Brahmin Solutions

Privacy policy

Last updated: March 16, 2026

Welcome to the privacy policy for Brahmin Solutions (“Brahmin,” “we,” or “us”), our website at https://www.brahmin-solutions.com/ (the “Site”), and all related web services, downloadable software, mobile applications, and communications.

This Privacy Policy describes information gathered on or through the Service, how we use and disclose it, and our protection measures. By visiting the Site or using the Service, you consent to these privacy practices.

This Policy is incorporated into the Brahmin Solutions Terms and Conditions. Capitalized terms used here have meanings given in those Terms.

Business use only: The Service is designed for business-to-business (B2B) use. We do not offer products or services intended for use by individuals for personal, family, or household purposes.

Use of the Service is also subject to our Acceptable Use Policy available at /acceptable-use.

1. Definitions

  • Client – a business entity that has entered into a subscription agreement with Brahmin Solutions for use of the Service
  • Client Data – personal data, reports, addresses, and files stored within the Service by or on behalf of a Client
  • Customer – an end customer of a Client whose data may be stored within the Service
  • Personal Data – information relating to an identified or identifiable natural person
  • Public Area – accessible without login credentials
  • Restricted Area – accessible only by Users with login credentials
  • User – employee, agent, or representative of a Client using the Service
  • Visitor – individual accessing only public areas without account access

2. The information we collect on the Service

Legal basis: Processing is necessary for Service provision per the Terms of Service and Brahmin's legitimate interests.

User-provided information includes names, email addresses, mailing addresses, phone numbers, billing information, geographic preferences, and any information linked to identifying individuals.

Client-collected data: Clients upload or store Client Data into the Service. Brahmin has no direct relationship with individuals whose data is hosted as Client Data. Each Client is responsible for providing notice about data collection purposes and processing practices.

Automatically collected information includes:

  • IP addresses or device identifiers
  • Web browser and device type
  • Pages visited before/after using the Service
  • Content viewed or interacted with
  • Visit dates and times
  • Email interaction data (opens, clicks, forwards)

Integrated services: You may authorize access through third-party accounts (Google, etc.). By authorizing us to connect with an Integrated Service, you authorize us to access and store your profile name, email address, and profile picture URL, and other information that the Integrated Service makes available to us.

Information from other sources: We may obtain information from partners, advertisers, credit agencies, and Integrated Services, treating combined information as Personal Data per this Policy.

3. How we use the information we collect

Operations: We use information to operate, maintain, and enhance the Service, respond to requests, and provide support. Client Data is processed only per Client or User direction.

Improvements: We analyze usage trends and preferences to improve the Service and develop new features. Any Client Data processing for this purpose uses only anonymized or aggregated data.

Communications: We may contact Visitors or Users regarding administrative matters or promotional updates. You have the ability to opt out of receiving any promotional communications.

Cookies and tracking technologies: We use cookies to:

  • Personalize the Service
  • Provide customized advertisements and content
  • Monitor marketing effectiveness
  • Analyze site usage metrics
  • Track entries in promotions

Analytics and third-party services: We use the following third-party services to operate, analyze, and improve the Service:

  • Google Analytics — website traffic analysis and user navigation reports
  • PostHog — product analytics and user behavior tracking
  • Intercom — customer messaging, live chat, and support
  • HubSpot — forms, demo booking, visitor tracking, email marketing, and customer relationship management
  • Amazon Web Services (AWS) — cloud hosting and infrastructure
  • Vercel — website hosting and content delivery
  • Sanity — content management for our blog
  • Stripe — payment processing and billing
  • Google Workspace — business email and productivity tools
  • Hotjar — heatmaps, session recordings, and user experience analytics

These third-party providers may collect data as described in their respective privacy policies. We encourage you to review their policies. For the authoritative list of sub-processors and notification procedures for sub-processor changes, see the Data Processing Agreement.

4. To whom we disclose information

We do not intentionally disclose Personal Data or Client Data to third parties without consent, except in these circumstances:

Unrestricted information: Public Area content is available to all users.

Service providers: Third-party providers for hosting, maintenance, and development have limited access necessary to perform functions. Contracts require confidentiality maintenance.

Non-personally identifiable information: We may share aggregated or non-personally-identifiable data for compliance, marketing, or understanding user interests.

Law enforcement and legal process: We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant.

We reserve disclosure rights to address liability risks, prevent fraudulent activity, investigate claims, protect Service security, or enforce legal rights.

Change of ownership: Information may transfer to acquirers or successors in mergers, acquisitions, asset sales, or insolvency proceedings, provided recipients commit to substantially similar privacy terms.

5. Your choices

Access, correction, deletion: You may request access to, amendment of, or deletion of Personal Data by contacting us. At your request, we will have any reference to you deleted or blocked in our database.

Information may be retained for backups, archiving, fraud prevention, legal compliance, or legitimate business reasons.

Navigation information: Opt out of Google Analytics collection using the Google Analytics Opt-out feature.

Commercial communications: Unsubscribe from promotional emails by following email instructions or contacting us. Please be aware that if you opt-out of receiving commercial emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to fifteen (15) business days for us to process your request.

Administrative messages continue after opting out.

Client data requests: If the Client requests Brahmin Solutions to remove the data, we will respond to its request within thirty (30) days. Requests should include sufficient information for identification.

6. Your rights under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — You have the right to request a copy of the personal data we hold about you.
  • Right to rectification — You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to erasure — You have the right to request that we delete your personal data, subject to certain exceptions.
  • Right to restriction of processing — You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object — You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority in the EEA member state where you reside or where the alleged infringement occurred.

To exercise any of these rights, contact us at support@brahmin-solutions.com. We will respond to your request within 30 days.

Legal bases for processing

We process personal data under the following legal bases:

  • Contractual necessity — processing necessary to provide the Service under our Terms and Conditions
  • Legitimate interests — processing necessary for our legitimate business interests, such as improving the Service, fraud prevention, and security
  • Consent — where you have given explicit consent for specific processing activities, such as marketing communications
  • Legal obligation — processing necessary to comply with applicable laws and regulations

International data transfers

When we transfer personal data from the EEA or UK to the United States, we rely on the EU Standard Contractual Clauses (SCCs) as adopted by the European Commission, and for UK transfers, the UK International Data Transfer Addendum. We implement supplementary technical and organizational measures as needed to ensure adequate protection of your data.

Data Protection Officer

Given the nature and scale of our data processing activities, we have not appointed a Data Protection Officer. For all privacy-related inquiries, including exercising your rights under GDPR, please contact us at support@brahmin-solutions.com.

7. Your rights under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know — You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to access — You have the right to request a copy of the personal information we have collected about you.
  • Right to delete — You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
  • Right to correct — You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to opt-out of sale or sharing — You have the right to opt out of the “sale” or “sharing” of your personal information. Brahmin Solutions does not sell personal information. We may share personal information with third-party advertising partners for targeted advertising purposes; you may opt out of this by contacting us.

How to exercise your rights

To submit a request, contact us at support@brahmin-solutions.com. We will verify your identity before processing your request. You may also designate an authorized agent to submit a request on your behalf.

We will respond to your request within 45 days. If we need additional time, we will notify you of the extension (up to an additional 45 days).

Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality for exercising your rights.

Categories of personal information collected

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email address, phone number, IP address)
  • Commercial information (transaction records, purchasing history)
  • Internet or electronic network activity (browsing history, search history, interaction with the Service)
  • Geolocation data (approximate location based on IP address)
  • Professional or employment-related information (job title, company name)

Sensitive personal information

We do not collect sensitive personal information as defined under the California Privacy Rights Act (CPRA).

Financial incentives

We do not offer financial incentives for the collection, sale, or deletion of personal information.

8. Third-party services

The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services.

We are not responsible for third-party privacy practices. We encourage learning about third-party policies before sharing information.

9. Interest-based advertising

Interest-based advertising collects data across platforms to predict preferences and deliver targeted advertising.

We work with advertising networks, attribution partners, and business partners. In collaboration with these third parties, we collect information about our customers, prospects, and other individuals over time and across different platforms.

We use cookies, beacons, pixels, tags, mobile advertising IDs, and similar technologies to understand activities and behaviors. This information enables personalized content, relevant ads, and cross-device recognition.

Our interest-based ads may be served to you in emails or on third-party platforms.

Visitors may opt out via https://www.aboutads.info/consumers and https://www.networkadvertising.org/, though this may not eliminate all interest-based advertising.

10. Cookies

Third parties collect information when you view or interact with their advertisements to predict interests and display tailored content across the Internet.

We do not share with these third parties any information that would readily identify you (such as email address); however, these third parties may have access to information about your device (such as IP or MAC address).

Cookie types

Strictly necessary / essential cookies: Enable website navigation and feature access without collecting identifying information.

Performance cookies: Collect anonymous usage statistics to improve website functionality.

Functionality cookies: Remember user choices like usernames and language preferences, enabling personalized features without tracking other websites.

Behaviorally targeted advertising and messaging cookies: Deliver relevant advertisements and messages, limit viewing frequency, measure campaign effectiveness, and share visit information with advertisers.

Cookies we use

Strictly necessary cookies:

  • Session cookies — maintain your session while browsing (duration: session)

Analytics cookies:

  • _ga (Google Analytics) — distinguishes unique users (duration: 2 years)
  • _ga_<container-id> (Google Analytics) — maintains session state (duration: 2 years)

Functional and marketing cookies:

  • __hssc (HubSpot) — tracks session data (duration: 30 minutes)
  • __hstc (HubSpot) — tracks visitor activity (duration: 13 months)
  • hubspotutk (HubSpot) — tracks visitor identity (duration: 13 months)
  • __hs_opt_out (HubSpot) — records cookie consent preferences (duration: 13 months)
  • ph_* (PostHog) — product analytics and session tracking (duration: 1 year)
  • intercom-id-* (Intercom) — identifies returning visitors for messaging (duration: 9 months)
  • intercom-session-* (Intercom) — maintains chat session state (duration: 1 week)
  • _hjSessionUser_* (Hotjar) — identifies returning visitors (duration: 1 year)
  • _hjSession_* (Hotjar) — maintains session data for heatmaps and recordings (duration: 30 minutes)

How to manage cookies

You can control and delete cookies through your browser settings. Most browsers allow you to:

  • View what cookies are set and delete them individually
  • Block third-party cookies
  • Block all cookies
  • Delete all cookies when you close the browser

Please note that disabling cookies may affect the functionality of certain features of the Service. For more information on managing cookies, visit your browser's help documentation.

Cookie consent

When you first visit our website, you will be presented with a cookie consent mechanism where you can accept or decline non-essential cookies. Your preferences will be stored and respected for subsequent visits.

Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. We do not currently respond to DNT signals. This policy describes how we handle personal data regardless of your DNT setting.

11. Minors and children's privacy

Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent.

We delete information collected from minors without parental consent. Parents discovering child accounts may alert us at support@brahmin-solutions.com.

Minors have deletion rights for posted content. Removal may not ensure complete removal.

12. Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

13. Data security

We maintain appropriate administrative, technical, and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing.

We use firewalls, password protection, SSL encryption, and application-layer security features.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. No security measures are perfect or impenetrable, and we cannot control other users' actions or prevent caching services from archiving content.

We cannot guarantee information security. If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law.

14. Data retention

We only retain the Personal Data collected from a User for as long as the User's account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes.

Retention periods:

  • Closed account contents deleted within 30 days
  • Backups purged within 30 days of account data deletion
  • Billing information retained for 5 years
  • Legal transaction information retained for 7 years

15. International data transfers

The Service is hosted in the United States. We may transfer, process, and store Personal Data we collect through the Service in centralized databases located in the USA. If you access the Service from outside the United States, including from the European Economic Area (EEA), the United Kingdom, or other regions with data protection laws that may differ from U.S. law, please be aware that your data will be transferred to and processed in the United States.

For transfers of personal data from the EEA or UK, we rely on the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum as described in Section 6 of this Policy and Section 7 of the Data Processing Agreement. We protect all transferred data in accordance with this Policy and implement appropriate technical and organizational safeguards.

16. Data controller and data processor

Brahmin Solutions acts as a data controller for personal data collected directly through the website, including visitor data, marketing data, and information submitted through forms. For Client Data uploaded to or stored within the Service by Clients and Users, Brahmin Solutions acts as a data processor on behalf of its Clients.

Brahmin Solutions does not own, control or direct the use of any of the Client Data stored or processed by a Client or User via the Service. Only the Client or User is entitled to access, retrieve and direct the use of such Client Data. Brahmin Solutions is largely unaware of what Client Data is actually being stored or made available by a Client or User to the Service and does not directly access such Client Data except as authorized by the Client, or as necessary to provide the Service to the Client and its Users.

The Client or the User is the data controller controlling how Personal Data within Client Data is collected and used. A Client or User processing the Personal Data of EU individuals must provide adequate notice about data collection and processing practices per GDPR.

Brahmin is not responsible for Client Data content or Client collection and handling practices.

For details on how we process personal data on behalf of our Clients, please refer to our Data Processing Agreement (DPA) available at /dpa.

17. Changes and updates to this policy

We may update this Policy. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

18. How to contact us

Contact us at support@brahmin-solutions.com for questions or comments.