Privacy at a Glance
- We collect only what we need to provide the service
- We never sell your personal data to third parties
- You can request deletion of your data at any time
- We use industry-standard security measures
1Introduction
BringIt ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using BringIt, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the platform.
2Data Controller
The data controller responsible for your personal data is:
brngit
Email: privacy@brngit.com
3Information We Collect
Information You Provide
- Account information: Name, email address, profile photo
- Profile information: Phone number (optional), location (country, city)
- Transaction data: Item requests, proposals, delivery details
- Communications: Messages sent through the platform, support requests
- Reviews: Ratings and feedback you provide about other users
Information Collected Automatically
- Device information: IP address, browser type, operating system
- Usage data: Pages visited, time spent, search queries, clicks
- Cookies: Session identifiers, preferences, analytics data
Information from Third Parties
- OAuth providers: Name, email, and profile photo from Google/Apple when you sign in
- Payment processor: Transaction status from Stripe (we do not store full card details)
4Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
Contract Performance
Processing necessary to provide the BringIt service: account creation, transaction processing, messaging between users, delivery coordination.
Legitimate Interests
Fraud prevention, platform security, service improvement, and analytics to understand usage patterns. We balance our interests against your rights.
Consent
Marketing communications (you can opt out anytime), non-essential cookies, and optional features.
Legal Obligation
Tax records, fraud reporting, responding to legal requests from authorities.
5How We Use Your Information
We use your information to:
- Provide, maintain, and improve our services
- Process transactions and send related information
- Enable communication between shoppers and travelers
- Send administrative communications (account verification, security alerts)
- Respond to your comments, questions, and support requests
- Send marketing communications (with your consent)
- Monitor and analyze usage patterns to improve the platform
- Detect, prevent, and address fraud, abuse, and security issues
- Comply with legal obligations
6Information Sharing
We may share your information with:
- Other users: Your public profile (name, avatar, reviews) is visible to other users. When you interact with another user, they see your name and can message you.
- Service providers: Third-party companies that help us operate the platform (see Third-Party Services section below).
- Legal requirements: When required by law, court order, or government request.
- Business transfers: In connection with a merger, acquisition, or sale of assets.
We do NOT sell your personal information to third parties for advertising or marketing purposes.
7Third-Party Services
We use the following third-party services to operate the platform:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Payment details, billing address | USA (EU-US DPF) |
| Google Analytics | Usage analytics | IP address, browsing behavior | USA (EU-US DPF) |
| Google OAuth | Authentication | Name, email, profile photo | USA (EU-US DPF) |
| Vercel | Hosting | IP address, request logs | USA/EU |
8International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure adequate protection through:
- EU-US Data Privacy Framework: For US-based services certified under the DPF (Stripe, Google)
- Standard Contractual Clauses: EU-approved model contracts for international transfers
- Adequacy decisions: Transfers to countries with adequate data protection laws
You can request more information about our international transfer safeguards by contacting us.
9Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve the platform:
Required for the platform to function. Cannot be disabled.
Examples: Session cookies, authentication tokens, CSRF protection
Remember your preferences and settings.
Examples: Language preference, theme settings
Help us understand how you use the platform.
Examples: Google Analytics (_ga, _gid)
You can control cookies through your browser settings. Note that disabling essential cookies may prevent the platform from functioning properly.
10Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit: All data transmitted via HTTPS/TLS
- Encryption at rest: Sensitive data encrypted in our databases
- Secure authentication: Passwords hashed with bcrypt, OAuth 2.0 support
- Access controls: Role-based access, principle of least privilege
- Regular audits: Security reviews and vulnerability assessments
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you promptly if a data breach occurs.
11Data Retention
We retain your data for as long as necessary to provide our services:
- Account data: Retained while your account is active
- Transaction records: 7 years (legal/tax requirements)
- Messages: 2 years after last activity, then anonymized
- Analytics data: 26 months (Google Analytics default)
When you delete your account, we remove or anonymize your personal data within 30 days, except where retention is required by law.
12Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
To exercise these rights, contact us at privacy@brngit.com. We will respond within 30 days.
13Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or significantly affects you without human involvement.
Basic automated processes (like fraud detection flags) are always reviewed by our team before any action is taken on your account.
14Children's Privacy
BringIt is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.
If you believe a child has provided us with personal information, please contact us at privacy@brngit.com.
15Right to Lodge a Complaint
If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. In France, this is:
CNIL (Commission Nationale de l'Informatique et des Libertés)
Website: www.cnil.fr
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
We encourage you to contact us first at privacy@brngit.com so we can address your concerns directly.
16Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Platform. The "Last updated" date at the top indicates when the policy was last revised.
Your continued use of BringIt after changes constitutes acceptance of the updated policy.
17Contact Us
If you have questions about this Privacy Policy or our data practices:
Privacy inquiries: privacy@brngit.com
General support: contact@brngit.com