Brixor/Privacy Policy

Privacy Policy

Last updated: March 1, 2026

Introduction

Brixor, Inc. ("Brixor," "we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard information when you use our contractor management platform at brixor.ai.

By using Brixor, you agree to the practices described in this policy. If you do not agree, please discontinue use and contact us at privacy@brixor.ai to request deletion of your data.

Data We Collect

We collect information in the following categories:

Account Information

  • Full name and email address (provided during sign-up or via Google OAuth)
  • Profile picture (optional, synced from Google if you use Google sign-in)
  • Business name, address, phone number, and trade type
  • Password (hashed with bcrypt — we never store plaintext passwords)

Business Data

  • Projects, estimates, invoices, and contracts you create within the platform
  • Client contact information you enter (names, emails, phone numbers, addresses)
  • Line items, pricing, and notes within estimates and invoices

Payment Information

  • Subscription billing is handled entirely by Stripe, Inc.
  • We do not store credit card numbers, CVVs, or bank account details
  • We store only the last 4 digits of your card and your Stripe customer ID for reference

Usage Data

  • Pages visited, features used, and time spent in the application
  • IP address, browser type, operating system, and device type
  • Error logs and performance telemetry for debugging purposes

Google User Data

When you choose to sign in with Google OAuth, Brixor receives access to your Google account name, email address, and profile picture. We use this information solely to:

  • Authenticate your identity and create or access your Brixor account
  • Personalize your dashboard with your name and profile photo
  • Send important service communications to your email address

We do not use your Google data for advertising, profiling, or any purpose beyond operating the Brixor service. We do not transfer or disclose your Google information to third parties for purposes other than providing the Brixor service, and we do not sell your Google data to any third party. Furthermore, we explicitly do not use Google user data to develop, improve, or train generalized AI and/or machine learning models.

Security procedures are in place to protect the confidentiality of your Google data. All data is encrypted in transit and at rest (see our Data Security section below for details).

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

To revoke Brixor's access to your Google account, visit Google Account Permissions. Note that revoking access will not delete your Brixor account or its data — contact us at privacy@brixor.ai to request full account deletion.

How We Use Your Data

We use the information we collect to:

  • Provide the service: Operate, maintain, and improve the Brixor platform
  • AI features: Send your estimate descriptions to Anthropic's Claude API to generate line-item breakdowns (no personal data is included in these prompts)
  • Billing: Process subscription payments via Stripe
  • Communications: Send transactional emails (account confirmations, invoice notifications, password resets)
  • Product improvements: Analyze anonymized usage patterns to improve features
  • Security: Detect fraud, abuse, and unauthorized access attempts
  • Legal compliance: Comply with applicable laws and respond to lawful requests

We do not sell your personal information. We do not use your business data (estimates, client names, etc.) to train AI models.

Third-Party Services

Brixor integrates with the following third-party services, each governed by their own privacy policies:

Stripe

Payment processing and subscription management

Data shared: Payment method details, billing address, subscription status

Privacy policy →

Neon / PostgreSQL

Primary database hosting (US data centers)

Data shared: All application data including projects, estimates, and client records

Privacy policy →

Vercel

Application hosting and edge network

Data shared: Web traffic logs, IP addresses, request metadata

Privacy policy →

Supabase

File storage (uploaded documents, PDFs)

Data shared: Uploaded files including contract PDFs and attachments

Privacy policy →

Anthropic (Claude API)

AI-powered estimate generation

Data shared: Project description text submitted for AI estimate generation (no personal data)

Privacy policy →

Google

OAuth authentication (optional)

Data shared: Name, email, profile picture (when Google sign-in is used)

Privacy policy →

Data Retention

We retain your data for as long as your account is active or as needed to provide services:

  • Account data: Retained while your account is active and for 90 days after deletion to allow recovery
  • Business data (projects, estimates, invoices): Retained for the life of your account
  • Payment records: Retained for 7 years to comply with financial regulations
  • Usage logs: Retained for 90 days for debugging and security purposes
  • Backups: Database backups are retained for 30 days

After account deletion, all personal data is permanently removed within 90 days, except where retention is required by law (e.g., payment records).

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and all associated data
  • Export: Download your data in a portable format (JSON/CSV) from Settings
  • Restriction: Request that we limit processing of your data in certain circumstances
  • Objection: Object to certain types of processing, including direct marketing

To exercise any of these rights, email privacy@brixor.ai with the subject line "Privacy Request." We will respond within 30 days.

GDPR — EU/EEA Users

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis: We process your data based on contract performance (operating the service), legitimate interests (security, fraud prevention), and your consent (marketing emails)
  • Data transfers: Your data is stored in US data centers. We use Standard Contractual Clauses (SCCs) for transfers from the EU to the US where required
  • Data Protection Officer: Contact us at privacy@brixor.ai
  • Right to lodge a complaint: You may file a complaint with your national data protection authority
  • Right to erasure ("right to be forgotten"): You may request complete deletion of your data

CCPA — California Users

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of personal information we have collected (subject to certain exceptions)
  • Right to Opt-Out: We do not sell personal information. If this changes, we will provide an opt-out mechanism
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, email privacy@brixor.ai with "CCPA Request" in the subject line.

Cookies

We use cookies and similar tracking technologies for the following purposes:

  • Session cookies: Required to keep you logged in while using the platform. Deleted when you close your browser.
  • Authentication tokens: Secure JWT tokens stored in httpOnly cookies to maintain your session across visits.
  • Analytics cookies: Anonymous usage data to understand how features are used and improve the product. You can opt out in your browser settings.
  • Preference cookies: Store your UI preferences such as theme and layout settings.

Most browsers allow you to refuse cookies or delete them at any time. Disabling cookies may affect your ability to log in and use core features.

Data Security

We implement industry-standard security practices to protect your data:

  • Encryption at rest: All database data is encrypted using AES-256
  • Encryption in transit: All connections use TLS 1.3
  • Password hashing: Passwords are hashed using bcrypt with a cost factor of 12
  • API key security: API keys are hashed with SHA-256 before storage; raw keys are never stored
  • Access controls: Role-based access controls limit internal access to production data
  • SOC 2 Type II: We undergo annual third-party security audits
  • Penetration testing: Annual third-party penetration testing of our infrastructure

Despite these measures, no system is 100% secure. If you believe your account has been compromised, contact security@brixor.ai immediately.

Children's Privacy

Brixor is intended for use by individuals aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact privacy@brixor.ai and we will delete the information promptly.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our privacy team:

Brixor Privacy Team

privacy@brixor.ai

We respond to all privacy inquiries within 30 days.

This Privacy Policy may be updated periodically. We will notify registered users of material changes via email and update the "Last updated" date at the top of this page.