Privacy Policy
Last Updated: April 5, 2026 · Effective Date: April 5, 2026
britoOS ("britoOS," "we," "us," or "our") is operated by Brito Marketing LLC, a Florida limited liability company located at 6303 Blue Lagoon Dr, Suite 400-2301, Miami, FL 33126, United States. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our AI-powered business operating system platform (the "Service"), accessible at britoos.com.
By accessing or using britoOS, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Full name and email address
- Phone number (optional)
- Company/organization name
- Billing and payment information (processed securely through Stripe)
- Password (encrypted, never stored in plain text)
1.2 Service Data
Data you and your end users create while using the platform:
- Conversations, messages, and communication logs
- Contact and customer records
- Pipeline and deal information
- Calendar events and appointments
- Documents, files, and attachments
- AI-generated content and suggestions
- Integration data synced from third-party platforms (Google, Meta, Telnyx, Stripe, etc.)
1.3 Usage Data
We automatically collect:
- IP address and approximate geolocation
- Browser type, operating system, and device information
- Pages visited, features used, and actions taken within the platform
- Timestamps and session duration
- Referring URLs
1.4 Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to:
- Maintain your session and authentication state
- Remember your preferences and settings
- Analyze platform usage and performance
- Improve our Service
You may manage cookie preferences through your browser settings. Disabling certain cookies may limit platform functionality.
1.5 Sensitive Data
We do not intentionally collect sensitive personal data such as Social Security numbers, financial account numbers, health information, racial or ethnic origin, political opinions, religious beliefs, biometric data, or precise geolocation (beyond approximate city-level from IP). If you store such data within the platform as part of your customer records, you are the Data Controller for that information and are responsible for ensuring lawful collection and processing.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Operate, maintain, and improve britoOS features including conversations, pipeline, integrations, and AI capabilities
- Process Payments: Handle subscriptions, billing, and invoicing through Stripe
- AI Features:Power AI-driven suggestions, auto-replies, deal scoring, and automation using Anthropic's Claude API. AI processing uses your data only to provide responses within your account and is not used to train external AI models
- Communications: Send transactional emails (account confirmations, billing receipts, security alerts) via Resend and marketing communications (with your consent)
- Messaging: Deliver SMS and WhatsApp messages on your behalf through Telnyx
- Integrations: Sync data with third-party services you connect (Google Calendar, Gmail, Meta, Stripe, etc.)
- Analytics: Understand usage patterns and improve the platform
- Security: Detect and prevent fraud, abuse, and security incidents
- Legal Compliance: Comply with applicable laws and respond to lawful requests
3. Data Sharing and Disclosure
We do not sell your personal information. We share data only in these circumstances:
3.1 Service Providers (Sub-Processors)
We use trusted third-party vendors to deliver our Service:
| Provider | Purpose | Data Location |
|---|---|---|
| Supabase | Database hosting, authentication, storage | United States |
| Vercel | Application hosting and deployment | United States |
| Anthropic (Claude) | AI processing and intelligence | United States |
| Stripe | Payment processing | United States |
| Telnyx | SMS and WhatsApp messaging | United States |
| Resend | Transactional email delivery | United States |
| Calendar and email sync (per user authorization) | United States | |
| Meta | Social media and ad management (per user authorization) | United States |
We will notify customers at least 30 days before adding new sub-processors. The current list is maintained at britoos.com/privacy.
3.2 Third-Party Integrations
When you connect third-party services (Google, Meta, Telnyx, Stripe, etc.), data flows between britoOS and those platforms as authorized by you. Each integration requires your explicit consent via OAuth authorization or API key entry. You can disconnect integrations at any time from Settings > Integrations.
3.3 Legal Requirements
We may disclose information to comply with applicable law, court orders, subpoenas, or government requests; to enforce our Terms of Service; or to protect the rights, property, or safety of britoOS, our users, or the public.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will provide notice before your data is subject to a different privacy policy.
4. Data Controller vs. Data Processor
britoOS operates in dual capacity:
- Data Controller: For your account data, billing information, and platform usage analytics. We determine how and why this data is processed.
- Data Processor: For end-user data that you (our customer) store in the platform — your contacts, conversations, deals, and customer records. You remain the Data Controller for this data, and we process it solely on your behalf per your instructions.
5. Multi-Tenant Data Isolation
britoOS is a multi-tenant platform. Your data is logically isolated from other customers through:
- Row-Level Security (RLS): Database policies enforce tenant boundaries at the PostgreSQL level. Every query is scoped to your organization ID.
- Encrypted Tokens: Integration credentials (OAuth tokens, API keys) are encrypted with AES-256-GCM encryption, unique per organization.
- Access Controls: Application-level authorization prevents cross-tenant access.
- Audit Logging: Data access is logged and monitored for anomalies.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of active subscription + 60 days after cancellation |
| Service data (contacts, conversations, deals) | Duration of active subscription; deleted within 30 days of account closure upon request |
| Billing and tax records | 7 years (IRS requirement) |
| Usage and analytics data | 12 months |
| Server logs | 90 days |
| Backup data | 30 days (automated rotation) |
You may request data deletion at any time by contacting privacy@britoos.com. We will process deletion requests within 30 days.
7. Data Security
We implement industry-standard security measures including:
- TLS/SSL encryption for all data in transit
- AES-256-GCM encryption for sensitive data at rest (OAuth tokens, credentials)
- Multi-factor authentication (MFA) support
- Regular security assessments and monitoring
- Access controls based on principle of least privilege
- Automated backups with encryption
8. Your Rights
8.1 All Users
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete data
- Deletion: Request deletion of your personal data
- Portability: Export your data in structured format (CSV)
- Opt-Out: Unsubscribe from marketing communications at any time
8.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights:
- Right to know what personal information is collected and how it is used
- Right to delete personal information
- Right to opt-out of the sale or sharing of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
- Right to correct inaccurate personal information
- Right to limit use and disclosure of sensitive personal information
We will respond to verified consumer requests within 45 days.
8.3 Florida Residents
Under the Florida Digital Bill of Rights (SB 262), Florida residents may have additional rights regarding personal data access, deletion, and opt-out of targeted advertising and data sales, subject to applicable thresholds. We process sensitive data only with your explicit consent.
8.4 European Union Residents (GDPR)
If you are an EU resident, you have rights under the General Data Protection Regulation including: access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing is contract performance (for Service delivery), legitimate interests (for analytics and security), and consent (for marketing). For GDPR inquiries, contact privacy@britoos.com.
9. AI and Automated Decision-Making
britoOS uses artificial intelligence (powered by Anthropic's Claude) to provide:
- Reply suggestions and auto-responses
- Deal scoring and pipeline predictions
- Conversation summaries and insights
- Content generation and automation
Important: AI features are assistive tools only. They do not make binding decisions about your account or your customers. AI-generated content does not constitute legal, financial, medical, or professional advice. Your data processed by AI is used solely to generate responses within your account session and is not used to train external AI models.
10. SMS and Messaging Compliance (TCPA)
When you use britoOS to send SMS or WhatsApp messages through Telnyx:
- You are responsible for obtaining proper consent from your recipients before sending messages
- Each message sender requires individual consent (per TCPA 2026 requirements)
- Recipients can opt-out by replying STOP at any time
- We process all opt-out requests immediately
- Messages may only be sent between 8:00 AM and 9:00 PM in the recipient's local time zone
- We maintain records of consent and opt-out requests
Mobile information and third parties: No mobile information collected through SMS opt-in (including your phone number and consent status) will be sold or shared with third parties or affiliates for promotional or marketing purposes. Mobile information may only be shared with the subprocessors that help us deliver the messaging service (e.g., Telnyx, our SMS provider) and never for their own marketing.
How we collect SMS consent:When you provide your phone number and opt in — via our web opt-in form, by texting a keyword such as START, or by verbal/written consent — we collect and use your mobile number solely to send the SMS messages you agreed to receive. Message frequency varies. Message and data rates may apply. Reply STOP to opt out at any time, or HELP for assistance.
11. Email Communications (CAN-SPAM)
All marketing emails include a clear unsubscribe link. We process unsubscribe requests within 10 business days. Our physical mailing address is: Brito Marketing LLC, 6303 Blue Lagoon Dr, Suite 400-2301, Miami, FL 33126.
12. Children's Privacy (COPPA)
britoOS is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@britoos.com.
13. International Data Transfers
britoOS is hosted in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the United States, which may have different data protection laws than your country. By using the Service, you consent to this transfer. For EU users, we rely on Standard Contractual Clauses (SCCs) as our data transfer mechanism.
14. Data Breach Notification
In the event of a data breach affecting your personal information, we will:
- Notify affected users without unreasonable delay
- Notify the Florida Attorney General if 500+ Florida residents are affected
- Notify EU supervisory authorities within 72 hours (for GDPR-covered data)
- Provide details of the breach, data affected, and remediation steps
15. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
17. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
- Email: privacy@britoos.com
- Phone: +1 (305) 760-4411
- Mail: Brito Marketing LLC, Attn: Privacy, 6303 Blue Lagoon Dr, Suite 400-2301, Miami, FL 33126, United States