1. Who we are
This site is operated by Briovela LLC, an Arizona limited liability company (“Briovela”, “we”, “us”). We are building a website, CRM, and booking platform for small businesses, launching in 2026. This policy covers briovela.com — the pre-launch marketing and signup site. The launched platform will publish its own policies when it goes live.
2. What we collect
We collect information only when you submit one of our forms:
- Launch-updates signup: your email address, plus a record of the exact consent statement you agreed to (with a timestamp, your IP address, browser user-agent, the privacy-policy version in force, and whether your browser sent a Global Privacy Control signal).
- Founding-client application: your name, email, business name, optional phone number, what tools you use today, anything you choose to tell us — with the same consent record.
- Contact form: your name, email, and message.
We do not collect browsing profiles, run third-party trackers, or buy data about you. If you allow analytics in the cookie banner, we see cookieless, aggregate page-view counts.
3. Legal basis
Where privacy law requires a legal basis, we rely on:
- Consent — for marketing emails (launch updates) and for storing and contacting you about a founding-client application. You can withdraw consent at any time.
- Legitimate interest — for responding to contact-form inquiries and for protecting the site from spam and abuse (rate limits, honeypot and time-trap checks).
4. How we use it
- To send launch updates you asked for (double opt-in: no confirmation, no emails).
- To evaluate and respond to founding-client applications.
- To reply to your messages.
- To keep provable, version-tracked records of consent, as the law requires.
- To protect the site from spam and abuse (rate limits, honeypot, time-trap).
We do not sell personal information, and we do not share it for cross-context behavioral advertising. SMS-specific sharing rules are in the next section.
4a. SMS / mobile information (text messaging program)
This section applies if you opt in to receive text messages from Briovela.
- No sharing of mobile information for marketing. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; that data will not be shared with any third parties, excluding the messaging platform providers we use solely to deliver messages to you.
- Message frequency. Message frequency varies; up to 4 messages per month.
- Rates. Message and data rates may apply. Contact your wireless provider with questions about your plan.
- Opt-out. Text STOP at any time to cancel. Text HELP for assistance, or contact team@briovela.com.
- Consent is not a condition of purchasing any goods or services.
5. Service providers (sub-processors)
Your information is processed by the infrastructure providers that run this site:
| Provider | Role |
|---|---|
| Vercel | Website hosting and delivery; consent-gated, cookieless analytics |
| Neon | Encrypted database storing form submissions and consent records |
| Resend | Email delivery (confirmations, receipts, the updates list) |
7. Your choices
- Unsubscribe: every marketing email includes a one-click unsubscribe that takes effect immediately.
- Access, correction, export, deletion: use the self-service Privacy Center, or email team@briovela.com from the address you submitted.
- Global Privacy Control: if your browser sends GPC, we opt you out of analytics automatically, before the banner even appears, and record the signal with any form you submit.
- Cookie choices: change them any time via Cookie settings, the footer link on every page, or by declining in the banner.
7a. Privacy Center — self-service access
You do not have to email us to exercise your rights. Our Privacy Center lets anyone who has submitted information through this Site manage it directly:
- Secure passwordless sign-in. Enter the email address you used; we send a single-use sign-in link that expires in 15 minutes. No password is required — and no data is shown unless you control that email address. We use the same response whether or not we have a record for that email (to prevent account enumeration).
- View everything we hold about you across email signup, founding-client applications, and contact messages — including the exact consent language and version you agreed to.
- Correct/update your name, contact details, and preferences.
- Download a portable copy of your data in JSON or CSV.
- Manage consent (including withdrawing marketing consent / unsubscribing).
- Delete your data. Deletion requests use a 30-day recovery window, after which a scheduled worker permanently purges the records. Where we must keep a minimal suppression stub (proof of your opt-out) or records required by law, we say so.
Every change you make in the Privacy Center is logged to an audit trail.
8. Your rights by region
We honor the following rights for everyone, everywhere — you do not need to cite a statute. Where a law gives you additional protections, those apply too.
GDPR / UK GDPR / Swiss FADP
If you are in the EU, UK, or Switzerland, you may have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Receive a portable copy of your data
- Object to certain processing
- Withdraw consent at any time (without affecting prior lawful processing)
California (CCPA/CPRA), Colorado, and other US state laws
Because we launch US-first, these rights matter most for our early audience. Under CCPA/CPRA, the Colorado Privacy Act, and similar US state privacy laws as they apply, you may have the right to:
- Know what personal information we collect
- Know whether personal information is sold or shared (ours is not)
- Opt out of sale or sharing (we do not sell or share; GPC is treated as an opt-out)
- Request deletion
- Non-discrimination for exercising your privacy rights
We do not sell or share personal information, so a separate “Do Not Sell or Share My Personal Information” link is not required — the commitment is stated here and enforced in our systems.
Canada (PIPEDA) and CASL
Under PIPEDA, you may request access to and correction of your personal information, and we retain it only as long as needed for the purposes in this policy (or as required by law). For Canadian users under CASL: all marketing communications require express consent. You can unsubscribe at any time using the link in every email or by contacting team@briovela.com.
Quebec Law 25
Consent is requested separately for each purpose (launch updates vs. founding-client contact). We do not use automated profiling to make decisions about you without telling you first; see the AI & automated processing section for how tools may assist with organizing submissions under human review.
9. Laws we design for
This site is designed to align with GDPR (EU), UK GDPR, Swiss FADP, CCPA/CPRA (California), the Colorado Privacy Act and related US state privacy laws, PIPEDA and CASL (Canada), Quebec Law 25, and WCAG 2.2 Level AA accessibility. We launch US-first, so California, Colorado, and other US state rights are a priority — the broader set still applies where it does.
10. No sale or share of personal information
Briovela does not sell personal information and does not share it for cross-context behavioral advertising. Your browser’s Global Privacy Control (GPC) signal is honored automatically for analytics opt-out and is recorded with form submissions.
11. Security
We take practical measures appropriate to this stack:
- TLS encryption in transit (served via Vercel)
- Encrypted database storage for form submissions and consent records (Neon)
- Rate limits on form endpoints
- Input sanitization to reduce XSS and injection risk
- Spam and bot resistance via honeypot fields and time-trap checks (not a third-party CAPTCHA)
No system is perfectly secure. If you believe you have found a vulnerability, email security@briovela.com.
12. AI & automated processing
When you submit a form, Briovela may use automated tools and AI to help process, organize, prioritize, or draft responses to the information you provide. That is a pre-use notice in the spirit of the stricter US automated-decision-making transparency rules (including California CCPA ADMT regulations and Colorado’s ADMT framework): we tell you before the processing happens, not after.
- We do not use your form data to train AI models without separate, explicit consent.
- A human reviews outcomes that meaningfully affect you (for example, how we evaluate a founding-client application).
- This pre-launch site does not make solely automated decisions with legal or similarly significant effects about you. If that changes, we will update this policy, bump the version, and — where required — provide additional notice, access to information about the processing, and a path to human review.
13. Data retention
We keep form submissions until you ask us to delete them or until they migrate into the launched platform’s systems under its full policy. Deletion requests are scheduled with a 30-day recovery window, then permanently purged; a minimal suppression record (your email on the “never contact” list) is retained where the law requires it. Consent records are kept as legal proof for as long as the consent they document is relied on.
14. Children
This site is for business owners and adults. It is not directed at children under 18, and we do not knowingly collect information from them. If you believe a minor has submitted information, contact team@briovela.com and we will delete it.
15. Complaints
If you have a concern, please contact us first at team@briovela.com. You may also lodge a complaint with a supervisory authority where you live or work, including:
- EU / EEA: your local Data Protection Authority
- California: California Attorney General
- Canada: Office of the Privacy Commissioner of Canada
- Quebec: Commission d’accès à l’information du Québec (CAI)
16. Changes
Consent on this site is version-tracked: every form submission records which privacy-policy version and which consent-text version you accepted. You can always change your mind — unsubscribe, update preferences, or ask us to delete your data. Those records are fully auditable, so we can prove what you agreed to and when.
Near launch we will publish a new policy version. If you already completed a form, we will email you with a one-click magic link to review the new version and update your consent. Until you do, we rely only on the version you already accepted for the purposes you already agreed to.
17. Contact
Briovela LLC, an Arizona limited liability company
98 S River Dr Unit 1027, Tempe, AZ 85288
Privacy questions: team@briovela.com. Self-service: Privacy Center.
Security reports: security@briovela.com. Abuse reports: security@briovela.com.
Canonical company identity for reviewers: /legal/company.
Document version 2026-07-09.5