • Browser type, device type, screen resolution
  • Referral sources (how you found our website)
  • Click patterns and scroll depth

Retention Period: Analytics cookies typically expire after 2 years, though some session-based cookies expire when you close your browser.

5.2.3 Functionality Cookies

Purpose: Remember your preferences and settings to provide a personalized experience. These cookies enhance usability but are not essential for core functionality.

Examples:

  • Language preferences
  • Font size and accessibility settings
  • Region or currency selection
  • “Remember me” login features

Legal Basis: Legitimate interests (GDPR). In some jurisdictions, consent may be required.

Opt-Out: You can disable these cookies, but doing so may result in a less personalized experience (e.g., you’ll need to reset language preferences on each visit).

Retention Period: Typically 1–2 years, depending on the specific cookie.

5.2.4 Targeting and Advertising Cookies

Purpose: Deliver personalized advertisements based on your interests, behavior, demographics, and browsing history. These cookies track your activity across multiple websites to build a profile for targeted advertising.

Examples:

  • Google Ads (DoubleClick)
  • Google AdSense
  • Facebook Pixel
  • LinkedIn Insight Tag
  • Twitter Ads
  • Retargeting pixels from ad networks

Legal Basis: Explicit consent (GDPR, ePrivacy Directive, CCPA). These cookies require your clear, affirmative consent before being set.

Opt-Out: You can disable advertising cookies via our cookie consent banner. You can also opt out of personalized ads through:

Data Collected:

  • Websites visited (both ours and third-party sites)
  • Ads clicked and viewed
  • Products browsed or purchased
  • Demographic information (age, gender, interests)
  • Device and location data

Retention Period: Typically 30 days to 2 years, depending on the ad network.

Important Note: If you opt out of advertising cookies, you will still see ads, but they will not be personalized based on your behavior. Ads will be contextual (based on the content of the page you’re viewing) rather than interest-based.

5.3 Other Tracking Technologies

In addition to cookies, we use:

Web Beacons (Pixels): Small, invisible images embedded in emails or web pages that track whether content has been viewed or an email has been opened.

Local Storage: Browser storage mechanisms (e.g., HTML5 local storage, IndexedDB) that store data locally on your device for improved performance and offline functionality.

Device Fingerprinting: Techniques that collect information about your device configuration (browser version, installed fonts, screen resolution, etc.) to create a unique identifier. We use fingerprinting sparingly and only for fraud prevention and security purposes, not for advertising.

Server Logs: Automatically generated records of requests made to our servers, including IP address, request time, URL accessed, and HTTP status code.

5.4 Managing Your Cookie Preferences

You have several options to control cookies:

5.4.1 Cookie Consent Banner

When you first visit our website, you will see a cookie consent banner with three options:

  1. Accept All: Consent to all cookie categories (Strictly Necessary, Performance, Functionality, Advertising).
  2. Reject All: Decline optional cookies. Only Strictly Necessary cookies will be set.
  3. Manage Preferences: Customize which cookie categories you accept. You can enable or disable Performance, Functionality, and Advertising cookies individually.

Your consent choices are stored in a cookie (ironically) so that we remember your preferences on future visits. This consent cookie expires after 12 months, at which point you will be prompted again.

5.4.2 Browser Settings

Most web browsers allow you to:

  • Block all cookies
  • Block third-party cookies (while allowing first-party cookies)
  • Delete existing cookies
  • Receive notifications before a cookie is set

How to Manage Cookies by Browser:

  • Google Chrome: Settings > Privacy and Security > Cookies and other site data
  • Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Apple Safari: Preferences > Privacy > Cookies and website data
  • Microsoft Edge: Settings > Cookies and site permissions > Manage and delete cookies

Important: Disabling all cookies may break core functionality of our Services, such as login and account access.

5.4.3 Opt-Out Tools

For advertising cookies, you can use industry opt-out tools:

5.4.4 Do Not Track (DNT)

Some browsers offer a “Do Not Track” setting. At present, there is no universally accepted standard for how websites should respond to DNT signals. We do not currently respond to DNT signals, but we honor your cookie consent choices made through our consent banner.

5.5 Cookie List

Below is a non-exhaustive list of cookies we and our third-party partners and we may use:

Cookie NameTypePurposeDurationProvider
session_idStrictly NecessaryMaintains your login sessionSessionBroos Action
csrf_tokenStrictly NecessaryPrevents cross-site request forgery attacksSessionBroos Action
consent_statusStrictly NecessaryStores your cookie consent preferences12 monthsBroos Action
_gaPerformance/AnalyticsGoogle Analytics tracking cookie2 yearsGoogle
_gidPerformance/AnalyticsGoogle Analytics tracking cookie24 hoursGoogle
_gatPerformance/AnalyticsGoogle Analytics throttle cookie1 minuteGoogle
__hstcPerformance/AnalyticsHubSpot tracking cookie13 monthsHubSpot
_fbpAdvertisingFacebook Pixel tracking90 daysFacebook
IDEAdvertisingGoogle DoubleClick advertising13 monthsGoogle
frAdvertisingFacebook advertising90 daysFacebook
ads/ga-audiencesAdvertisingGoogle Ads remarketingSessionGoogle

Note: This list is regularly updated. For the most current list, please visit our cookie management page or contact [email protected].

6. Third-Party Advertising and Analytics

We use third-party services to deliver advertisements and analyze user behavior. These services may collect information about your online activities over time and across different websites.

6.1 Google AdSense

We use Google AdSense to display advertisements on our websites. AdSense uses cookies and other tracking technologies to:

  • Show personalized ads based on your interests and browsing history
  • Deliver contextual ads based on the content of the page you’re viewing
  • Measure ad performance (impressions, clicks, conversions)
  • Prevent fraud and invalid traffic

What Google Collects:

  • IP address (may be anonymized)
  • Cookie identifiers
  • Pages visited on our site
  • Referral URL
  • Browser and device information
  • Ad interactions (clicks, views)

Your Choices:

  • Personalized Ads: You can opt out of personalized advertising by visiting Google Ads Settings
  • Non-Personalized Ads: If you opt out, you will still see ads, but they will be contextual (based on page content) rather than interest-based
  • Cookie Consent: You can manage your consent for Google AdSense cookies through our cookie consent banner

Google’s Privacy Policy: https://policies.google.com/privacy

Google’s Ad Technology Providers: Google works with third-party ad networks and exchanges. A full list is available at https://support.google.com/admanager/answer/9012903

6.2 Google Analytics

We use Google Analytics to analyze website traffic and user behavior. Google Analytics uses cookies to collect information such as:

  • How you found our website
  • Which pages you visit and how long you stay
  • Your geographic location (country, region, city)
  • Browser, device, and operating system
  • Demographics (age, gender, interests) if you’ve enabled this in your Google account

Your Choices:

Data Retention: We have configured Google Analytics to retain user and event data for 26 months.

IP Anonymization: We have enabled IP anonymization, which masks the last octet of your IP address before storage.

Google Analytics Privacy Policy: https://policies.google.com/privacy

6.3 Other Analytics and Advertising Partners

We may also use the following third-party services:

Facebook Pixel: Tracks conversions from Facebook ads and enables retargeting.

LinkedIn Insight Tag: Tracks conversions and enables retargeting on LinkedIn.

Hotjar: Provides heatmaps and session recordings to understand user behavior.

Mixpanel: Tracks product usage and engagement.

To comply with GDPR, the ePrivacy Directive, and the Digital Markets Act (DMA), we have implemented Google Consent Mode v2 and adhere to the IAB Europe Transparency & Consent Framework (TCF) v2.2 standards.

7.1 Google Consent Mode v2

What is Google Consent Mode?

Google Consent Mode is a framework that allows our website to adjust how Google tags (e.g., Google Analytics, Google Ads, Google AdSense) behave based on your consent choices. When you interact with our cookie consent banner, your choices are communicated to Google’s services, which then adjust their data collection accordingly.

Consent Parameters:

Google Consent Mode uses the following consent parameters:

  1. ad_storage: Controls whether cookies can be set for advertising purposes (e.g., remarketing, personalized ads).
  2. analytics_storage: Controls whether cookies can be set for analytics purposes (e.g., Google Analytics).
  3. ad_user_data: Controls whether user data can be sent to Google for advertising purposes.
  4. ad_personalization: Controls whether user data can be used for personalized advertising (e.g., remarketing lists, custom audiences).

How It Works:

Before Consent: By default, all consent parameters are set to denied. Google tags do not set cookies or collect identifiable user data until you provide consent.

After Consent:

  • If you accept advertising cookies: ad_storagead_user_data, and ad_personalization are set to granted. Google can set advertising cookies and use your data for personalized ads.
  • If you accept analytics cookies: analytics_storage is set to granted. Google Analytics can set cookies and track your behavior.
  • If you reject cookies: Parameters remain denied. Google uses privacy-preserving measurement techniques (e.g., cookieless pings, conversion modeling) to provide aggregate insights without identifying you personally.

Advanced vs. Basic Consent Mode:

  • Advanced Consent Mode (Default): Google tags load immediately but do not set cookies or send identifiable data until consent is granted. This enables conversion modeling and aggregate measurement even when users decline cookies.
  • Basic Consent Mode: Google tags do not load at all until consent is granted. This provides the strictest privacy protection but prevents any measurement for users who decline.

We use Advanced Consent Mode to balance privacy with measurement needs, ensuring compliance while still gaining insights from aggregate, anonymized data.

Analytics Storage and TCF Purpose 1:

We have enabled consent mode for analytics purposes, interpreting TCF Purpose 1 (Store and/or access information on a device) as the consent signal for analytics_storage. This means that when you consent to Purpose 1 through our IAB TCF-compliant consent banner, Google Analytics is permitted to store and access cookies on your device.

7.2 IAB Transparency & Consent Framework (TCF) v2.2

What is the IAB TCF?

The IAB Europe Transparency & Consent Framework (TCF) is an industry-standard protocol that helps publishers (like us), advertisers, and technology vendors comply with GDPR and the ePrivacy Directive. It standardizes how user consent is collected, communicated, and respected across the digital advertising ecosystem.

How We Use the IAB TCF:

We use Google’s IAB GDPR Consent Management Platform (CMP) to collect and manage your consent. This CMP:

  • Presents you with a consent banner listing all purposes and vendors
  • Allows you to accept all, reject all, or manage preferences granularly
  • Stores your consent choices in a standardized format (TC String) in a first-party cookie
  • Shares your consent choices with participating vendors in the IAB Global Vendor List (GVL)

Purposes and Legal Bases:

The IAB TCF defines 10 purposes for which personal data may be processed. For each purpose, we seek one of two legal bases:

  1. Consent: Requires your explicit, affirmative action (e.g., clicking “Accept”).
  2. Legitimate Interest: Allows processing without consent, but you have the right to object.

IAB TCF Purposes We Use:

PurposeDescriptionLegal BasisYour Control
Purpose 1Store and/or access information on a deviceConsentAccept/Reject in banner
Purpose 2Use limited data to select advertisingLegitimate InterestObject via banner
Purpose 3Create profiles for personalized advertisingConsentAccept/Reject in banner
Purpose 4Use profiles to select personalized advertisingConsentAccept/Reject in banner
Purpose 5Create profiles to personalize contentConsentAccept/Reject in banner
Purpose 6Use profiles to select personalized contentConsentAccept/Reject in banner
Purpose 7Measure advertising performanceLegitimate InterestObject via banner
Purpose 8Measure content performanceLegitimate InterestObject via banner
Purpose 9Understand audiences through statistics or combinations of dataLegitimate InterestObject via banner
Purpose 10Develop and improve servicesLegitimate InterestObject via banner

Special Purposes (No Consent Required):

The IAB TCF also defines Special Purposes, which do not require consent or legitimate interest because they are essential for the functioning of the service:

  • Special Purpose 1: Ensure security, prevent fraud, and debug
  • Special Purpose 2: Technically deliver ads or content

Features:

The TCF defines Features, which describe specific ways data might be used but do not constitute standalone purposes:

  • Feature 1: Match and combine data from other data sources
  • Feature 2: Link different devices

You can object to Features through our consent banner.

Vendors:

We work with third-party vendors (ad networks, analytics providers, etc.) who are registered in the IAB Global Vendor List (GVL). When you provide consent or legitimate interest, your choices are communicated to these vendors via the TC String.

Selected Ad Partners:

Because we use Google’s IAB GDPR CMP, the ad partners we select in our Google Ad Manager or AdSense settings are automatically populated into our consent messages. This ensures that only vendors you’ve consented to can process your data for advertising.

Your selected ad partners will apply to both personalized and non-personalized ads.

7.3 EEA, UK, and Switzerland User Consent

We collect consent specifically for users located in the European Economic Area (EEA)United Kingdom (UK), and Switzerland to ensure compliance with:

  • GDPR (General Data Protection Regulation)
  • ePrivacy Directive
  • UK GDPR
  • Swiss Federal Act on Data Protection (FADP)
  • Digital Markets Act (DMA)

Consent Message:

When you first visit our site from the EEA, UK, or Switzerland, you will see a consent banner with three options:

  1. Consent (Accept All): You consent to all purposes and vendors. Personalized ads, analytics, and all features are enabled.
  2. Do Not Consent (Reject All): You decline optional cookies. Only Strictly Necessary cookies and Special Purposes are enabled. You will see non-personalized, contextual ads.
  3. Manage Options: You can review and customize your choices for each purpose, vendor, and feature.

Consent Storage:

Your consent choices are stored in a first-party cookie (consent_status or similar) that expires after 12 months. After expiration, you will be prompted to renew your consent.

Withdrawing Consent:

You can withdraw or modify your consent at any time by:

  • Clicking the “Privacy Settings” or “Cookie Settings” link in our website footer
  • Accessing your browser’s cookie management tools

7.4 Impact on Advertising and Analytics

If You Consent:

  • Google AdSense delivers personalized ads based on your interests and browsing history.
  • Google Analytics tracks your behavior in detail, providing insights into user journeys and engagement.
  • Remarketing and retargeting campaigns can reach you on other websites and platforms.

If You Do Not Consent:

  • Google AdSense delivers non-personalized, contextual ads based on the content of the page you’re viewing, not your personal interests.
  • Google Analytics uses cookieless pings and conversion modeling to provide aggregate insights without identifying you personally.
  • Remarketing and retargeting are disabled.
  • Your experience on our website is not affected, but our ability to measure and optimize is reduced.

8. Data Sharing and Third-Party Disclosure

We share your personal information only in the limited circumstances described below. We do not sell your personal information to third parties.

8.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

Cloud Hosting and Infrastructure:

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform

Payment Processing:

  • Stripe
  • Lenco
  • powerpay
  • iMali

Email and Communication Services:

  • SendGrid
  • Mailchimp
  • Twilio

Customer Support:

  • Zendesk
  • Intercom

Analytics and Marketing:

  • Google Analytics
  • HubSpot
  • Mixpanel

Advertising Networks:

  • Google AdSense
  • Facebook Ads
  • LinkedIn Ads
  • Broos IO

These service providers have access to your personal information only to perform specific tasks on our behalf and are contractually obligated to:

  • Process your data only as instructed by us
  • Implement appropriate security measures
  • Comply with applicable data protection laws
  • Not use your data for their own purposes

8.2 Business Transfers

If Broos Action undergoes a merger, acquisition, bankruptcy, dissolution, reorganization, asset sale, or similar transaction, your personal information may be transferred to the successor entity or buyer. We will notify you (via email and/or prominent notice on our website) of any such change and any choices you may have regarding your personal information.

8.3 Legal Requirements

We may disclose your personal information if required to do so by law or in response to:

  • Court orders, subpoenas, or legal processes
  • Requests from law enforcement, government agencies, or regulatory authorities
  • National security or public safety requirements

We will challenge overly broad or inappropriate requests and, where permitted by law, notify you of such requests.

8.4 Protection of Rights

We may disclose your information to:

  • Enforce our Terms of Service, Acceptable Use Policy, or other agreements
  • Protect the rights, property, or safety of Broos Action, our users, or the public
  • Investigate and prevent fraud, security breaches, or illegal activity
  • Defend against legal claims

8.5 With Your Consent

We may share your information with third parties when you explicitly consent, such as:

  • Integrating third-party applications with your Broos Action account
  • Participating in co-marketing campaigns or partnerships
  • Sharing testimonials or case studies (with your permission)

8.6 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you. This data may be used for:

  • Industry research and benchmarking
  • Public reports and statistics
  • Marketing and promotional materials

Example: “Broos Action users in Europe saw a 30% increase in productivity” (no individual user is identified).

9. International Data Transfers

Broos Action is headquartered in the United States, and our Services are hosted on servers located in multiple countries, including the United States, Europe, and other regions. If you are accessing our Services from outside the United States, please be aware that your personal information may be transferred to, stored in, and processed in countries where data protection laws may differ from those in your jurisdiction.

9.1 Transfers from the EEA, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, we rely on the following mechanisms to ensure adequate protection for your personal information:

Standard Contractual Clauses (SCCs): We use the European Commission’s Standard Contractual Clauses (also known as Model Clauses) with our service providers to ensure GDPR-compliant data transfers.

Adequacy Decisions: We transfer data to countries that the European Commission has determined provide an adequate level of data protection (e.g., Canada for commercial organizations under PIPEDA).

Data Processing Agreements (DPAs): We enter into DPAs with all service providers who process personal data on our behalf, requiring them to implement appropriate technical and organizational measures.

Your Rights: Despite international transfers, you retain all rights under GDPR, including the right to access, correct, delete, and port your data (see Section 11).

9.2 Transfers to the United States

We comply with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (if applicable) as recognized by the U.S. Department of Commerce. Where we rely on service providers who participate in these frameworks, we ensure they are certified and compliant.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

10.1 Retention Periods

Account Information:

  • Active Accounts: Retained for the duration of your account’s active status.
  • Closed Accounts: Deleted within 30 days of account closure, except where retention is required by law or legitimate business interests (e.g., resolving disputes, preventing fraud).
  • Backup Copies: Residual data may persist in backups for up to 90 days.

Transaction Records:

  • Retained for 7 years to comply with tax, accounting, and financial regulations.

Communication Records:

  • Customer Support: Retained for 3 years to provide ongoing support and resolve disputes.
  • Marketing Communications: Retained until you unsubscribe or object, after which data is deleted within 30 days.

Usage and Analytics Data:

  • Google Analytics: Retained for 26 months (configurable).
  • Server Logs: Retained for 90 days for security monitoring and debugging.

Cookies:

  • Cookie expiration periods vary by type (see Section 5.5).

10.2 Deletion Upon Request

You can request deletion of your personal information at any time (see Section 11.3). We will comply with deletion requests within 30 days, except where retention is required by:

  • Legal obligations (e.g., tax records, regulatory requirements)
  • Ongoing disputes or legal claims
  • Security and fraud prevention

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

11.1 Rights Under GDPR (EEA, UK, Switzerland)

Right to Access: Request a copy of the personal information we hold about you.

Right to Rectification: Correct inaccurate or incomplete personal information.

Right to Erasure (“Right to Be Forgotten”): Request deletion of your personal information, subject to legal exceptions.

Right to Restriction of Processing: Limit how we use your personal information in certain circumstances.

Right to Data Portability: Receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling.

Right to Withdraw Consent: Withdraw consent for processing activities that require consent (e.g., marketing emails, advertising cookies).

Right to Lodge a Complaint: File a complaint with your national data protection authority if you believe we have violated your rights.

Contact Information for EEA/UK Data Protection Authorities:

11.2 Rights Under CCPA/CPRA (California Residents)

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.

Right to Delete: Request deletion of your personal information, subject to legal exceptions.

Right to Opt-Out of Sale or Sharing: We do not sell your personal information. However, under CCPA, “sharing” for cross-context behavioral advertising may qualify as a “sale.” You can opt out of this by disabling advertising cookies.

Right to Correct: Request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information in ways that trigger this right.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights (e.g., by denying services, charging different prices, or providing a different level of service).

Authorized Agents: You may designate an authorized agent to make requests on your behalf. We will verify the agent’s authority.

Contact Information: To exercise your CCPA rights, email [email protected] or call +1 (XXX) XXX-XXXX.

11.3 How to Exercise Your Rights

To exercise any of the rights described above:

Email: [email protected]
Subject Line: “Privacy Rights Request – [Your Name]”
Include:

  • Your full name
  • Email address associated with your account
  • Specific right you wish to exercise
  • Any additional information to help us verify your identity

Verification: To protect your privacy, we will verify your identity before processing requests. This may involve:

  • Confirming your email address
  • Asking for account credentials
  • Requesting additional identification (e.g., government ID)

Response Time: We will respond to requests within 30 days (GDPR) or 45 days (CCPA), with possible extensions if the request is complex.

No Fee: We do not charge a fee for processing requests unless they are manifestly unfounded, excessive, or repetitive.

12. Children’s Privacy

Our Services are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction, such as 13 in the U.S. under COPPA). We do not knowingly collect personal information from children.

If we become aware that we have inadvertently collected personal information from a child without parental consent, we will take immediate steps to delete such information.

Parents/Guardians: If you believe your child has provided us with personal information, please contact us immediately at [email protected], and we will delete it promptly.

13. Security Measures

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. For full details, see our Security Page.

Key Security Measures:

  • Encryption: TLS 1.3 for data in transit; AES-256 for data at rest.
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA).
  • Monitoring: 24/7 security monitoring, intrusion detection, and incident response.
  • Compliance: SOC 2 Type II, ISO 27001, GDPR, HIPAA (where applicable).

User Responsibility: You are responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any unauthorized access.

14. Changes to This Policy

We may update this Privacy and Cookie Policy from time to time to reflect changes in our practices, legal requirements, or Services. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Notify you by email (if you have an account)
  • Display a prominent notice on our website
  • Request renewed consent if required by law

We encourage you to review this policy periodically. Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.

Version History: Previous versions of this policy are available upon request by contacting [email protected].

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy and Cookie Policy or our data practices, please contact us:

Broos Action Innovations
Data Protection Officer

Email: [email protected]
Phone: +260954922329

Response Time: We aim to respond to all inquiries within 3 business days.

Additional Resources

This website stores cookies on your computer. Cookie Policy