Privacy Policy

Last Updated: June 11, 2026

1. Introduction

BrikFi Inc. ("BrikFi," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you provide to us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at brikfi.com (the "Site"), submit your email address to join our pre-launch early access list, register for and attend BrikFi-hosted events, or apply for employment through our Careers portal (collectively, the "Service").

By accessing the Site or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Site or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Email Address. When you sign up for our consumer early access list, we collect the email address you voluntarily provide.
  • Regional Allocation Intent and Market Checkboxes. When you engage with our Strategic Market Pipelines canvas or complete a registration form, we collect your structured selections (target_markets) to map consumer demand across our launch corridors.
  • Custom Neighborhood Suggestions. We collect open-ended text inputs (custom_market_suggestion) voluntarily submitted through our expansion fields to evaluate and rank potential pipeline corridors for future fund deployments.
  • Referral Data. When you participate in the BrikFi Referral Program, we generate and store a unique referral code, track your referral count, and record BRIKs earned. If you were referred by another user, we store that association.
  • Email Verification. We generate a one-time verification token to confirm your email address. This token is deleted after successful verification.

2.1.2 Event Registration Information

When you register for a BrikFi-hosted event (such as the Growth Capital Lunch series), we collect the following information:

  • Full Name — Used for event check-in and personalized communications.
  • Email Address — Used for confirmation emails, check-in links, and post-event follow-up.
  • Phone Number — Optional; used for event-day communications.
  • Business Name — Optional; used to understand attendee demographics.
  • Capital Needs Amount — An optional, non-binding statement of how much credit your business may need. This is used for aggregate data at the event and does not constitute a credit application.
  • Check-In Token (QR Code) — A unique UUID assigned to each registration. This token is encoded in a QR code and used solely for event check-in identification. It does not contain any personal information.
  • Check-In Timestamp — Recorded when you are checked in at the event via QR code scan.
  • IP Address — Collected at the time of registration for security and fraud prevention.

2.1.3 Employment Applicant Information

When you apply for a position through our Careers portal, we collect the following information:

  • Full Name — Used to identify your application and for communication purposes.
  • Email Address — Used for application confirmation and hiring communications.
  • Phone Number — Optional; used for interview scheduling and follow-up.
  • LinkedIn Profile URL — Used to review your professional background and qualifications.
  • Pre-Screening Responses — Your answers to role-specific and general pre-screening questions, including required "must-have" qualifications used to evaluate minimum eligibility.

We do not collect resumes or other file uploads through the Careers portal.

2.2 Information Collected Automatically

When you access the Site, certain information may be collected automatically, including:

  • Device and Browser Information. Browser type and version, operating system, device type, screen resolution, and language preferences.
  • Usage Data. Pages visited, time and date of access, referring URL, and clickstream data.
  • IP Address. Your Internet Protocol address, which may be used to approximate your general geographic location.

2.3 Third-Party Verification Data

We use Cloudflare Turnstile to verify that form submissions are made by humans rather than automated bots. This service may collect certain technical data, including browser characteristics and interaction patterns, to generate a verification token. We do not receive or store the underlying verification data; only the pass/fail result.

2.4 Payment Information

When you purchase an event ticket, your payment is processed by Square, Inc., a third-party payment processor. BrikFi does not collect, store, or have access to your full credit card number, expiration date, or CVV. All card data is transmitted directly from your browser to Square's PCI DSS-compliant servers.

We do store the following payment-related information:

  • Square Payment ID — A unique transaction identifier returned by Square, used for record-keeping and potential refund processing.
  • Payment Status — Whether the transaction was completed, pending, or failed.
  • Ticket Price — The amount charged for the event ticket.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Pre-Launch Communications. To send you updates about BrikFi's development progress, launch timeline, and early access opportunities.
  • Event Registration and Administration. To process event ticket purchases via Square, send confirmation emails with QR check-in codes, facilitate day-of-event check-in, send post-event follow-up communications, and display aggregate attendance data (e.g., remaining seats) on the Site.
  • Payment Processing. To process event ticket payments securely through Square, maintain transaction records, and handle any refund requests.
  • Referral Program Administration. To operate the BrikFi Referral Program, including generating referral codes, tracking referrals, crediting BRIK token rewards, and sending verification and welcome emails as described in the Referral Program Terms.
  • Aggregate Market Interest Gauging. When you click the 'I'm Interested' option on our Strategic Market Pipelines canvas, the application logs an anonymous interaction signal to increment our public community traction counter. This workflow processes purely aggregate engagement metrics and does not collect, track, or associate personal identifying data, full names, or email records with the interaction.
  • Service Administration. To manage and maintain the early access email list, including deduplication and list hygiene.
  • Security and Fraud Prevention. To protect the Site against spam, abuse, and unauthorized access.
  • Hiring and Recruitment. To evaluate your candidacy for employment at BrikFi, including reviewing your qualifications, contacting you for interviews, and making hiring decisions. If hired, to verify your identity and work authorization through the E-Verify program.
  • Legal Compliance. To comply with applicable laws, regulations, legal processes, or governmental requests.
  • Analytics. To understand how users interact with the Site so that we may improve the user experience.

We will not sell, rent, or lease your email address or any personal information to third parties for their marketing purposes.

4. Legal Bases for Processing

We process your personal information under the following legal bases:

  • Consent. You have given clear consent for us to process your email address for the purpose of receiving pre-launch communications. You may withdraw consent at any time by unsubscribing.
  • Legitimate Interest. Processing is necessary for our legitimate interests in operating and improving the Site, provided those interests are not overridden by your data protection rights.
  • Legal Obligation. Processing is necessary for compliance with applicable legal obligations.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with the following categories of third parties, solely for the purposes described in this Privacy Policy:

  • Supabase Inc. Our backend infrastructure provider. Information submitted via the consumer early access list is stored in a Supabase-hosted database. Supabase processes data in accordance with its own privacy policy and applicable data processing agreements.
  • Brevo (formerly Sendinblue). Our email marketing and contact management provider. Your email address may be transmitted to Brevo for the purpose of managing communications. For Referral Program participants, referral-related attributes (referral code, BRIKs earned, referral count, email verification status, and market preferences) are also synced to Brevo. Brevo processes data in accordance with its own privacy policy.
  • Square, Inc. Our payment processor for event ticket purchases. When you make a payment, your card details are transmitted directly to Square's PCI DSS-compliant servers. Square processes payments in accordance with its own Square Privacy Policy. We receive only a transaction ID and payment status from Square.
  • Cloudflare, Inc. Provider of the Turnstile bot-verification service and content delivery network (CDN). Cloudflare may process limited technical data to verify form submissions and deliver Site content.
  • Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of BrikFi, our users, or the public.
  • Business Transfers. In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Site before your information becomes subject to a different privacy policy.

6. Data Retention

We retain your email address and associated data for as long as is necessary to fulfill the purposes described in this Privacy Policy, or until you request deletion. Specifically:

  • Early access list data will be retained through the platform launch period and for a reasonable period thereafter, unless you unsubscribe or request deletion earlier.
  • Automatically collected data (usage analytics, IP addresses) is retained in aggregate form and is not linked to your email address after initial processing.
  • Employment applicant data (name, email, phone, LinkedIn profile URL, and pre-screening responses) is retained for up to twenty-four (24) months following the date of submission, consistent with federal EEO and OFCCP record-keeping requirements. You may request deletion of your applicant data at any time by contacting privacy@brikfi.com.
  • E-Verify data. If hired, your Form I-9 and employment verification data will be shared with the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) through the E-Verify program, as required by law. E-Verify records are retained and disposed of in accordance with federal requirements.

7. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including:

7.1 All Users

  • Opt-Out / Unsubscribe. You may unsubscribe from our email communications at any time by clicking the "unsubscribe" link included in each email or by contacting us at privacy@brikfi.com.
  • Access. You may request access to the personal information we hold about you.
  • Deletion. You may request that we delete the personal information we hold about you.
  • Correction. You may request that we correct any inaccurate personal information.

7.2 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA"), provides you with additional rights:

  • Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which personal information is collected, and the business or commercial purpose for collecting such information.
  • Right to Delete. You have the right to request that we delete any personal information we have collected about you, subject to certain exceptions.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.
  • No Sale of Personal Information. We do not sell personal information as defined under the CCPA.

To exercise these rights, please contact us at privacy@brikfi.com. We will respond to verifiable consumer requests within 45 days.

7.3 Residents of Other U.S. States

If you reside in a state with applicable data privacy legislation (including but not limited to Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, and Delaware), you may have similar rights to those described above. Please contact us at privacy@brikfi.com to exercise your rights.

8. Children's Privacy

The Site and Service are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a child under 18, we will take steps to promptly delete such information. If you believe we have collected personal information from a child under 18, please contact us at privacy@brikfi.com.

9. Security

We implement commercially reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, and disclosure. These measures include, but are not limited to:

  • Encryption of data in transit using TLS/SSL protocols.
  • Row-level security policies on our database infrastructure.
  • Bot-detection and abuse-prevention via Cloudflare Turnstile.
  • Access controls limiting employee access to personal information on a need-to-know basis.
  • Symmetric Local State Storage. BrikFi records your preferred tracking preferences directly within your browser's environment using the brikfi_cookie_consent key. When you select 'Keep Essential Only', our application logs an 'essential' token state, programmatically disabling all optional third-party marketing and Google Analytics tracking elements while preserving local security and platform performance primitives.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Third-Party Links

The Site may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

11. International Data Transfers

Your information may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. By using the Site and providing your information, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email. Your continued use of the Site after any changes constitutes acceptance of the revised Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BrikFi Inc.

Email: privacy@brikfi.com

Subject Line: Privacy Policy Inquiry