Privacy Policy
On this page
1) Who we are & how to contact us
Brain & Brush (“we,” “us,” “our”) operates https://brainnbrush.com (the “Site”).
For privacy inquiries, email: brainandbrush111@gmail.com
If you are located in the EU/UK, you may contact us via this address for GDPR matters. If needed, we will appoint an EU/UK representative and update this page.
2) What data we collect
A. Data you provide
- Contact details (name, email, phone) when you enquire or book services.
- Content you submit (messages, feedback, uploads).
- Payment-related information processed by our payment partners (we don’t store full card numbers).
B. Data collected automatically
- Device and usage data (IP address, browser type/version, pages viewed, time on page).
- Identifiers via cookies or similar technologies for analytics, fraud prevention, and performance.
- Approximate location (derived from IP) to tailor content and security.
C. Sensitive data
We do not seek to collect sensitive personal data. If you voluntarily share such data, you consent to our processing solely to respond to your request.
3) How we use data & legal bases
- Provide and improve services (respond to enquiries, scheduling, support, Site maintenance).
- Communications (service emails, updates; marketing only with appropriate consent or lawful basis).
- Security & fraud prevention (detect, prevent, and respond to abuse or harmful activity).
- Compliance (legal obligations, regulatory requests, dispute resolution).
Legal bases (where applicable): consent, contract performance, legitimate interests (e.g., service quality, security), and legal obligation.
6) International data transfers
Where data moves across borders, we use lawful transfer mechanisms (e.g., Standard Contractual Clauses, adequacy decisions) and implement appropriate safeguards.
7) Data retention
We keep personal data only as long as necessary for the purposes outlined in this policy, including legal, accounting, or reporting obligations. Retention periods vary by data type and context.
8) Security
We apply administrative, technical, and physical safeguards appropriate to the risks involved (e.g., access controls, encryption in transit, monitoring, backups). No method is 100% secure, but we continuously improve our controls.
9) Children
Our Site is not directed to individuals under 16 (or lower age as defined by local law). We do not knowingly collect children’s personal data.
10) Your rights
Depending on your region, you may have rights to:
- Access, correct, or delete your personal data.
- Object to or restrict certain processing.
- Withdraw consent (where processing relies on consent).
- Request data portability.
Region‑specific
- EU/UK (GDPR): rights above plus the right to lodge a complaint with a supervisory authority.
- India (DPDP Act): rights to access, correction, erasure, grievance redressal; consent management.
- California (CCPA/CPRA): rights to know, delete, correct, and opt‑out of sale/sharing of personal information; limit use of sensitive personal information.
11) How to exercise your rights
Send a request to privacy@brainnbrush.com with enough information to verify your identity and describe your request. Authorized agents may act on your behalf where permitted by law.
California residents: see Do Not Sell or Share My Personal Information.
12) Changes to this policy
We may update this policy to reflect changes in laws, technologies, or our practices. We’ll revise the “Effective date” and, where appropriate, notify you via the Site or email.
13) Contact
Email: brainandbrush111@gmail.com
Address: