Privacy Policy

Effective Date: 8th October 2025

1. Introduction

Brizz.me (the “Platform”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use Brizz.me, in compliance with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

Brizz.me is operated by Ananthya GmbH, Gerlachstr. 4, 60388 Frankfurt am Main, Germany (“we” or “us” or "our"), which acts as the data controller for your personal data. This Policy applies to all users worldwide, and we strive to uphold GDPR standards globally. By using our Platform, you agree to the terms of this Privacy Policy.

2. Personal Data We Collect

We collect various types of personal information from you in order to provide and improve our services. This includes:

a) Information You Provide Directly

When you register an account or use our services, you may provide personal data such as your name, email address, password, contact information, and any profile details. If you contact us directly—for example, through our contact form, by email, or via customer support—we collect and retain the information you provide in that communication, including your name, contact details, and the content of your message, in order to respond to your inquiry and maintain service records.

When you conduct transactions or used paid features on our Platform, your payment details were processed securely by our payment processor, as described in this Privacy Policy.

b) Usage Data

When you use Brizz.me, we automatically collect certain technical data about your device and how you interact with the Platform. This includes your IP address, browser type, device identifiers, operating system, referring URLs, and pages or features you access on our site. We also gather information about your actions on the Platform (e.g., search queries, clicks, time spent on pages) to understand and improve the user experience.

c) Cookies and Tracking Technologies

We use cookies and similar technologies to remember your preferences and authenticate you, to analyze site traffic, and for other functionality. These technologies may collect information about your browsing behavior on our site. For details, see Section 4: Cookies and Tracking Technologies.

We do not use advertising or affiliate cookies at this time without your consent; however, we reserve the ability to introduce such cookies from third-party partners in the future with your prior consent.

We do not intentionally collect any special categories of sensitive personal data (such as health information, racial or ethnic origin, etc.) through Brizz.me. We also do not knowingly collect personal data from children under the age of 16. If you are under 16, please do not use the Platform or provide any personal information. If we learn that we have inadvertently collected a child’s data, we will delete it.

3. How We Use Your Personal Data

We process your personal data only for specific purposes and only when we have a legal basis to do so under GDPR. The main purposes for which Brizz.me uses your information are:

a) To Provide Our Services

We use your data to create and manage your account, allow you to use Platform features, connect you with content or services (for example, finding listings or events), and generally to fulfill our contractual obligations to you.

Legal Basis: Art. 6(1)(b) GDPR – Performance of a Contract.

b) To Process Payments

If the Platform involves any payments (such as booking fees or premium features), we process your personal data to facilitate transactions. For example, if you make a purchase or payment, we will use the information you provide to complete the transaction via our payment provider. We do not store your full payment card details on our servers; these are handled by our payment processor (e.g., Stripe) in a secure manner.

Legal Basis: Art. 6(1)(b) GDPR – Performance of a Contract.

c) To Communicate With You

We use your contact information to send service-related communications such as confirmations, account updates, or responses to your inquiries. We may also send important notices about changes to our terms or policies.

Legal Basis: Art. 6(1)(b) and Art. 6(1)(c) GDPR – Contract and Legal Obligations.

d) For Optional Marketing and Newsletters

If you give us your consent, we may use your email or contact information to send you newsletters, product updates, or promotional communications. You can withdraw consent at any time by clicking the unsubscribe link or updating your preferences.

Legal Basis: Art. 6(1)(a) GDPR – Consent.

e) Analytics and Improvements

We use analytics data to understand how our Platform is used and to improve functionality, performance, and design.

Legal Basis: Art. 6(1)(a) GDPR – Consent.

f) Security and Fraud Prevention

We process certain data (such as IP addresses, logs, and activity) to maintain the security of our Platform, detect and prevent fraud, and ensure the safety of users.

Legal Basis: Art. 6(1)(f) GDPR – Legitimate Interest.

g) Legal Compliance

We may retain and process data to comply with legal obligations, such as tax or accounting regulations, or to respond to lawful requests by authorities.

Legal Basis: Art. 6(1)(c) GDPR – Legal Obligation.

4. Cookies and Tracking Technologies

Cookies are small text files stored on your device that collect standard internet log and visitor behavior information. When you use Brizz.me, we and certain third parties may use cookies or similar tracking technologies for several purposes:

1. Essential Cookies: Necessary for the website to function properly (e.g., session management, login persistence). These do not require consent.
2. Analytics Cookies: Used to collect anonymized usage data through tools such as Google Analytics. Set only with your consent.
3. Advertising & Affiliate Cookies: Not currently in use. Any future use will require your explicit consent.
4. Other Trackers: Technologies such as web beacons (pixels) may be used to track interactions with emails or web pages, also subject to consent.

You can manage your cookie preferences through our Platform or your browser settings. Blocking some cookies may impact your experience or restrict certain features.

5. How We Share Your Data

We do not sell your data. We share it only as necessary to operate and improve our services:

1. Google Analytics: For aggregated usage reporting. Data is anonymized where possible.
2. Stripe: Secure payment processing.
3. AWS (Amazon Web Services): Hosting and secure storage within the EU.
4. Brevo (Sendinblue): Email and transactional communication.

All service providers act under data processing agreements ensuring GDPR compliance.

We may also disclose data if required by law or as part of a merger, acquisition, or sale of business assets, ensuring the same level of data protection applies.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined or as legally required:

1. Account data: retained while active.
2. Transaction data: retained for 6–10 years (as per German law).
3. Analytics data: typically 14 months or as configured.
4. Communications: retained for service history.

After retention periods expire, data is deleted or anonymized.

7. International Data Transfers

Where personal data is transferred outside the EU/EEA (e.g., to Google or Stripe in the U.S.), we rely on:

1. EU Standard Contractual Clauses (SCCs)
2. Adequacy decisions by the European Commission
3. Encryption and secure transfer protocols (HTTPS/TLS)

8. Your Rights Under GDPR

You have the right to:

1. Access your personal data (Art. 15 GDPR)
2. Request rectification (Art. 16 GDPR)
3. Request erasure (“right to be forgotten”) (Art. 17 GDPR)
4. Restrict processing (Art. 18 GDPR)
5. Data portability (Art. 20 GDPR)
6. Object to processing (Art. 21 GDPR)
7. Withdraw consent (Art. 7(3) GDPR)
8. Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Requests can be made through your account or by contacting us directly.

9. Data Security

We implement strong technical and organizational measures:

1. HTTPS (TLS) encryption
2. Secure password hashing
3. Access control policies
4. Regular vulnerability testing and audits

While we maintain robust security, no system is entirely immune. In case of a data breach, we will notify affected users and authorities as required.

10. Updates to This Privacy Policy

This Policy may be updated periodically. Users will be notified of significant changes via email or website notification. Continued use of Brizz.me constitutes acceptance of the revised Policy.

11. Contact Information

Data Controller: Ananthya GmbH (operator of Brizz.me)

Address: Gerlachstr. 4, 60388 Frankfurt am Main, Germany

Email: contact@ananthya.com

At present, no dedicated Data Protection Officer (DPO) is appointed, as not legally required. Our team handles privacy inquiries directly and ensures compliance with GDPR obligations.

Thank you for trusting Brizz.me with your personal data. We are committed to protecting your privacy and maintaining transparency in all our practices.