Back to home

Privacy Policy

Last updated: 31 mai 2025

1. Introduction

Bref Point ('we', 'our') places great importance on protecting your personal data. This policy describes what data we collect, why, how we use it, and your rights as a user of the Bref Point mobile app and website.

2. Data Collected

We only collect data necessary for the service to function:

  • Registration data: name, email address, phone number, password (encrypted).
  • Shop data: shop name, business sector, country.
  • Billing data: invoices, customers, items, and transactions.
  • Usage data: login logs, app interactions.
  • Device data: terminal type, OS, anonymized identifier.
  • Push notification tokens: to send notifications to your device.
  • Subscription data: plan subscribed, renewal date, amount paid (no bank card is stored — payments are processed by a certified third-party provider).

3. Processing Purposes

  • Provision and improvement of the Bref Point service.
  • Authentication and account security.
  • Sending transactional notifications (OTP, confirmations, reminders).
  • AI analytics assistant: your queries may be transmitted anonymously to an AI subcontractor (e.g. OpenAI) to generate analyses. No personally identifiable data is transmitted.
  • Aggregated, anonymized analysis to improve user experience.
  • Compliance with our legal obligations.

4. Legal Basis

The processing of your data is based on: contract performance (Art. 6 §1 b GDPR), your consent where required (Art. 6 §1 a), and our legitimate interests (service improvement, security — Art. 6 §1 f).

5. Data Sharing

We never sell your personal data. It may only be shared with:

  • Our technical subcontractors (cloud hosting, SMS/notifications, payment processing, AI analytics) who process data on our behalf under confidentiality agreements.
  • Competent authorities if required by law.

6. International Transfers

Your data may be hosted or processed outside your country of residence (including in the European Union or the United States) by our technical subcontractors. These transfers are governed by appropriate legal safeguards (standard contractual clauses or equivalent mechanisms).

7. Data Retention

Your data is retained as long as your account is active. If you delete your account, data is erased within 30 days, unless legally required to retain it longer.

8. Security

We apply appropriate technical and organizational measures: TLS encryption in transit and at rest, two-factor authentication, and restricted access to production data.

9. Your Rights

Under applicable regulations, you have the following rights:

  • Right of access, rectification, and erasure of your data.
  • Right to data portability.
  • Right to object and restrict processing.
  • Right to withdraw your consent at any time.
  • Right to lodge a complaint with the competent supervisory authority.

To exercise these rights, contact us at:

privacy@brefpoint.app

10. Minors

The Bref Point service is strictly reserved for persons aged 18 and over. We do not knowingly collect personal data from minors. If you are aware that a minor has created an account, please contact us immediately.

11. Cookies

The Bref Point website only uses strictly necessary technical cookies (session, language, and theme preferences). No advertising or third-party tracking cookies are used.

12. Changes

We may update this policy at any time. Significant changes will be notified by email or in the app.

13. Contact

For any questions about this policy:

privacy@brefpoint.app