Privacy Policy

Last Updated: April 5, 2026 · Effective Date: April 5, 2026

britoOS ("britoOS," "we," "us," or "our") is operated by Brito Marketing LLC, a Florida limited liability company located at 6303 Blue Lagoon Dr, Suite 400-2301, Miami, FL 33126, United States. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our AI-powered business operating system platform (the "Service"), accessible at britoos.com.

By accessing or using britoOS, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Phone number (optional)
  • Company/organization name
  • Billing and payment information (processed securely through Stripe)
  • Password (encrypted, never stored in plain text)

1.2 Service Data

Data you and your end users create while using the platform:

  • Conversations, messages, and communication logs
  • Contact and customer records
  • Pipeline and deal information
  • Calendar events and appointments
  • Documents, files, and attachments
  • AI-generated content and suggestions
  • Integration data synced from third-party platforms (Google, Meta, Telnyx, Stripe, etc.)

1.3 Usage Data

We automatically collect:

  • IP address and approximate geolocation
  • Browser type, operating system, and device information
  • Pages visited, features used, and actions taken within the platform
  • Timestamps and session duration
  • Referring URLs

1.4 Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Improve our Service

You may manage cookie preferences through your browser settings. Disabling certain cookies may limit platform functionality.

1.5 Sensitive Data

We do not intentionally collect sensitive personal data such as Social Security numbers, financial account numbers, health information, racial or ethnic origin, political opinions, religious beliefs, biometric data, or precise geolocation (beyond approximate city-level from IP). If you store such data within the platform as part of your customer records, you are the Data Controller for that information and are responsible for ensuring lawful collection and processing.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Operate, maintain, and improve britoOS features including conversations, pipeline, integrations, and AI capabilities
  • Process Payments: Handle subscriptions, billing, and invoicing through Stripe
  • AI Features:Power AI-driven suggestions, auto-replies, deal scoring, and automation using Anthropic's Claude API. AI processing uses your data only to provide responses within your account and is not used to train external AI models
  • Communications: Send transactional emails (account confirmations, billing receipts, security alerts) via Resend and marketing communications (with your consent)
  • Messaging: Deliver SMS and WhatsApp messages on your behalf through Telnyx
  • Integrations: Sync data with third-party services you connect (Google Calendar, Gmail, Meta, Stripe, etc.)
  • Analytics: Understand usage patterns and improve the platform
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with applicable laws and respond to lawful requests

3. Data Sharing and Disclosure

We do not sell your personal information. We share data only in these circumstances:

3.1 Service Providers (Sub-Processors)

We use trusted third-party vendors to deliver our Service:

ProviderPurposeData Location
SupabaseDatabase hosting, authentication, storageUnited States
VercelApplication hosting and deploymentUnited States
Anthropic (Claude)AI processing and intelligenceUnited States
StripePayment processingUnited States
TelnyxSMS and WhatsApp messagingUnited States
ResendTransactional email deliveryUnited States
GoogleCalendar and email sync (per user authorization)United States
MetaSocial media and ad management (per user authorization)United States

We will notify customers at least 30 days before adding new sub-processors. The current list is maintained at britoos.com/privacy.

3.2 Third-Party Integrations

When you connect third-party services (Google, Meta, Telnyx, Stripe, etc.), data flows between britoOS and those platforms as authorized by you. Each integration requires your explicit consent via OAuth authorization or API key entry. You can disconnect integrations at any time from Settings > Integrations.

3.3 Legal Requirements

We may disclose information to comply with applicable law, court orders, subpoenas, or government requests; to enforce our Terms of Service; or to protect the rights, property, or safety of britoOS, our users, or the public.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will provide notice before your data is subject to a different privacy policy.

4. Data Controller vs. Data Processor

britoOS operates in dual capacity:

  • Data Controller: For your account data, billing information, and platform usage analytics. We determine how and why this data is processed.
  • Data Processor: For end-user data that you (our customer) store in the platform — your contacts, conversations, deals, and customer records. You remain the Data Controller for this data, and we process it solely on your behalf per your instructions.

5. Multi-Tenant Data Isolation

britoOS is a multi-tenant platform. Your data is logically isolated from other customers through:

  • Row-Level Security (RLS): Database policies enforce tenant boundaries at the PostgreSQL level. Every query is scoped to your organization ID.
  • Encrypted Tokens: Integration credentials (OAuth tokens, API keys) are encrypted with AES-256-GCM encryption, unique per organization.
  • Access Controls: Application-level authorization prevents cross-tenant access.
  • Audit Logging: Data access is logged and monitored for anomalies.

6. Data Retention

Data TypeRetention Period
Account dataDuration of active subscription + 60 days after cancellation
Service data (contacts, conversations, deals)Duration of active subscription; deleted within 30 days of account closure upon request
Billing and tax records7 years (IRS requirement)
Usage and analytics data12 months
Server logs90 days
Backup data30 days (automated rotation)

You may request data deletion at any time by contacting privacy@britoos.com. We will process deletion requests within 30 days.

7. Data Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • AES-256-GCM encryption for sensitive data at rest (OAuth tokens, credentials)
  • Multi-factor authentication (MFA) support
  • Regular security assessments and monitoring
  • Access controls based on principle of least privilege
  • Automated backups with encryption

8. Your Rights

8.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Export your data in structured format (CSV)
  • Opt-Out: Unsubscribe from marketing communications at any time

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt-out of the sale or sharing of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights
  • Right to correct inaccurate personal information
  • Right to limit use and disclosure of sensitive personal information

We will respond to verified consumer requests within 45 days.

8.3 Florida Residents

Under the Florida Digital Bill of Rights (SB 262), Florida residents may have additional rights regarding personal data access, deletion, and opt-out of targeted advertising and data sales, subject to applicable thresholds. We process sensitive data only with your explicit consent.

8.4 European Union Residents (GDPR)

If you are an EU resident, you have rights under the General Data Protection Regulation including: access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing is contract performance (for Service delivery), legitimate interests (for analytics and security), and consent (for marketing). For GDPR inquiries, contact privacy@britoos.com.

9. AI and Automated Decision-Making

britoOS uses artificial intelligence (powered by Anthropic's Claude) to provide:

  • Reply suggestions and auto-responses
  • Deal scoring and pipeline predictions
  • Conversation summaries and insights
  • Content generation and automation

Important: AI features are assistive tools only. They do not make binding decisions about your account or your customers. AI-generated content does not constitute legal, financial, medical, or professional advice. Your data processed by AI is used solely to generate responses within your account session and is not used to train external AI models.

10. SMS and Messaging Compliance (TCPA)

When you use britoOS to send SMS or WhatsApp messages through Telnyx:

  • You are responsible for obtaining proper consent from your recipients before sending messages
  • Each message sender requires individual consent (per TCPA 2026 requirements)
  • Recipients can opt-out by replying STOP at any time
  • We process all opt-out requests immediately
  • Messages may only be sent between 8:00 AM and 9:00 PM in the recipient's local time zone
  • We maintain records of consent and opt-out requests

Mobile information and third parties: No mobile information collected through SMS opt-in (including your phone number and consent status) will be sold or shared with third parties or affiliates for promotional or marketing purposes. Mobile information may only be shared with the subprocessors that help us deliver the messaging service (e.g., Telnyx, our SMS provider) and never for their own marketing.

How we collect SMS consent:When you provide your phone number and opt in — via our web opt-in form, by texting a keyword such as START, or by verbal/written consent — we collect and use your mobile number solely to send the SMS messages you agreed to receive. Message frequency varies. Message and data rates may apply. Reply STOP to opt out at any time, or HELP for assistance.

11. Email Communications (CAN-SPAM)

All marketing emails include a clear unsubscribe link. We process unsubscribe requests within 10 business days. Our physical mailing address is: Brito Marketing LLC, 6303 Blue Lagoon Dr, Suite 400-2301, Miami, FL 33126.

12. Children's Privacy (COPPA)

britoOS is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@britoos.com.

13. International Data Transfers

britoOS is hosted in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the United States, which may have different data protection laws than your country. By using the Service, you consent to this transfer. For EU users, we rely on Standard Contractual Clauses (SCCs) as our data transfer mechanism.

14. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users without unreasonable delay
  • Notify the Florida Attorney General if 500+ Florida residents are affected
  • Notify EU supervisory authorities within 72 hours (for GDPR-covered data)
  • Provide details of the breach, data affected, and remediation steps

15. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

17. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

  • Email: privacy@britoos.com
  • Phone: +1 (305) 760-4411
  • Mail: Brito Marketing LLC, Attn: Privacy, 6303 Blue Lagoon Dr, Suite 400-2301, Miami, FL 33126, United States