Privacy Policy

Breakpath ("we," "our," or "us") operates the website breakpath.io and provides sprint-based product development services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website, submit an application, use our client portal, or engage our services.

By using our website or services, you consent to the practices described in this policy. If you do not agree with this policy, please do not use our website or services.

We collect the following categories of information:

Personal Information: When you submit a sprint application or contact us, we collect your name, email address, company name, role, website URL, and project details you provide.

Account Information: If you create an account on our client portal, we collect your email address and a securely hashed password. We do not store passwords in plain text.

Payment Information: Payments are processed securely through Stripe. Breakpath does not collect, store, or have access to your full credit card numbers. Stripe may collect your card number, expiration date, CVC, and billing address directly. Please refer to Stripe's Privacy Policy for details on how they handle your payment data.

Usage Data: We automatically collect certain information when you visit our website, including your IP address, browser type and version, operating system, device type, pages visited, time spent on pages, referral source, and clickstream data.

Cookies and Tracking Technologies: We use cookies, pixels, and similar technologies to collect usage data, maintain session state, and analyze website performance. See Section 13 (Cookie Policy) for more details.

• Directly from you: When you submit an application, create an account, fill out a form, schedule a call, or communicate with us via email.
• Automatically: Through cookies, server logs, and analytics tools when you browse our website.
• From third-party services: We may receive information from service providers such as Stripe (payment confirmation), Google Analytics (website usage data), and Cal.com (scheduling details).

We use the information we collect for the following purposes:

• To evaluate sprint applications and determine project fit.
• To provide, manage, and deliver our sprint development services.
• To communicate with you about your application, engagement, or account.
• To process payments and send invoices.
• To improve, personalize, and optimize our website and user experience.
• To send marketing communications, newsletters, or updates (only with your consent, and you may opt out at any time).
• To monitor and analyze usage trends and website performance.
• To detect, prevent, and address fraud, abuse, or security issues.
• To comply with applicable legal obligations and enforce our terms.

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Consent: Where you have given explicit consent to the processing of your personal data for specific purposes, such as marketing communications.
• Contract Performance: Where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract (for example, evaluating your sprint application).
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our services, analyzing website usage, and preventing fraud, provided these interests do not override your rights.
• Legal Obligations: Where processing is necessary to comply with applicable laws, regulations, or legal proceedings.

We do not sell, rent, or trade your personal information to third parties. We may share your information with the following categories of service providers who assist us in operating our business:

• Stripe: Payment processing and invoicing.
• Supabase: Database hosting and authentication services.
• Vercel: Website hosting and deployment.
• Google Analytics: Website usage analytics and performance monitoring.
• Cal.com: Scheduling and calendar integration.

These providers are contractually obligated to use your information only to provide services to us and in accordance with applicable data protection laws.

We may also disclose your information if required to do so by law, in response to valid legal process (such as a subpoena or court order), to protect our rights or safety, or to prevent fraud or illegal activity.

• We retain personal information only as long as necessary to fulfill the purposes described in this policy or as required by applicable law.
• Sprint application data is retained for a period of two (2) years from the date of submission, after which it is deleted or anonymized.
• Client account data is retained until you request deletion of your account.
• Usage and analytics data is retained in aggregated or anonymized form and may be kept indefinitely for analytical purposes.
• Payment records are retained as required by applicable tax and accounting regulations.

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption of data in transit using TLS/SSL protocols.
• Encryption of data at rest in our database systems.
• Role-based access controls limiting who can access personal information.
• Regular security reviews and monitoring of our systems.
• Secure password hashing for all account credentials.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

Depending on your location, you may have the following rights regarding your personal information:

• Right of Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct any inaccurate or incomplete personal information.
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at privacy@breakpath.io. We will respond to your request within 30 days.

Breakpath is based in the United States. If you access our website or use our services from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using our services, you consent to the transfer of your information to the United States and other jurisdictions as described in this policy.

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe that we may have collected information from a minor, please contact us at privacy@breakpath.io.

Our website may contain links to third-party websites, services, or applications that are not operated by Breakpath. This Privacy Policy applies only to our website and services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.

Our website uses the following types of cookies:

• Essential Cookies: Required for the basic functionality of the website, such as maintaining your session state and authentication status. These cookies cannot be disabled.
• Analytics Cookies: Used by Google Analytics to collect information about how visitors use our website, including pages visited, time on site, and referral sources. This data helps us improve our website and user experience.

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may affect the functionality of our website. For more information about cookies and how to manage them, visit allaboutcookies.org.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request the deletion of your personal information, subject to certain legal exceptions.
• Right to Opt-Out of Sale: Breakpath does not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your California privacy rights, please contact us at privacy@breakpath.io.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, by sending an email notification to active clients. We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: