Last updated: July 19th, 2025

This Privacy Policy explains how broadn.io ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our cloud-hosted software-as-a-service (SaaS) platform (the "Services") available through https://www.broadn.io/. This policy applies to business customers and their authorized users. Please read it carefully.

Information We Collect

We collect information from you when you use our Services, including:

Authentication Information: When you sign in using third-party authentication providers such as Google or Microsoft, we collect limited information provided by those providers, such as your name, email address, and profile information, solely for the purpose of authenticating your account and providing access to our Services. We do not store your third-party credentials.

Account and Contact Information: Information provided during account creation or registration, such as your name, email address, company name, job title, and other contact details necessary to provide the Services.

Customer Data: Documents, data, or materials you upload, import, or enter into our Services as part of your use of the platform.

Usage Data: Information about how you interact with our Services, such as usage patterns and service activity, to ensure proper functioning and improve performance.

Payment Data: Billing information, such as payment instrument details (e.g., credit/debit card numbers), when you purchase our Services.

Communications: Records of communications between you and us, including inquiries or support requests.

We do not collect sensitive personal information (e.g., racial or ethnic origins, political opinions, religious beliefs, health data, or sex life) or information from children under 16, as our Services are not directed to them.

Customer Data Ownership

You own all Customer Data you provide to or generate through our Services. You may export your Customer Data at any time in accordance with our commercial agreements. We do not sell, anonymize, or share your Customer Data except as described in this policy or as necessary to provide the Services.

How We Use Your Information

We use the information we collect to:

• Provide, operate, maintain, and improve our Services.

• Create and manage your account.

• Process payments and fulfill orders.

• Respond to your inquiries and provide customer support.

• Monitor and analyze usage trends to enhance service performance.

• Detect and prevent fraud, abuse, or security incidents.

• Comply with applicable laws, regulations, and legal obligations.

Legal Bases for Processing

We process your data to fulfill our contractual obligations, comply with legal requirements, and pursue legitimate business interests, such as improving our services, adding new functionality, and responding to customer requests.

Data Storage and Security

All data handling is transparent and solely for providing the Services as described. We store all Customer Data and backups in encrypted form on secure, SOC2-compliant cloud servers located in the United States, procured from reputable public providers. This includes full encryption at rest for databases and backups, as well as in-transit encryption using industry-standard protocols (e.g., TLS/SSL) for all internal and external communications to protect your information from unauthorized access, disclosure, or modification.

We adhere to best practices in software development and operations at all times, including implementing robust protocols for:

• Backup and data restoration to ensure data integrity and quick recovery.

• Disaster recovery to maintain service continuity in the event of unforeseen incidents.

• Database migrations and rollouts with careful planning to avoid data loss or corruption.

• Application deployments designed to achieve minimal to no service downtime.

While we implement robust technical, administrative, and physical security measures, no system can guarantee absolute security.

In the event of a data breach, we will notify affected customers promptly in accordance with applicable legal requirements and our B2B commercial contractual obligations.

Data Sharing and Disclosure

We do not sell your information. We may share your information only in the following circumstances:

With Service Providers: We engage trusted third-party service providers (e.g., cloud hosting or payment processors) to perform functions necessary to operate our Services, subject to strict confidentiality and security obligations. We ensure all third-party service providers are bound by strict data protection agreements to safeguard your information and not resell the data, while keeping it safe and encrypted.

For Legal Compliance: We may disclose information to comply with applicable laws, regulations, or legal processes, or to enforce our agreements.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, with appropriate safeguards.

International Transfers

As our Services and data storage are based in the United States, your information may be processed in the US, regardless of your location. For customers in the EU, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), to protect your data in accordance with the General Data Protection Regulation (GDPR). We ensure compliance with GDPR for EU data subjects.

Data Retention

We retain your information only for as long as necessary to provide the Services, fulfill our contractual obligations, comply with legal requirements, resolve disputes, or enforce agreements. You may request deletion of your Customer Data per our commercial agreements, and we will comply unless legally required to retain it.

Your Privacy Rights

Depending on your location and applicable laws (e.g., CCPA/CPRA for California residents, GDPR for EU residents), you may have rights to:

• Access, correct, or update your information.

• Request deletion or portability of your Customer Data.

• Restrict or object to certain processing activities.

• Withdraw consent (where processing is based on consent).

• Lodge a complaint with a supervisory authority.

We comply with applicable data protection laws, including the California Consumer Privacy Act (CCPA/CPRA) for California residents and the EU General Data Protection Regulation (GDPR) for EU residents.

You can request data portability or deletion by contacting privacy@broadn.io or using the tools in your account settings that permit integration with other SaaS services as well as direct export of all your data in structured format. For additional migrations, contact us.

We may use automated decision-making to optimize our services, availability, and access to new features and services; you can request human review by contacting us at support@broadn.io.

To exercise these rights, contact us at privacy@broadn.io. We will respond within the timeframes required by law.

Third-Party Links

Our Services may contain links to third-party websites not covered by this policy. We are not responsible for the privacy practices or content of these sites.

Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with the "Last updated" date. We encourage you to review it regularly.

Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: privacy@broadn.io

If you are an EU resident and believe we have not adequately addressed your concerns, please contant us directly. You have the right to contact your local data protection authority.