B
Brissa
Get Started

Privacy Policy

Last updated: December 19, 2024

1. Introduction

Welcome to Brissa ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our scheduling platform and services.

By using Brissa, you agree to the collection and use of information in accordance with this policy.

2. Data Controller vs. Data Processor

Brissa operates as a Data Processor under GDPR. The businesses that use our platform are the Data Controllers. When you book an appointment through our platform, the business you're booking with determines how your data is used.

  • Data Controller: The business providing services (salon, consultant, etc.)
  • Data Processor: Brissa (we process data on behalf of businesses)
  • Data Subject: You (the person booking appointments)

3. Information We Collect

3.1 Information You Provide

When you create an account or book an appointment, we collect:

  • Name (first and last)
  • Email address
  • Phone number (optional)
  • Appointment details (date, time, service selected)
  • Notes or messages related to appointments
  • Documents you upload (if applicable)

3.2 Automatically Collected Information

We automatically collect certain information when you use our platform:

  • IP address (for security and consent verification)
  • Browser type and version
  • Device information
  • Usage data (pages visited, features used)

4. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our scheduling service
  • To send appointment confirmations and reminders
  • To enable self-service rescheduling
  • To communicate with you about your appointments
  • To improve our platform and user experience
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on the following legal grounds:

  • Contractual Necessity: Processing is necessary to fulfill our service (managing appointments)
  • Consent: When you book an appointment, you consent to data processing for that purpose
  • Legitimate Interests: To improve our services and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Subprocessors

We share your data with trusted third-party service providers who help us operate our platform:

ProviderPurposeLocation
SupabaseDatabase, Authentication, StorageEU (Frankfurt)
VercelHosting and DeploymentUS (with EU regions)
ResendTransactional EmailsUS

All subprocessors have signed Data Processing Agreements (DPAs) and comply with GDPR requirements.

7. Data Retention

We retain your personal data only as long as necessary to provide our services and fulfill the purposes described in this policy. Appointment data is retained for the duration of your relationship with the business plus any legally required retention period.

You may request deletion of your data at any time by contacting the business where you booked appointments, or by contacting us directly.

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at studio@magnt.io.

9. Cookies

Brissa uses only essential cookies required for the platform to function. These include:

  • Authentication cookies: To keep you logged in
  • Session cookies: To maintain your session state

We do not use tracking cookies, analytics cookies, or advertising cookies. Essential cookies do not require consent under GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmitted via HTTPS encryption
  • Row Level Security (RLS) for multi-tenant data isolation
  • Secure authentication with email verification
  • Regular security updates and monitoring

11. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Children's Privacy

Our service is not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: studio@magnt.io
  • Company: Studio Magnt Donostia SL
Privacy Policy | Brissa