NX

BroviFlow

Business Operating System

Privacy

Privacy Policy

Last updated: March 24, 2026

Brovitech Solutions LLP (“Brovitech,” “we,” “us,” or “our”) operates BroviFlow (the “Service”), a cloud-based business operations platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Service, including our websites, web applications, and related features (such as authentication, optional AI features, and integrations).

By using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree, do not use the Service. Where we process personal data on behalf of a customer organization, our customer is typically the “data controller” for employee and end-user data, and Brovitech acts as a “processor” or “service provider” as described in your agreement and Section 8 below.

1. Who this policy applies to

This policy applies to:

  • Administrators and users of organizations that subscribe to or use BroviFlow;
  • Individuals who visit our marketing site, register an organization, sign in, or contact us; and
  • Candidates who use hiring or application features we host for our customers.

2. Information we collect

2.1 You provide directly

  • Account & organization data: name, email, phone, company or organization name, role, billing-related contact details, and similar registration fields.
  • Profile & workforce data: information your organization enters about employees, candidates, customers, projects, timesheets, invoices, tickets, and other operational records—processed only to provide the Service.
  • Communications: content you send through support channels, forms, or in-app messaging.

2.2 Collected automatically

  • Technical & usage data: IP address, device type, browser type, general location (e.g., region from IP), timestamps, pages or screens viewed, actions taken, session identifiers, and diagnostic logs needed for security and reliability.
  • Authentication data: identifiers from our identity provider (e.g., Firebase Auth) to maintain sessions and enforce access controls.
  • Cookies & similar technologies: as described in Section 7.

2.3 From third parties

We may receive information from subprocessors and integrations you or your organization enable (e.g., cloud infrastructure, email delivery, analytics, or error monitoring), limited to what is necessary to operate the Service.

3. How we use information

We use personal data to:

  • Provide, operate, maintain, and improve the Service;
  • Create and manage accounts and organizations, including role-based access control;
  • Authenticate users and protect against fraud, abuse, and security incidents;
  • Communicate about the Service, security, and policy updates;
  • Comply with legal obligations and enforce our Terms;
  • Develop and operate optional AI features (e.g., lead analysis, draft content) only as configured by your organization and subject to our agreements—using inputs you submit for those features and outputs returned to your workspace.

We do not sell your personal information as “sale” is commonly understood. We do not use customer workforce or financial record data to train public-facing AI models unless we expressly notify you and, where required, obtain consent.

4. Legal bases (where applicable)

Depending on jurisdiction, we may rely on: performance of a contract; legitimate interests (e.g., securing the Service, improving reliability); legal obligation; or consent (e.g., certain cookies or marketing communications, where required).

5. Disclosure of information

We may share information with:

  • Service providers & subprocessors who assist hosting, storage, email, authentication, monitoring, and similar functions, under contractual safeguards;
  • Your organization, as directed by account settings and roles;
  • Professional advisers where legally required or permitted;
  • Authorities when required by law, regulation, legal process, or to protect rights, safety, and security.

We may disclose or transfer information in connection with a merger, acquisition, or asset sale, subject to appropriate confidentiality and continuity commitments.

6. International transfers

The Service may be hosted or processed in India and other countries where our subprocessors operate. Where we transfer personal data across borders, we implement appropriate safeguards (such as contractual clauses) as required by applicable law.

7. Cookies and similar technologies

We use cookies and local storage as needed for session management, preferences, security, and understanding aggregate usage. You can control cookies through your browser; disabling certain cookies may limit Service functionality.

8. Customer data & the controller–processor relationship

Where your organization uses BroviFlow to process personal data about its employees, candidates, or contacts, your organization is typically the controller of that data and directs the purposes and means of processing. Brovitech processes such data as a processor to provide the Service in accordance with your instructions, this Policy, and (where applicable) a Data Processing Agreement (DPA). Administrators are responsible for lawful collection and use of data they upload.

9. Data retention

We retain information for as long as necessary to provide the Service, comply with law, resolve disputes, and enforce agreements. Retention periods may depend on your organization’s settings, backups, and legal holds. Upon termination, we will delete or return data as described in your subscription terms, subject to backup rotation and legal retention requirements.

10. Security

We implement administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure; we encourage strong passwords, role-based access, and multi-factor authentication where available.

11. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, or to data portability. Users of an organization should often contact their administrator first. You may contact us as below; we will respond in line with applicable law. You may lodge a complaint with a supervisory authority where applicable.

12. Children

The Service is not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, provide additional notice (e.g., email or in-app banner). Continued use after changes constitutes acceptance unless applicable law requires explicit consent.

14. Contact

For privacy questions, requests, or to exercise rights: contact your organization’s administrator (if applicable) and/or Brovitech at the contact details published on our website or in your order form. For India-related queries, you may reference Brovitech Solutions LLP as identified in your contract or invoice.

This document is provided for general information and does not constitute legal advice. Have it reviewed by qualified counsel for your jurisdiction and business model.