Brik Consulting

1. Introduction

This Privacy Policy describes how brik.consulting ("we", "us", "our") collects, uses, stores, and protects information from users of our products, website, and associated services ("Services"), including brik.channel, brik.stock, brik.listing, brik.order, brik.price, and brik.media — our multi-channel e-commerce platform.

2. What We Collect

2.1 Information You Provide

Account information — email address and password for authentication.
Platform connection credentials — OAuth tokens for connected platforms (Shopify, Amazon, TikTok Shop, eBay, Walmart, WooCommerce, BigCommerce, Etsy, Square, Squarespace, Wix, Adobe Commerce, ShipStation, EasyPost, and QuickBooks). We store these encrypted; we never store platform passwords.
Support content — messages submitted via support channels.

2.2 Information from Connected Platforms

Product data — titles, SKUs, variant identifiers, inventory levels, prices, and order data from connected platforms.
Shop metadata — store name, domain, region, and seller identifiers.

We only access data required for inventory synchronization within the scopes explicitly approved by the merchant during OAuth authorization.

2.3 Information Collected Automatically

Browser type, OS, and device metadata for compatibility.
IP address for rate limiting and security.

2.4 Information We Do NOT Collect

Customer personal data (end-buyer PII) from connected stores.
Payment card details (payments processed by Stripe).
Source code or files from user environments.

3. How We Use Information

Purpose	Legal Basis
Synchronize inventory between platforms	Contractual necessity
Authenticate users and manage sessions	Contractual necessity
Customer support	Contractual necessity
Security monitoring and abuse prevention	Legitimate interest
Service improvement	Legitimate interest
Compliance with legal obligations	Legal obligation

4. Data Sharing

We share data only with the following categories of recipients:

Recipient	Data	Purpose
Supabase (hosting, EU — Ireland)	Account and connection data	Database hosting
Vercel (hosting)	Request logs	Application hosting
Shopify, Amazon, TikTok Shop, eBay, Walmart, and other marketplace APIs	Product, inventory, order, and pricing data	Synchronization and order management
ShipStation / EasyPost APIs	Shipping and tracking data	Shipping label and rate management
QuickBooks API	Financial data	Accounting integration

We do not sell personal data, share data with third parties for advertising, or use data for automated decision-making.

5. Data Retention

Data Type	Retention
Account data	Duration of active account + 30 days
OAuth tokens (platform connections)	Until user disconnects the platform
Sync event logs	90 days, then auto-purged
Product mapping data	Duration of active sync pair
IP / security logs	90 days

6. Data Security

We implement industry-standard security measures including TLS 1.2+ encryption for all data in transit, encrypted storage at rest (AES-256), OAuth 2.0 authentication, HMAC-SHA256 webhook verification, and least-privilege access controls. See our Security Practices page for details.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data
Object to processing
Data portability
Withdraw consent

To exercise these rights, contact: support@brik.consulting

We will assist sellers and platform operators to fulfill data subject access requests (access, correction, deletion) within 30 days of receipt.

8. International Transfers

Primary data storage is in the EU (Supabase, West EU — Ireland). Application hosting is provided by Vercel with edge nodes globally. Data may be processed in the EU and US.

9. Data Breach Notification

In the event of a data breach affecting personal data, we will notify affected users, sellers, platform partners, and applicable regulatory authorities within 72 hours of discovery, in accordance with GDPR Article 33 requirements.

10. Data Deletion on Contract Termination

Upon termination of the contractual relationship, all collected customer data in our possession will be deleted within 30 days, unless retention is required by law. OAuth tokens are revoked immediately upon disconnection.

11. Children

The Services are not directed at persons under 18. We do not knowingly collect data from minors.

12. Data Protection Contact

Data Protection Officer: Yevhen Sharonov
Email: dpo@brik.consulting

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by email or via an in-app notice.