Privacy
policy.

Brevity Solutions LLC ("Brevity," "we," "us," or "our") is a Virginia-registered limited liability company that builds and hosts websites for small and medium-sized businesses. This Privacy Policy explains what information we collect when you visit our website, engage us for services, or use the Brevity client platform, and how we use, share, and protect that information.

If any term in this policy conflicts with a signed agreement between you and Brevity (such as a Statement of Work or Master Services Agreement), the signed agreement controls. By using our services, you agree to the practices described here.

1. Who this policy applies to

This policy covers visitors to brevity.solutions, prospects who contact us, and clients who engage Brevity to build, host, or maintain a website. Brevity provides services exclusively to clients located in the United States. We do not knowingly market to or contract with individuals or businesses based in the European Economic Area, the United Kingdom, or other jurisdictions whose data protection regimes would apply on a cross-border basis.

2. Information we collect

We collect the following categories of information:

1. Business contact information. When you submit our contact form, schedule a call, or sign a Statement of Work, we collect your name, business email, business phone number, company name, and the role you hold at the company.
2. Payment information. When you pay for a build or hosting subscription, payment card data is collected and processed by Stripe, our payment processor. Brevity does not see, store, or transmit raw card numbers; we receive only a tokenized reference, the last four digits of the card, the brand, and the expiration date.
3. Bank account information (ACH). If you choose to pay by ACH bank transfer, we use Plaid to verify your bank account. Plaid collects your online banking credentials and account details directly through its own interface and returns to Brevity a tokenized reference plus the bank name and the last four digits of the account number. Brevity never sees your online banking username or password. See section 4 for the relevant Plaid disclosures.
4. Website content from clients. To build your website we collect the materials you provide: copy, images, brand assets, customer logos, product information, business documents, and any third-party account credentials you choose to share with us for integrations (for example, an analytics or email-marketing account).
5. Account and platform data. When you log in to the Brevity client portal we record authentication events, the actions you take in the portal (invoice views, payment method updates, document uploads), and the IP address used for each session.
6. Technical and analytics data. When you visit brevity.solutions we record standard server logs (IP address, request path, user agent, timestamp) and aggregate analytics through Plausible, a privacy-focused analytics product that does not use cookies and does not collect personal data. See section 7 for our cookie disclosure.
7. Email correspondence. Emails you send to us, and our replies, are retained in our email system for the duration of the engagement and a reasonable period afterward for legal and tax purposes.

3. How we use information

We use the information we collect only for these purposes:

• To respond to inquiries and provide quotes for prospective engagements.
• To deliver, host, and support the websites we build for you.
• To bill for our services, including processing one-time build fees and recurring monthly hosting fees.
• To send transactional notices about your account, your invoices, your hosting status, scheduled maintenance, and security incidents.
• To comply with legal obligations, including tax reporting and responding to lawful requests from government authorities.
• To detect, prevent, and investigate fraud, abuse, or unauthorized access to our systems.
• To improve our services, in aggregated and de-identified form.

We do not sell your personal information. We do not share your information with third parties for their independent marketing or advertising purposes. We do not use your information to train machine-learning models.

4. Third-party service providers

We rely on a small number of trusted vendors to operate our business. Each vendor receives only the information necessary to perform its role, is contractually bound to protect that information, and is listed below with the purpose of the relationship and a link to its own privacy policy.

• Stripe, Inc. (United States) processes credit-card and ACH payments. stripe.com/privacy
• Plaid Inc. (United States) verifies bank accounts and authorizes ACH debits. plaid.com/legal · End User Privacy Policy
• Supabase, Inc. (United States, AWS us-east-1) hosts our application database and authentication. supabase.com/privacy
• Vercel Inc. (United States) hosts brevity.solutions and the websites we build for you. vercel.com/legal/privacy-policy
• Resend (United States) delivers transactional email. resend.com/legal/privacy-policy
• GitHub, Inc. (United States) hosts our source code repositories. github.com/privacy
• Namecheap, Inc. (United States) provides domain registration and DNS for client domains we manage. namecheap.com/privacy
• Plausible Insights OÜ (European Union) provides cookieless website analytics for our marketing site. plausible.io/privacy

We will update this list when we add or remove material vendors. Past versions of this policy are retained internally so we can identify which vendors had access to your data at any given time during your engagement.

5. Plaid disclosures

When you choose to link a bank account to Brevity for ACH billing, Plaid acts as a data-collection agent on your behalf. Plaid will ask you to authenticate to your bank, return a tokenized reference to Brevity, and may retain account and transaction information in accordance with Plaid's End User Privacy Policy. Plaid is the controller of the data you provide to it. By linking a bank account through Brevity, you acknowledge and agree to Plaid's End User Privacy Policy. You may revoke Plaid's permissions at any time at my.plaid.com. Brevity uses Plaid only to verify your bank account and to initiate ACH debits authorized under your Statement of Work.

6. Information sharing

Beyond the service providers listed in section 4, we share personal information only in these limited circumstances:

• When required by a subpoena, court order, or other lawful request from a government authority with jurisdiction over us.
• When necessary to enforce our Terms of Service or other agreements with you, or to protect our rights, property, or safety, or that of others.
• In connection with a merger, acquisition, financing, or sale of business assets. Any successor entity will be bound by this policy with respect to the personal data it inherits.
• With your explicit, informed consent for any other purpose.

7. Cookies and tracking

The Brevity marketing site does not use advertising cookies, third-party tracking pixels, or any tracking technology that follows you across other websites. Our analytics provider, Plausible, is a cookieless analytics product that aggregates pageviews and referrers without storing personal identifiers in your browser.

The Brevity client portal sets a small number of strictly necessary first-party cookies to keep you signed in and to protect your session against cross-site request forgery. These cookies are not used for advertising or cross-site tracking, and you cannot disable them while remaining signed in. Your browser's "Do Not Track" or "Global Privacy Control" signal is respected on our marketing site to the extent that it indicates a request to suppress non-essential analytics; because Plausible does not collect personal data, this signal does not change what we collect.

8. Data retention

We retain personal information only for as long as we need it to provide our services and to comply with legal, tax, and accounting obligations. The defaults below apply unless a signed agreement specifies a different period or you exercise a deletion right under section 9.

• Active client accounts and the websites we host for you: for the duration of your engagement.
• Billing and tax records (invoices, payment receipts, ACH authorizations): seven years after the close of the engagement, as required by U.S. tax law.
• Source-code repositories and deployment history for client-owned sites: thirty days after the engagement ends, unless the client requests an export or transfer.
• Server logs and authentication events: ninety days.
• Marketing-site analytics: aggregated and never tied to an identified individual.

9. Your rights

Subject to applicable law, you may request that we:

• Confirm whether we hold personal information about you.
• Provide a copy of the personal information we hold about you.
• Correct inaccurate or incomplete personal information.
• Delete personal information we hold about you, subject to the retention obligations described in section 8.
• Restrict or object to specific processing activities.
• Receive a portable copy of the personal information you provided to us in a structured, machine-readable format.

To exercise any of these rights, email caleb@brevity.solutions. We will verify your identity, respond within thirty days where commercially feasible, and explain in writing if we cannot fulfill the request and why. You will not be charged for these requests, and we will not retaliate against you for making one.

10. California residents (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). In the preceding twelve months, Brevity has collected the following categories of personal information from California residents: identifiers (name, email, business address), commercial information (the services you have purchased), internet or network activity (server logs from our website), professional information (your role at the company you represent), and financial account references (tokenized payment-method identifiers from Stripe and Plaid).

We collect this information for the purposes described in section 3. We disclose this information only to the service providers listed in section 4, each of which is bound by contract to use the information solely to provide services to Brevity. We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly collect personal information from minors under the age of sixteen.

California residents may exercise the right to know, the right to delete, the right to correct, the right to limit the use of sensitive personal information, and the right to non-discrimination for exercising these rights. To submit a CCPA request, email caleb@brevity.solutions with the subject line "California privacy request." You may designate an authorized agent to submit a request on your behalf, with written proof of authorization.

11. Security

We protect personal information with administrative, technical, and physical safeguards appropriate to the sensitivity of the information. All data is transmitted over TLS 1.2 or higher and stored encrypted at rest using AES-256-GCM. Bank-account references received from Plaid are additionally application-layer encrypted using a key that is stored separately from the database. Access to production systems is restricted to active partners, requires multi-factor authentication, and is logged. We follow a least-privilege model and review access on a quarterly basis.

No system of safeguards is perfect. If we discover a personal-data breach affecting you, we will notify you without undue delay and in any event within seventy-two hours of confirmation, as required by applicable law.

12. Children's privacy

Brevity provides business-to-business services and does not knowingly collect personal information from children under thirteen. If you believe a child under thirteen has provided personal information to us, please contact us and we will delete it.

13. Changes to this policy

We will update this policy from time to time. The "Last updated" date at the top of the page will reflect the most recent revision. If we make a material change to how we handle personal information, we will notify active clients by email at least thirty days before the change takes effect. Continued use of our services after the effective date of an updated policy constitutes acceptance of the changes.

14. Contact us

Brevity Solutions LLC
416 Windover Avenue NW
Vienna, Virginia 22180
United States

Privacy and data-rights requests: caleb@brevity.solutions

See also our Terms of Service, Security practices, and Data Processing Addendum.