Brook Logo

Privacy Policy

Last updated: 19/12/2025

1. Introduction

Welcome to Brook ("we", "our", or "us"). We are committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our dog breeding management platform at brook.pet (the "Service").

This policy complies with the General Data Protection Regulation (GDPR), the Polish Act on Personal Data Protection (Ustawa o ochronie danych osobowych), and the Act on Providing Services by Electronic Means (Ustawa o świadczeniu usług drogą elektroniczną).

2. Data Controller

The data controller responsible for your personal data is:

ALIAKSANDR CHYCHAYEU

ul. Domaniewska 47A

02-672 Warszawa, Poland

NIP: 5252931137

REGON: 523661426

Email: hello@brook.pet

For data protection inquiries, you may contact us directly at hello@brook.pet. We do not have a designated Data Protection Officer as we are a small business processing data within the scope of our core service.

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Profile Information: Profile picture, preferred currency
  • Breeding Data: Dog information, puppy records, litter details, breeding records, health records, weight records, buyer information
  • Payment Information: Processed by Stripe (we do not store your card details)
  • Uploaded Files: Photos and documents you upload to the Service

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: Browser type, operating system, IP address
  • Cookies: See our Cookie Policy below

4. How We Use Your Information

We use your personal data for the following purposes:

  • Service Provision: To provide, maintain, and improve the Brook platform
  • Account Management: To create and manage your account
  • Payment Processing: To process your subscription payments via Stripe
  • Communication: To send you service-related emails, updates, and support responses
  • Security: To protect against fraud, abuse, and security threats
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4.1 Legal Basis for Processing (GDPR Article 6)

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service you requested
  • Consent (Art. 6(1)(a)): Where you have given explicit consent (e.g., optional cookies, marketing communications)
  • Legitimate Interests (Art. 6(1)(f)): To improve our Service, prevent fraud, and ensure security
  • Legal Obligation (Art. 6(1)(c)): To comply with Polish tax and accounting laws

5. Data Sharing and Third Parties

We share your data only with trusted service providers who process data on our behalf (data processors under GDPR Art. 28):

Supabase (Database & Authentication)

Stores your account data and breeding records. Data is stored in secure EU-based servers (Frankfurt, Germany). Supabase acts as our data processor.

Privacy Policy: supabase.com/privacy

Stripe (Payment Processing)

Processes subscription payments. Stripe handles all payment card data directly and is certified to PCI Service Provider Level 1. Stripe acts as an independent data controller for payment data.

Privacy Policy: stripe.com/privacy

Vercel (Hosting)

Hosts our website and application. Processes technical data (IP addresses, request logs) necessary for service delivery. Data is processed in EU and US regions with appropriate safeguards.

Privacy Policy: vercel.com/legal/privacy-policy

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We will never share your breeding data with competitors or third parties without your explicit consent.

6. Data Storage and Security

Your data is stored on secure servers located in the European Union (Frankfurt, Germany). We implement appropriate technical and organizational security measures in accordance with GDPR Article 32:

  • Encryption of data in transit (HTTPS/TLS 1.3)
  • Encryption of sensitive data at rest (AES-256)
  • Regular security audits and vulnerability assessments
  • Role-based access controls and authentication
  • Secure password hashing (bcrypt with salt)
  • Regular encrypted backups with geo-redundancy

While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We continuously monitor and improve our security practices.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy:

  • Active Account Data: Retained for the duration of your account
  • Upon Account Deletion: All personal data and breeding records are permanently deleted within 30 days
  • Uploaded Files: Permanently deleted within 30 days of account deletion
  • Legal Retention: Invoices and transaction records retained for 7 years as required by Polish tax law (Ordynacja podatkowa)
  • Security Audit Logs: Retained for 1 year for security and fraud prevention purposes
  • Backup Data: Automatically purged from backups within 90 days of deletion

8. Your Rights Under GDPR

Under GDPR and Polish data protection law, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of your personal data and information about how it is processed
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON) and transfer it to another controller
  • Right to Restrict Processing (Art. 18): Limit how we process your data in certain circumstances
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent
  • Rights Related to Automated Decision-Making (Art. 22): We do not make automated decisions that significantly affect you
  • Right to Lodge a Complaint (Art. 77): File a complaint with the Polish Data Protection Authority (UODO)

To exercise these rights, contact us at hello@brook.pet or use the data management features in your Settings page. We will respond within 30 days as required by GDPR.

Polish Data Protection Authority (UODO):

Urząd Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warszawa, Poland

Phone: +48 22 531 03 00

Website: uodo.gov.pl

9. Cookie Policy

We use cookies and similar technologies in accordance with GDPR and the Polish Telecommunications Law (Prawo telekomunikacyjne). You can manage your cookie preferences through our cookie consent banner.

9.1 Types of Cookies We Use

Essential Cookies (Strictly Necessary)

Required for the Service to function. Legal basis: legitimate interest. These cannot be disabled:

  • Authentication cookies (session management, secure login)
  • Security cookies (CSRF protection, rate limiting)
  • Cookie consent preferences storage

Analytics Cookies (Optional)

Help us understand how you use the Service to improve it. Legal basis: consent. We use Google Tag Manager and Google Analytics. These cookies are only set after you give consent. You can withdraw consent at any time through our cookie settings.

Marketing Cookies (Optional)

Used for advertising and conversion tracking. Legal basis: consent. We use Meta Pixel (Facebook) to measure ad effectiveness. Meta may set cookies like _fbp (browser ID) and _fbc (click ID). These cookies are only set after you give consent. We also send conversion events to Meta via server-side API when you complete registration, using your hashed email for matching.

9.2 Cookie Duration

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Authentication cookies expire after 7 days of inactivity, consent cookies after 1 year

You can change your cookie preferences at any time through the cookie settings link in our footer or by clearing your browser cookies.

10. International Data Transfers

Your data is primarily stored in the European Union (Frankfurt, Germany). When data is transferred outside the EU/EEA (e.g., for certain Stripe or Vercel services), we ensure appropriate safeguards are in place as required by GDPR Chapter V:

10.1 Transfer Mechanisms

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Certification mechanisms (e.g., EU-US Data Privacy Framework for US transfers)

You have the right to request a copy of the safeguards we have in place for international transfers.

11. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at hello@brook.pet and we will delete such data within 72 hours.

12. Data Breach Notification

In accordance with GDPR Articles 33-34 and Polish law, in the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

  • We will notify the Polish Data Protection Authority (UODO) within 72 hours of becoming aware of the breach
  • We will notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • We maintain a breach register documenting all breaches, their effects, and remedial actions taken

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by sending an email to your registered address at least 14 days before the changes take effect. For non-material changes, we will update the "Last updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account before they take effect.

14. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your GDPR rights, please contact us:

ALIAKSANDR CHYCHAYEU

ul. Domaniewska 47A, 02-672 Warszawa, Poland

Email: hello@brook.pet

NIP: 5252931137 | REGON: 523661426

We will respond to data protection inquiries within 30 days as required by GDPR.