Privacy Policy

Last Updated: December 31, 2025

Effective Date: December 14, 2025

fromBRADlabs ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, engage our services, or interact with us through any communication channel.

This Privacy Policy applies to all services offered by fromBRADlabs, including but not limited to: Website Development (WEB), AI Implementation & Automation (AIIA), Special Project Solutions (SPS), Custom Merchandise & Branding (MERCH), 3D Design & Visualization (3D), Ideation & Innovation Consulting (IDEA), NFC Technology Solutions (NFC), All-In-One Business Launch Solutions (AIO), AI Governance & Compliance (AIGOV), Drone Aerial Imagery & Data Services (DRN), and Managed AI Executive Assistant (AIEA).

⚠️ Important Notice

By accessing our website or engaging our services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

1. Information We Collect

We collect information from you in various ways depending on how you interact with fromBRADlabs. The types of information we collect include:

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

Contact Information: Name, email address, phone number, mailing address, and business name when you fill out contact forms, request consultations, or engage our services.
Account Information: Username, password, and profile details if you create an account on our platform or client portal.
Project Information: Business requirements, project specifications, brand assets, design preferences, content materials, and other information necessary to deliver our services.
Communication Records: Correspondence through email, phone calls, video conferences, and messaging platforms related to service inquiries and project delivery.
Payment Information: Billing address and payment details processed through our secure payment processor, Stripe (see Section 6 for details).
Service Inquiry Details: Information about your business needs, goals, timeline, and budget when requesting quotes or consultations.

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers.
Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths through our website.
Location Data: General geographic location based on IP address (city/region level, not precise location).
Technical Data: Internet service provider, time zone settings, and browser plug-in types and versions.

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

Payment Processors: Transaction confirmation and limited payment details from Stripe.
Analytics Providers: Website usage data and audience insights.
Business Partners: Referral information from partners who recommend our services.
Public Sources: Publicly available business information relevant to service delivery.

1.4 Client Materials and Assets

In the course of providing our services, we may receive and process:

Brand Assets: Logos, images, brand guidelines, and marketing materials.
Business Documents: Business plans, operational procedures, and strategic documents for SPS and consulting services.
Technical Assets: Code repositories, system access credentials, API keys, and technical documentation.
Content Materials: Text, images, videos, and other content for website development and design services.
3D Design Files: CAD files, product specifications, and design references for 3D visualization projects.

1.5 Voice Agent Interactions

If you interact with our AI-powered voice agents or conversational systems:

Voice Recordings: Audio recordings of conversations for service delivery and quality assurance.
Transcripts: Text transcriptions of voice interactions.
Interaction Data: Conversation flow, responses provided, and outcomes of interactions.

ℹ️ Data Minimization

We only collect information that is necessary for the purposes described in this Privacy Policy. We do not collect sensitive personal information (such as health data, religious beliefs, or political opinions) unless specifically required for a particular service and with your explicit consent.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

To provide, maintain, and improve our services including Website Development (WEB), AI Implementation & Automation (AIIA), Special Project Solutions (SPS), Custom Merchandise & Branding (MERCH), 3D Design & Visualization (3D), Client Operating System Deployment (COS), Ideation & Innovation Consulting (IDEA), NFC Technology Solutions (NFC), All-In-One Business Launch Solutions (AIO), AI Governance & Compliance (AIGOV), Drone Aerial Imagery & Data Services (DRN), and Managed AI Executive Assistant (AIEA).
To communicate with you about projects, deliverables, and service-related matters.
To process and fulfill service requests and project requirements.
To provide customer support and respond to inquiries.
To deliver project files, documentation, and final deliverables.

2.2 Payment Processing

To process payments for services through our payment processor, Stripe.
To send invoices, receipts, and payment confirmations.
To manage billing inquiries and payment-related communications.
To comply with financial record-keeping requirements.

2.3 Communication

To send service updates, project status notifications, and delivery confirmations.
To respond to your comments, questions, and requests.
To send administrative information, such as changes to our terms, conditions, and policies.
To provide information about new services, features, or offerings that may interest you (with your consent where required).

2.4 Business Operations

To analyze usage patterns and improve our website and services.
To conduct research and development for new service offerings.
To maintain internal records and business documentation.
To train and improve our AI systems and automation tools (using anonymized or aggregated data).

2.5 Legal and Security

To comply with applicable laws, regulations, and legal processes.
To protect against fraudulent, unauthorized, or illegal activity.
To enforce our Terms and Conditions and other agreements.
To protect the rights, property, and safety of fromBRADlabs, our clients, and others.

2.6 AI and Automation Services

For clients engaging our AI Implementation & Automation or AI Governance & Compliance services:

To develop, test, and deploy AI solutions tailored to your business needs.
To configure and optimize automation workflows.
To provide AI governance assessments and compliance documentation.
To monitor and maintain AI systems as part of ongoing support.

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Processing Purpose	Legal Basis
Service delivery and contract fulfillment	Performance of a contract
Payment processing	Performance of a contract / Legal obligation
Marketing communications (with consent)	Consent
Website analytics and improvement	Legitimate interests
Legal compliance and fraud prevention	Legal obligation / Legitimate interests
Voice agent interactions	Consent / Performance of a contract
AI system training (anonymized data)	Legitimate interests

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

Payment Processing: Stripe processes all payment transactions. Stripe's privacy policy governs their use of your payment information.
Cloud Hosting: We use cloud service providers (such as AWS) to host our website and store data securely.
Analytics: We use analytics services to understand website usage and improve our services.
Communication Tools: We use email and communication platforms to correspond with clients.
AI Services: We may use third-party AI platforms (such as AWS Bedrock, ElevenLabs) to deliver AI-powered services.

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

To comply with a subpoena, court order, or other legal process.
To respond to requests from government agencies or law enforcement.
To protect our rights, privacy, safety, or property, or that of our clients or others.
To enforce our Terms and Conditions or other agreements.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.5 Aggregated or Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you for research, analysis, or business purposes.

ℹ️ Third-Party Data Processing

All third-party service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed. We conduct due diligence on our service providers to ensure they maintain appropriate security measures.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

🔒 Our Security Measures

Encryption: We use SSL/TLS encryption for data transmitted between your browser and our servers.
Access Controls: We limit access to personal information to employees and contractors who need it to perform their job functions.
Secure Storage: Personal information is stored on secure servers with industry-standard security measures.
Regular Audits: We conduct regular security assessments and vulnerability testing.
Incident Response: We maintain incident response procedures to address potential data breaches promptly.
Employee Training: Our team receives regular training on data protection and security best practices.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining reasonable security measures appropriate to the nature of the information we process.

5.1 Client Project Security

For client projects involving sensitive business information, technical assets, or proprietary materials:

Project files are stored in secure, access-controlled environments.
Access credentials and API keys are stored using industry-standard encryption.
Project data is retained only for the duration necessary to complete the project and any applicable retention period.
Upon project completion and final payment, clients may request deletion of project materials (subject to legal retention requirements).

6. Payment Processing and Stripe

We use Stripe, Inc. ("Stripe") as our payment processor for all financial transactions. When you make a payment to fromBRADlabs:

6.1 Information Collected by Stripe

Stripe collects and processes the following information directly:

Credit or debit card number
Card expiration date and CVV/CVC
Billing name and address
Email address associated with payment
Transaction amount and currency
Device and browser information for fraud prevention

6.2 What We Receive from Stripe

fromBRADlabs receives only limited payment information from Stripe:

Confirmation of successful or failed transactions
Last four digits of the card used
Card type (Visa, Mastercard, etc.)
Billing name and address
Transaction ID and amount

We do not receive or store your full credit card number, expiration date, or CVV/CVC.

6.3 Stripe's Privacy Practices

Stripe's collection and use of your payment information is governed by their privacy policy, available at https://stripe.com/privacy. Stripe is PCI DSS Level 1 certified, the highest level of certification in the payments industry.

ℹ️ Payment Security

All payment transactions are processed over secure, encrypted connections. Your payment card details are transmitted directly to Stripe and never pass through or are stored on fromBRADlabs servers.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities on our website.

7.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Required for website functionality, security, and navigation	Session / Persistent
Analytics Cookies	Help us understand how visitors interact with our website	Up to 2 years
Functional Cookies	Remember your preferences and settings	Up to 1 year
Marketing Cookies	Track effectiveness of marketing campaigns (with consent)	Up to 1 year

7.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

View what cookies are stored on your device
Delete all or specific cookies
Block third-party cookies
Block all cookies from specific sites
Block all cookies entirely

Please note that disabling certain cookies may affect the functionality of our website.

7.3 Do Not Track

Our website does not currently respond to "Do Not Track" signals from browsers. However, you can manage your privacy preferences through your browser settings and cookie controls.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

🛡️ Your Rights May Include

Right to Access: Request a copy of the personal information we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal information.
Right to Erasure: Request deletion of your personal information under certain circumstances.
Right to Restrict Processing: Request that we limit how we use your personal information.
Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
Right to Object: Object to processing of your personal information for certain purposes.
Right to Withdraw Consent: Withdraw consent where processing is based on consent.
Right to Lodge a Complaint: File a complaint with a data protection authority if you believe your rights have been violated.

8.1 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: contact@frombradlabs.com
Subject Line: "Privacy Rights Request"

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8.2 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information held by businesses
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your privacy rights

8.3 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR) as outlined in Section 8.1 above.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

9.1 Retention Periods

Account Information: Retained while your account is active and for a reasonable period thereafter.
Project Information: Retained for the duration of the project and for 7 years after project completion for legal and business record-keeping purposes.
Payment Records: Retained for 7 years to comply with financial and tax regulations.
Communication Records: Retained for 3 years after the last communication or as required for legal purposes.
Website Analytics: Retained for up to 2 years in aggregated form.
Marketing Data: Retained until you opt-out or request deletion.

9.2 Deletion Requests

Upon your request, we will delete or anonymize your personal information, except where we are required to retain it by law or for legitimate business purposes (such as resolving disputes, enforcing agreements, or maintaining security).

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

11.1 Transfer Safeguards

When we transfer your information internationally, we implement appropriate safeguards to protect your data, including:

Standard contractual clauses approved by data protection authorities
Ensuring service providers maintain adequate data protection measures
Compliance with applicable data protection laws and regulations

11.2 Your Rights

If you are located in the EEA or other jurisdictions with data transfer restrictions, you have the right to object to international transfers. However, please note that some of our services may require international data processing to function properly.

12. Third-Party Services and Links

Our website and services may contain links to third-party websites, services, or applications that are not operated by fromBRADlabs. This Privacy Policy does not apply to third-party services.

12.1 Third-Party Websites

We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

12.2 Third-Party Service Providers

We use third-party service providers to deliver our services, including:

Stripe: Payment processing (see Section 6)
AWS (Amazon Web Services): Cloud hosting and infrastructure
Analytics Providers: Website usage analytics
Communication Platforms: Email and messaging services
AI Service Providers: AWS Bedrock, ElevenLabs, and other AI platforms for service delivery

These service providers have their own privacy policies governing their use of your information.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by:

Posting the updated Privacy Policy on our website with a new "Last Updated" date
Sending an email notification to registered users (if applicable)
Displaying a prominent notice on our website for significant changes

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

ℹ️ Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

fromBRADlabs

Website: fromBRADlabs.com
Email: contact@frombradlabs.com
Address: 1 Washington St., Boston, MA

For privacy-related inquiries, please use the subject line "Privacy Policy Inquiry" in your email.