Legal

Privacy Policy

Last updated: 28 June 2026

This policy explains what personal data Brohns processes, why, and the choices you have. We aim to be a trustworthy custodian of both your data and the data of the people your agents reach out to.

1. Who we are

Brohns (“we”, “us”) is operated by the Brohns team, based in the Netherlands. For questions about this policy or your data, contact us at privacy@brohns.com. We are the data controller for your account data; see section 6 for the contacts you upload.

2. What we collect

Account & profile: name, email, password hash (via our auth provider), and what you set in your profile.

What you build: the ecosystems, agents, goals, drafts, content and settings you create in the app.

Contacts & leads: business details the agents find or you add (company name, website, public email/phone) and the messages exchanged.

Connected keys: the third-party API keys you add to the Credential Vault. These are stored encrypted and are only decrypted server-side, just in time, to run a tool you approved — never shown back to the browser.

Usage & technical: log and diagnostic data (IP, timestamps, errors) needed to run, secure and rate-limit the service.

3. Why we use it & legal bases (GDPR/AVG)

To provide the service and the features you ask for (performance of a contract); to keep it secure, prevent abuse and improve it (legitimate interests); and where required, with your consent (which you can withdraw). We do not sell your data.

4. Processors & sub-processors

We share data only with vendors that process it on our behalf to run the service, under contract: hosting & database (Supabase), AI (Anthropic / Claude — for drafting and reasoning), and the providers you connect (e.g. Resend for email, Meta for ads, Google for maps/places, your inbound-email provider). Some operate outside the EU; such transfers rely on appropriate safeguards (e.g. EU Standard Contractual Clauses).

5. AI processing

To draft messages, content and ecosystem plans, we send the relevant context (your goal, the target business, a conversation) to our AI provider. Drafts are proposals; nothing is sent, published or charged until you approve it.

6. The contacts you add (your responsibility)

For the leads and recipients you upload or have the agents find, you are the data controller and we are your processor. You are responsible for having a lawful basis to contact them, honouring opt-outs, and complying with marketing/e-privacy law. We provide a one-click unsubscribe in outreach and a do-not-contact flag to help. On request we’ll put a data-processing agreement (DPA) in place.

7. Retention

We keep your data while your account is active and as needed to provide the service or meet legal obligations. Delete content in-app at any time; delete your account to remove your personal data (subject to limited legal retention).

8. Your rights

Under the GDPR you can access, correct, delete, export, restrict or object to the processing of your personal data, and withdraw consent. Email privacy@brohns.com to exercise these. You may also complain to your supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens.

9. Security

Data is isolated per user with database row-level security; connected keys are encrypted at rest and revealed only server-side, just in time, with every access logged. No method is perfectly secure, but we take reasonable technical and organisational measures.

10. Cookies

We use only the strictly necessary storage to keep you signed in and remember basic preferences. We don’t use advertising cookies. If you add analytics later, update this section and add a consent banner.

11. Changes & contact

We may update this policy; material changes will be notified in-app or by email. Questions? privacy@brohns.com.