Privacy Policy for BraveLabs LLC

Last updated: August 2025

1. Information We Collect

We collect the following types of information:
A. Personal Information
When you interact with us (e.g., fill out forms, schedule calls, sign up for newsletters), we
may collect:
– Full name
– Email address
– Phone number
– Job title
– Company name
– IP address and device information
– Any information you voluntarily provide in messages, forms, or calls
B. Automatically Collected Data
We use cookies, pixels, and analytics tools (e.g., Google Analytics) to collect:
– Device type, browser, and operating system
– Geographic location (based on IP)
– Pages visited and time spent
– Referral source
– Site interaction behavior
C. Client & Healthcare Data (HIPAA Consideration)
As a healthcare marketing and technology provider, we may receive or access Protected Health Information (PHI) in accordance with HIPAA regulations, only when acting as a Business Associate. In such cases, we follow strict safeguards and enter into Business Associate Agreements (BAAs) where required.

2. How We Use Your Information

We may use the information we collect to:
– Provide and improve our services
– Respond to inquiries and support requests
– Send relevant marketing and service communications
– Analyze website and campaign performance
– Maintain legal and regulatory compliance
– Enforce our terms and protect our rights and users
We do not sell your personal information.

3. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and understand usage.
You can manage cookie preferences through your browser settings.
We use:
– Session and persistent cookies
– Google Analytics
– Meta (Facebook/Instagram) pixel
– LinkedIn Insight Tag
– HubSpot or similar marketing automation tools

4. Data Sharing and Disclosure

We may share your data with:
– Internal employees and contractors (under confidentiality)
– Technology and service partners (e.g., CRM, analytics platforms, hosting providers)
– Legal authorities if required by law or to protect rights
We ensure that all third-party service providers are GDPR-compliant and where applicable, under a Business Associate Agreement (BAA) if PHI is involved.

5. Data Retention

We retain personal information only as long as necessary to:
– Fulfill the purposes for which it was collected
– Meet legal, accounting, or regulatory obligations
– Support ongoing client relationships
You may request data deletion by contacting us (see Section 9).

6. Your Privacy Rights

A. Under GDPR (for EEA residents), you have the right to:
– Access your personal data
– Correct or delete data
– Restrict or object to processing
– Request data portability
– Withdraw consent
B. Under CCPA (for California residents), you have the right to:
– Know what personal data is collected
– Request deletion of personal data
– Opt out of data selling (BraveLabs does not sell data)
– Not be discriminated against for exercising privacy rights
To exercise your rights, contact us at: privacy@thebravelabs.com

7. HIPAA Compliance

BraveLabs may act as a Business Associate to Covered Entities under HIPAA.
We:
– Sign BAAs when applicable
– Encrypt PHI during transmission and storage
– Limit access to authorized personnel
– Maintain internal HIPAA training and documentation
We do not use PHI for marketing or retargeting purposes without explicit consent and legal basis.

8. Data Security

We implement administrative, technical, and physical safeguards to protect your data,
including:
– SSL encryption
– Role-based access control
– Multi-factor authentication (MFA)
– Regular data audits and vulnerability assessments
– Data backups and disaster recovery protocols

9. Your Options and How to Contact Us

If you would like to:
– Review, correct, or delete your data
– Withdraw consent or exercise rights under GDPR/CCPA
– Report a security concern
– Ask questions about our privacy practices
Contact us at:
support@thebravelabs.com

10. International Transfers

If you are accessing our site from outside the U.S., your data may be transferred to and processed in the United States. We take appropriate safeguards to protect your data in accordance with GDPR requirements, including Standard Contractual Clauses (SCCs).

11. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect data from children.

12. Policy Updates

We may update this policy from time to time. Any changes will be reflected on this page with a revised "Last Updated" date.