Privacy and Personal Data Protection Policy

Welcome to BRAVAS’s Privacy and Personal Data Protection Policy. Your privacy matters to us. This page explains how we collect, use, and protect your personal data when you use our services.

1. Who We Are

Data Controller:

BRAVAS, 22 B Rue Audiguier, 31500 Toulouse, France

Email: hello@bravas.io

Data Protection Officer (DPO):

For any questions or requests related to your personal data, please contact our DPO:

Email: dpo@bravas.io

2. What Data We Collect and Why

We only collect the data we need to provide our services:

  • Name, email, and contact details for communication
  • Billing information for subscription management
  • Login and device information to manage and protect your IT fleet

We use your data for purposes including:

  • Service delivery and contract execution
  • Customer support
  • Commercial communication (with your consent)
  • Platform security and performance

3. Legal Grounds for Data Processing

We process your data based on:

  • Contractual necessity: to provide and manage services
  • Legal obligations: e.g. invoicing, compliance
  • Your consent: for newsletters and optional features
  • Legitimate interest: service improvement, security, satisfaction surveys

You can withdraw your consent at any time.

4. Data Security & Confidentiality

Your data is protected with strong security measures and a privacy-by-design approach. In case of a data breach, we comply with legal obligations to notify both the authorities and affected users.

5. Who Can Access Your Data?

Your personal data may be shared with:

  • Internal BRAVAS teams (support, sales, etc.)
  • Subcontractors for technical operations
  • Trusted partners (with your consent)

We never sell your data.

6. Data Transfers Outside the EU

By default, we host and process your data within the European Union. If non-EU providers are used, we ensure they offer adequate legal safeguards (e.g., Standard Contractual Clauses).

7. How Long We Keep Your Data

Your data is stored for as long as needed to deliver services and meet legal obligations. For example:

  • Customer account data: up to 3 years after the last interaction
  • Billing data: 10 years (legal requirement)
  • Cookies: based on your choices (see our Cookie Policy)

8. Your Rights

You can exercise the following rights at any time:

  • Access: Know what data we hold about you
  • Rectification: Correct your personal information
  • Erasure: Delete your data when legally allowed
  • Objection: Opt out of certain uses
  • Restriction: Limit processing in specific cases
  • Portability: Receive your data in a structured format

To make a request, email us at dpo@bravas.io. Proof of identity may be required.

9. Supervisory Authority

If you believe your data rights have not been respected, you can file a complaint with the CNIL (France’s Data Protection Authority):

https://www.cnil.fr

10. Policy Updates

We may update this policy from time to time. Changes will be posted here, with the date of the latest revision.

Glossary

  • Personal Data: Information that can identify you directly or indirectly.
  • Processing: Any operation performed on personal data.
  • Controller: The entity that determines why and how your data is processed.
  • DPO: Data Protection Officer, in charge of privacy compliance.
  • Breach: Any unauthorized access, loss, or disclosure of data.