Privacy Policy

Last updated: Apr 1, 2025
Effective date: Apr 1, 2025

At Branco.ai (“Branco”, “we”, “us”, or “our”), your privacy and trust are important to us. This Privacy Policy explains how we collect, use, and protect your personal data when you use our platform, including our integrations with third-party services like Slack.
By using Branco, you agree to the practices described below.

1. Information We Collect
We collect the following types of personal data, either directly from users or through authorized integrations:

• Account details (name, work email, job title, team)
• Organizational metadata (e.g., reporting structure, organizational structure)
• Slack integration metadata
• Feedback submissions and user-generated goals or development plans
• Usage data, including interaction logs and performance metrics (e.g., completion of goals or actions)

We do not collect or process sensitive personal data (e.g., health data) unless explicitly agreed upon.

2. How We Use Your Information
We process your data to:

• Deliver and maintain our services, including messengers-based features
• Support continuous feedback, goal alignment, and career development
• Generate personalized insights and progress reports
• Improve our platform’s performance and user experience
• Comply with legal obligations and enforce our Terms

We do not use your data to train shared AI models, and we do not access your personal email inboxes (e.g., Gmail).

3. Legal Basis for Processing
For users in the European Economic Area (EEA), our legal bases include:

• Performance of a contract (to provide the Branco service)
• Legitimate interest (to improve features and ensure security)
• Compliance with legal obligations
• Consent (where applicable)

4. Sharing and Disclosure
We do not sell your personal data.
We may share limited information with:

• Authorized subprocessors (e.g., cloud hosting or authentication providers) bound by strict privacy obligations
• Legal authorities when required to comply with the law
• Your organization if you are using Branco through your employer

A full list of subprocessors is available upon request.

5. Data Retention
We retain personal data only as long as needed to provide the service or as required by law. Upon termination of a contract, data is deleted or returned per the terms in our Data Processing Agreement.

6. Security
We implement strong technical and organizational measures to safeguard your data, including:

• Encryption in transit and at rest
• Access control and secure authentication (e.g., Google Sign-In, Firebase)
• Regular security reviews and logging
• Regular penetration tests

You are responsible for protecting access to your own account and Slack workspace.

7. International Data Transfers
Your data may be processed in countries outside your jurisdiction, including the United States. We use Google Cloud Platform (GCP), which complies with the EU’s Standard Contractual Clauses (SCCs) to ensure GDPR-compliant protection.

8. Your Rights
Depending on your location, you may have the right to:

• Access your personal data
• Correct or delete inaccurate information
• Object to or restrict certain processing
• Object to or restrict certain processing
• Withdraw consent (where applicable)
• Request data elimination

To exercise any of these rights, email us at privacy@branco.ai.

9. Data Breach Notification
If we become aware of a breach that affects your personal data, we will notify you without undue delay and provide relevant details, in line with applicable laws.

10. Contacts
If you have any questions, requests, or concerns about this Privacy Policy or how we handle your data, please contact us:
Email: privacy@branco.ai
Website: https://branco.ai