PRIVACY POLICY

Bryj Technologies, Inc. — Effective Date: March 12, 2026

1. Introduction

Bryj Technologies, Inc. (“Bryj,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information.

This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when:

  • You visit our website;
  • You interact with us as a prospective customer;
  • You register for events or communications;
  • You use our services where Bryj acts as a data controller.

This privacy policy applies to the Websites and all products and services offered by Bryj. This Policy addresses compliance with the General Data Protection Regulation (GDPR) and other applicable data privacy laws, such as the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

This Privacy Policy is intended to provide transparency regarding Bryj’s data processing practices and does not create contractual rights beyond those provided under applicable law or written agreements between Bryj and its customers.

For customers who use Bryj’s platform services, the processing of end-user personal data is governed by a separate Data Processing Addendum (DPA) annexed to the Master Subscription Agreement. The DPA sets out the specific terms under which Bryj, as Processor, processes service personal data on behalf of the customer as Controller. This Privacy Policy provides general transparency about Bryj’s data practices; the DPA governs the detailed obligations for service-level data processing.

Applications, websites, or digital services operated by Bryj customers may use the Bryj platform to interact with their end users. Bryj does not control and is not responsible for the privacy practices of such customer applications. End-Users should review the privacy policies of the company operating the application they are using to understand how their personal information is collected and used.

This Policy applies to information we collect:

  • On our Websites.
  • In email, text, and other electronic messages between you and our Websites.
  • Through mobile applications and APIs (as available) you download from our Websites.
  • When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Policy.

This Policy does not apply to information collected by:

  • Us offline or through any other means, including on any other website operated by Bryj or any third party (including our affiliates); or
  • Any third party (including our affiliates), including through any application or content that may link to or be accessible from the Website.

Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using our Website, you agree to this Policy. This Policy may change from time to time (see “Changes to Our Privacy Policy” below). Your continued use of our Website after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

For purposes of this Policy, “personal information” means any information by which you may be personally identified, such as name, email address, telephone number, and any other identifier by which you may be contacted online or offline.

In general, you can visit our Website without having to send us any personal information. However, if you desire to obtain certain services from Bryj, we may ask you to provide certain personal information.

Bryj agrees to:

  • Process personal information only where permitted under applicable data protection laws;
  • Only process personal information collected for specified, explicit and legitimate purposes;
  • Only process personal information that is relevant and limited to what is necessary in relation to the purpose for which it is processed;
  • Take all reasonable precautions to protect the security of the personal information, in particular to prevent it from being distorted, altered or damaged;
  • Not communicate this personal information to third parties outside the company without informing you.

2. Collection and Use of Personal Information

A. Types of Information

We collect several types of information from and about users of our Website, including information:

  • By which you may be personally identified, such as name, e-mail address, telephone number, and any other identifier by which you may be contacted online or offline (“personal information”);
  • That is about you but individually does not identify you; and/or
  • About your internet connection, the equipment you use to access our Website, and usage details.

B. How We Collect Information

We collect this information:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through our Website. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
  • From third parties, for example, our business partners.

C. Information You Provide

The personal information we collect on or through our Website may include:

  • Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our services, or requesting further services. We may also ask you for information when you report a problem with our Website.
  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Your search queries on our Website.

D. Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to our Website, which may include traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers may give you the ability to enable a “do not track” feature that sends signals to the websites you visit, instructing them that you do not want your online activities to be tracked. Be aware that this is different from blocking or deleting cookies, and that browsers with “do not track” features enabled may still accept cookies. Our Website does generally recognize and respond to “do not track” signals, using a third party application.

The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

  • Estimate our audience sizes and usage patterns.
  • Store information about your preferences, allowing us to customize our Website according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to our Website.
  • Help us respond to your service and support requests.
  • Improve our products and services.
  • Send periodic emails.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website. You can get more information about cookies at allaboutcookies.org.
  • Functional cookies (WordPress): These cookies enable us to confirm that our Website functions properly (for example, the storage of navigational elements in the cache). These cookies are required to help ensure the best browsing and viewing experience.
  • Google Analytics: We use these cookies to find out how many people are visiting our Website and to understand how our Website is used. We collect proof of consents when personal information is collected. You can find information about how to opt-out of Google Analytics’ tracking at the Google Analytics opt-out browser add-on page.
  • Microsoft Clarity: We use these cookies to find out how our Website is used by tracking users’ clickstreams within our Website. These cookies also enable us to determine what difficulties are encountered by visitors to our website.
  • Marketing Cookies (ActiveCampaign): We use these cookies to determine how many people have opened our emails and clicked on the links contained therein. These cookies help users so they do not have to re-enter their personal data in marketing forms. You can choose at any time to enable or disable these cookies by unsubscribing from ActiveCampaign emails.
  • Video Cookies: We use these cookies to determine how many visitors to our Website have watched certain video content. These cookies also enable us to find out if the videos have started properly when a user wants to watch them.
  • Web Beacons. Pages of our Websites and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics.

3. Lawful basis for our data processing

We process your personal information based on the lawful bases below:

  • Where you explicitly give us your consent to process your personal information
  • Based on our legitimate business or contractual interest.

For the processing of end-user personal data through the Bryj platform (Beam Studio, Beam Engage, Beam Acquire), the legal basis is determined by the customer in its capacity as Controller. Bryj recommends that customers rely on Consent for SDK-based data collection and Legitimate Interest for minimal technical data strictly necessary to provide the Service. Details are set out in the applicable Data Processing Addendum.

4. Purpose of the collection

Bryj collects and processes personal information:

  • To send the newsletter where explicit consent has been given, until you object or unsubscribe;
  • To contact you following a request for a demonstration of our products, or a request to contact you, or to download Bryj editorial content;
  • For the registration and management of an event;
  • To manage the options of your subscription to our newsletter and other publications;
  • To provide the requested contractual services;
  • As necessary, to offer additional or optional services you have requested (such as consideration for a job posting or engagement with our sales team) until you object;
  • For recruitment purposes.

When Bryj processes end-user data on behalf of customers through the Bryj platform, the purposes include:

  • Delivering targeted and untargeted notifications and messages to end users
  • Creating audience segments and managing marketing campaigns
  • Measuring engagement, conversion, and app performance
  • Providing technical support and maintenance of the service

5.  Categories of data collected

Bryj only collects personal information as necessary for the stated purpose for which such information is provided. When you request that we contact you, request a demonstration of our products, register for an event, or subscribe to our newsletter, the following personal information is collected by Bryj:

  • First and last name
  • Company
  • Position
  • Telephone no.
  • Email address

And, as applicable (optional):

  • Data relating to a question or issue you may have
  • Postal address
  • History of business exchanges (date and record of phone calls, emails, meetings, etc.)
  • For recruitment: CV, resume, and cover letter.

During your exchanges with Bryj concerning our products and services, personal information (such as contact information) may be collected with your prior informed consent, for the sole purposes of providing information about, and discussing your potential purchase of, our products and services.

When processing end-user data through the Bryj platform on behalf of customers, the categories of data collected depend on the customer’s configuration and may include:

  • Connection Data: IP address, device type, OS version, app version
  • Identification Data: Randomly generated device ID, push notification token
  • Geolocation Data: If enabled by the customer and consented to by the end-user
  • Usage Data: App usage patterns, engagement metrics, in-app actions
  • Attributes and Tags: As configured by the customer in the platform

5A. Platform Privacy Practices

Device Identification: Bryj’s platform uses a randomly generated device ID by default. No persistent user identifier is associated to the device. Bryj does not collect device advertising identifiers such as Apple’s IDFA or Android’s GAID.

Geolocation Data: Bryj respects mobile devices’ signals to block access to geolocation data. Geolocation is only collected when the customer has enabled it and the end-user has specifically consented. Geolocation data is stored for 2 weeks by default (extendable to a maximum of 4 weeks).

Sensitive Data: Bryj does not collect special category data as defined by Articles 9 and 10 of the GDPR, including data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or data concerning sexual orientation.

5B. Notice at Collection (California Residents)

In accordance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Bryj provides the following notice regarding categories of personal information collected and the purposes for which such information is used.

Categories of personal information collected may include:

• identifiers (name, email address, phone number)
• professional information (company, job title)
• internet or network activity information (IP address, browsing behavior, usage data)
• device information and identifiers
• geolocation data where enabled by the Customer and consented to by the End-User

Bryj collects and processes this information for the following purposes:

• providing and improving Bryj services
• responding to requests and providing support
• managing customer relationships
• marketing communications where permitted
• analytics and product improvement
• security and fraud prevention
• compliance with legal obligations

Bryj collects only personal information reasonably necessary for the purposes described in this Policy.

6.  Data retention period

Bryj will only keep personal information for the duration necessary for its processing. More specifically:

  • Concerning the processing and follow-up of job applications, Bryj will delete applicants’ personal information within a maximum period of two years after the last contact, or as otherwise required by applicable law.
  • Concerning the communication and management of contact requests submitted via our Website, Bryj will delete the personal information of its contact persons within a maximum period of three years after the last contact, or as otherwise required by applicable law.
  • The personal information of customers and prospective customers who engage with us will be stored in an active database for a maximum of three years, after the end of the contractual relationship for customers, or from the last contact made by prospective customers, in accordance with the law.
  • The personal information of customers that is necessary for us to provide our products and services to the customer will be retained as long as necessary to fulfill the services that you have requested, comply with any laws or regulations, resolve disputes, and enforce our agreements, unless we receive a verified request under an applicable privacy law for earlier deletion of such personal information.
  • Where permitted under applicable law, Bryj may retain your data longer for a legitimate business interest. Data entered into and processed on behalf of customers as a service provider or processor is retained in accordance with any applicable agreement between Bryj and its Customer.

For end-user data processed through the Bryj platform:

  • Beam Engage — General Personal Data: 18 months by default. Customers can instruct Bryj to reduce this period.
  • Beam Engage — Geolocation Data: 2 weeks by default, extendable to 4 weeks maximum.
  • Beam Acquire: 3 years. The retention period can be adjusted for applicable law or customer requirements.

Beyond the applicable retention period, Bryj may retain personal information that has been de-identified, anonymized, and aggregated and kept for statistical and internal business purposes.

7.  Categories of data recipients

A. General

The personal information we collect is for internal use within Bryj and is strictly limited to the most appropriate teams for processing the request made. However, we may share the personal information collected with our technical service providers to achieve the purposes set out above.

We require our business partners to comply with applicable data protection laws and to pay special attention to the confidentiality of such personal information.

Therefore, in compliance with applicable data protection laws, any processor who may process personal information on behalf of Bryj shall in particular:

  • Only process the personal information for the sole purpose(s) for which it was provided;
  • Process the personal information according to Bryj’s written instructions; and
  • Take reasonable efforts to protect the confidentiality and security of the personal information.

B. Internal Recipients

Your personal information will be shared with the following Bryj personnel:

  • Our administrative staff and management
  • The persons responsible for responding to your contact request

 

Follow Apps (aka Bryj Technologies France / Follow-Apps SA), RCS Paris 750901258, 95 Bd de Sebastopol, 75002 Paris, France (also operating from 198 Avenue de France, 75013 Paris, France)

  • Les Technologies FollowAnalytics Canada Inc. (Bryj Canada), 3 Place Ville Marie, Suite 400, Montreal, QC H3B 2E3, Canada
  • Bryj Technologies Portugal, Unipessoal Lda., Tv. das Pedras Negras 1, 1st Right, 1100-404 Lisbon, Portugal

C.  Third party recipients

Your personal information will be shared with third parties as follows. Companies hosting the personal information on Bryj’s behalf, including:

  • Service providers who organize and plan our events and manage invitations to such events
  • Software developers, to the extent necessary to help improve and enhance our products and services
  • Amazon Web Services, 410 Terry Avenue North, Seattle, WA 98109-5210
  • Appcues, Inc., 68 Harrison Ave 605, PMB 94414, Boston, MA 02111 United States for the purposes of user onboarding, user guides and product adoption
  • ActiveCampaign, 1 N Dearborn St 5th floor, Chicago, IL 60602 United States for purposes of sending newsletters and other communications
  • Heap (by Contentsquare), 225 Bush St #200, San Francisco, CA 94104 for the purposes of analyzing user journeys to generate product insights
  • Frontegg, Inc., 2570 W El Camino Real, Mountain View, CA 94040 United States for the purposes of identity management and end-user access for our products.

D. Platform Service Subprocessors

For the processing of end-user data through the Bryj platform, Bryj engages the following subprocessors:

  • Follow Apps, RCS Paris 750901258, 95 Bd de Sebastopol, 75002 Paris, France
  • Bryj Canada, 3 Place Ville Marie, Suite 400, Montreal, QC H3B 2E3, Canada
  • Amazon Web Services — platform hosting
  • PrimeIT, Avenida 5 de Outubro 125 9º, 1050-052 Lisboa, Portugal — technical support

An up-to-date list of platform subprocessors is maintained at: https://bryj.ai/bryj-sub-processors.

Bryj may also disclose or transfer your personal information to third parties in the following specific circumstances:

  • As required by law, as part of legal proceedings, litigation and/or a request from the public authorities in your country of residence or other;
  • If disclosure is necessary for national security, law enforcement or another matter of public interest; and
  • In the event of restructuring, a transfer or sale to, or merger with, the third party concerned.

8.  Information on minors under 18

Our Websites are primarily intended for companies, authorities, and journalists, to allow them to contact Bryj.

Bryj does not offer services through its Websites for minors under the age of 18 years (each, a “Minor”) and therefore does not intend to collect their personal information. In the event that a Minor sends personal information to Bryj, once notified, Bryj will make every effort possible to delete the personal information transmitted.

9.  Your rights under applicable data protection laws

A. Identity of the Data Controllers

Bryj, a Delaware corporation whose principal place of business is located at #415, 2549 Irving Street, San Francisco, CA, 94122 USA, and Bryj Technologies France (aka Follow-Apps SA), a French simplified joint stock company, whose registered office is at 198 Avenue de France, 75013 Paris (“Follow-Apps”), are jointly responsible for the processing of personal information (Bryj and Follow-Apps are collectively referred to herein as the “Data Controller”).

You may contact the Data Controller (either Bryj or Follow-Apps) with any questions concerning your personal information at dpo@bryj.ai.

In connection with providing platform services, Bryj also processes certain data in its capacity as Controller: specifically, business contact information of customer employees (name, email, business address, phone number) for the purpose of managing the customer relationship. This data is retained for the duration of the customer agreement plus one year.

B.  Appointment of a DPO

Follow-Apps has appointed a Data Protection Officer to liaise with the CNIL (the French Data Protection Authority) under reference DPO-79567.

The purpose of CNIL and the DPO is to strictly and independently ensure the application of the law governing the protection of personal information for our employees, customers, and applicants as well as for all our suppliers and partners involved in developing and providing our services.

Our Data Protection Officer is Ms. Florence Ivanier, attorney, located at 6 Rue Jean de la Fontaine, 75016, Paris, France. Please direct emails to dpo@bryj.ai.

C. Transfer of Data

When we transfer your personal information outside the United States, we make commercially reasonable efforts intended to ensure that:

  • Your personal information is transferred to countries recognized as providing an equivalent level of protection;
  • If we need to transfer personal information to countries not recognized by the CNIL as providing a sufficient level of protection, we will use one of the mechanisms specified in the applicable data protection law (such as GDPR) that will enable us to implement appropriate safeguards for protection of the personal information, and in particular the adoption of standard contractual clauses as well as any additional measure provided for in the applicable data protection laws.

For end-user data processed through the Bryj platform, personal data is hosted on servers located in the European Union. The majority of processing is conducted by Bryj’s subsidiary Follow Apps in France. Where personal data is transferred outside the EU (for example, for technical support), Bryj applies the EU Commission’s Standard Contractual Clauses (EU Commission Decision 2021/914/EU) to ensure appropriate safeguards. Details of the applicable SCC modules and governing law are set out in the Data Processing Addendum.

Beam Acquire data is stored in the United States. For EU-based data subjects, Bryj applies the EU Commission’s Standard Contractual Clauses (Decision 2021/914/EU) to ensure appropriate safeguards for the transfer of personal data, in compliance with GDPR Chapter V.

D. Summary of Your Rights

You may have the following rights with respect to your personal information depending on the applicable data protection laws (such as GDPR):

  • The right to obtain clear, concise and transparent information from Bryj.
  • The right to obtain confirmation from Bryj as to whether or not your personal information is being processed.
  • The right to access your personal information, and information about the purpose(s) of the processing, the categories of personal information concerned, the recipients or categories of recipients to whom the personal information has been or will be disclosed.
  • The right, with proof of your identity, to obtain an electronic or paper copy of your personal information, processed by us or by any of our processors, from the data controller (provided that this request does not adversely affect the rights and freedoms of others).
  • Where possible, the retention period applicable to the storage of the personal information, or the criteria used to determine that period.
  • The right to correct your personal information.
  • The right to delete your personal information.
  • The right to restrict processing of your personal information.
  • The right to object to the processing of your personal information by withdrawing your consent, provided that this withdrawal will not affect the lawfulness of the processing based on the consent given before its withdrawal.
  • The right to recover your personal information in a format easily readable by a machine to ensure its portability.
  • The right to lodge a complaint with the applicable supervisory authority if you establish a breach of your personal information or if you consider that the processing of your personal information constitutes a violation of any applicable data protection law.
  • When the personal information is not collected from you, the right to receive any available information as to its source.
  • The right to verify the existence of automated decision-making, including profiling, and, in those cases, meaningful information about the underlying logic, as well as the significance and the expected consequences of such processing. As of the Effective Date of this Policy, Bryj does not use such automated decision-making.
  • The right to give us instructions on what to do with your personal information after your death.
  • The right to withdraw your consent to use your personal information at any time. The withdrawal of this consent does not affect the lawfulness of the consent-based processing prior to the withdrawal of your consent.
  • The right to refuse to send us your personal information, provided that you understand that we may not be able to provide services to you without such information.
  • The right to require secure storage of your personal information; Bryj has implemented a series of physical and logical security measures designed to securely store your personal information and to prevent it from being destroyed, corrupted, modified, misused or altered.

If you are an end-user of a mobile application powered by the Bryj platform, your data rights (access, deletion, rectification, restriction, portability, and objection) should be exercised through the company that operates the application (the Controller). If you contact Bryj directly, we will notify the relevant customer as soon as possible so they can address your request using the platform tools available to them.

E. Exercise of Rights

To exercise your various rights under the applicable data protection laws, you must provide proof of your identity and optionally:

  • Tell us why you want to exercise them;
  • Precisely define the personal information you would like a copy of;
  • Specify the format in which you would like to receive your personal information.

For this purpose, please contact our DPO at dpo@bryj.ai.

Partial objection (or a simple request to unsubscribe) is a right that you may exercise at any time when receiving emails, by using the link on each email that you receive from us; it is not necessary to contact the DPO for this.

For more information about your rights, visit the CNIL website at: https://www.cnil.fr

You also have the right to refer the matter directly to the CNIL if you consider that your rights have been infringed, or that our company is not complying with its personal information protection obligations.

10.  Measures taken to protect personal information

Bryj has taken steps designed to prevent any personal information breach, including:

  • Appointment of a Data Protection Officer at Bryj
  • Raising our teams’ awareness about the necessity and criticality of protecting personal information
  • Audit and mapping of the processing of personal information carried out within the company and by its processors
  • Security audit of the information system
  • Implementation of this Policy

 

For end-user data processed through the Bryj platform, Bryj additionally implements the following measures:

  • Pseudonymisation through randomly generated device IDs with no persistent user identifiers
  • Encryption in transit for all communications (HTTPS/TLS)
  • Documented Disaster Recovery Plan for business continuity
  • Access controls based on least-privilege principles with employee confidentiality undertakings
  • Regular security testing including annual audits and penetration testing by an independent auditor
  • Event logging and monitoring for traceability
  • Data minimization validated through Privacy Impact Assessments
  • Data portability and deletion tools available to customers via the platform

Detailed technical and organizational measures are set out in the Data Processing Addendum.

While Bryj implements industry-standard technical and organizational measures designed to protect personal information, no method of transmission over the internet or electronic storage is completely secure. Accordingly, Bryj cannot guarantee absolute security of personal information.

11.  Data Breaches

Should we become aware of any unlawful access to, or use of, your personal information corresponding to processing for which we are responsible, we shall notify you of the incident as soon as possible as required by applicable data protection law.

Bryj complies with the notification requirements of GDPR Articles 33 (notification to supervisory authority) and 34 (communication to data subjects) as applicable. For service-level data breaches, the specific notification obligations and timelines are set out in the Data Processing Addendum between Bryj and the customer.

12.  California and Nevada Privacy Rights

California Residents

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information.

We may share your personal information with third parties and affiliated third parties (such as local, state and regional affiliates and affiliate alliances), but they do not share your personal information for their direct marketing purposes. As these third parties and this category of affiliated third parties are considered an unaffiliated party under California law, you may opt-out of our disclosure of personal information to third parties for their direct marketing purposes. To opt out, please contact us as described in Section 14 (Contact Information) below.

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), gives California consumers enhanced rights with respect to their personal information that is collected by businesses. First, California consumers may opt out of having their personal information sold or shared to other persons or parties, and of automated decision-making in regards to their performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, and movements. Also, such consumers have rights to:

  1. What specific pieces of personal information a business has about the consumer;
  2. Categories of personal information it has collected about the consumer;
  3. Categories of sources from which the personal information is collected;
  4. Categories of personal information that the business sold, shared or disclosed for a business purpose about the consumer;
  5. Categories of third parties to whom the personal information was sold, shared or disclosed for a business purpose; and
  6. The business or commercial purpose for collecting or selling personal information.
  7. Correct inaccuracies in their own personal information held by a business;
  8. Request a business to limit the use of sensitive personal information (SPI), as defined by CPRA, to what is necessary to perform the services reasonably expected by a consumer;
  9. Request a business for information about the logic behind the automated decision-making process and outcomes;
  10. Request a business to transmit their personal information to another business.

In addition, California consumers can request that the personal information a business has collected about them be deleted from the business’s systems and records.

Bryj may be considered a covered business under the CCPA and CPRA as it collects and processes the personal information of California consumers. This Policy provides the required notices to California consumers. The CCPA and CPRA also prohibits covered businesses from engaging in discriminatory treatment to California consumers who exercise their rights under CCPA and CPRA.

Bryj will not rent or sell your personal information to unaffiliated third parties for their marketing purposes. Bryj does not sell personal information and does not share personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We may share your information with third parties to provide products and services you have requested, when we have your consent, or as described in this Policy.

To make a “request to know” or “request to delete” your personal information under CCPA and CPRA, send us an e-mail at dpo@bryj.ai. Please put either “CCPA / CPRA Request to Know” or “CCPA / CPRA Request to Delete” in the subject heading of your email, as applicable. We will use commercially reasonable efforts to honor these requests whether or not you would qualify as a California consumer under the CCPA and CPRA.

If and to the extent Bryj is considered a covered business under the CCPA and CPRA, we will confirm receipt of your request within 10 days along with a description of what steps we will take to verify and respond to your request. We must provide the requested information or delete your personal information within 45 days of receipt of your request but we can use up to an additional 45 days provided that we notify you that the additional time is needed. In addition, we will pass your request to delete to any third parties to whom personal information was shared or sold providing any exceptions.

When contacting us, we may ask you to provide certain, limited personal information, such as your name, email address and/or account login ID and/or password (if applicable), to verify your request and to match with our records and systems. This is also to protect against fraud. We will not retain this personal information or use it for any other purpose. Also please be advised that we only need to search our records and systems for the preceding 12 months.

Residents of other states may also have similar rights to request information about or delete their personal information. To inquire about exercising these rights, please contact us at dpo@bryj.ai. California’s “Shine the Light” law (Civil Code Section 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to dpo@bryj.ai.

Nevada Residents

As Bryj does not currently sell data triggering the opt-out requirements, the Nevada Revised Statutes Chapter 603A is not applicable as of the Effective Date of this Policy. If Bryj’s status changes, we will update this Policy as specified in Section 13 (Changes to this Policy) below.

13.  Changes to this Privacy Policy

Bryj reserves the right to make changes to this Policy at any time, for example to take into account (i) new ways to collect personal information, (ii) changes in our product or service offerings, (iii) changes in the way we process or use such personal information, and (iv) compliance with applicable data protection laws.

We encourage you to check this Policy regularly to keep up to date with any changes. However, in case of any major change to our Policy, you will be notified by email or when visiting the Website.

14.  Contact Information

To ask questions or provide comments about this Policy and our privacy practices or if you have a complaint or concern, contact us at:

Bryj Technologies Inc.

#415, 2549 Irving Street, San Francisco, CA, 94122 United States

Email: dpo@bryj.ai

15.  Product-Specific Disclosures

All of the information provided in this Policy applies to Bryj’s SaaS platform offerings as well, in addition to the specific information set forth below:

A. BRYJ PLATFORM: Beam Studio

  • The product user interface will embed the same performance and behavioral trackers as our Website, specifically using Google Analytics and Microsoft Clarity (see Section 2.D above for further information).
  • The Beam Studio product collects personal information. No data is stored outside of Europe.

B. BRYJ PLATFORM: Beam Engage

  • The product user interface will embed the same performance and behavioral trackers as our Website, specifically using Google Analytics and Microsoft Clarity.
  • Personal information collected via our Beam Engage product is stored in Europe.
  • The specific personal information we collect depends on your consent and the product integration.
  • We retain personal information collected via our Beam Engage product for a maximum of 18 months, and the data retention period can be adjusted for applicable law or your requirements. As personal information times out, we will delete the raw data, but we reserve the right to retain and use aggregated, anonymized and de-identified data.
  • You have complete control regarding the collection of behavioral and personal information collected by the Beam Engage product. You will need to designate the data to be collected by the Beam Engage product before any data can be processed and/or stored in our systems.
  • The Beam Engage platform uses randomly generated device IDs for identification. Apple IDFA and Android GAID are not collected.
  • Geolocation data is only collected when configured by the customer and consented to by the end-user. Default retention is 2 weeks (maximum 4 weeks).
  • Special category data (as defined by GDPR Articles 9 and 10) is not collected by the Bean Engage platform.
  • End-user data subject rights are exercised through the customer (Controller), who has platform tools for data retrieval and deletion.
  • Processing of end-user data is governed by the Data Processing Addendum, which includes EU Standard Contractual Clauses for data transfers outside the EU.

C. BRYJ PLATFORM: Beam Acquire

  • As the Beam Acquire product is continuing to evolve, this information is subject to change. If we update this information, an updated Policy will be posted as described in Section 13 (Changes to this Privacy Policy) above.
  • The product user interface will embed the same performance and behavioral trackers as our Website, specifically using Google Analytics and Microsoft Clarity.
  • Personal information and data collected via our Beam Acquire product is stored in the United States.
  • We retain personal information collected for 3 years, and the data retention period can be adjusted for applicable law or your requirements. As personal information times out, we will delete the raw data, but we reserve the right to retain and use aggregated, anonymized and de-identified data.
  • For EU-based data subjects, Bryj applies the EU Commission’s Standard Contractual Clauses (Decision 2021/914/EU) to ensure appropriate safeguards for the transfer of personal data to the United States.
  • The same technical and organizational measures described in Section 10 apply to Beam Acquire data.
  •