Bruno Privacy Policy

Personal Information We Collect

Personal information means information about an identifiable individual. Bruno collects personal information that is necessary for the purposes of providing and improving our Service. The types of personal data we may collect include:

We aim to limit the personal information we collect to only that which is needed for the purposes set out in this Policy. You always have the choice not to provide certain personal information; however, doing so might limit your ability to use some features of Bruno. For example, if you choose not to provide a client's contact information, you won't be able to use Bruno to email recommendations to that client.

How We Use Personal Information

Bruno uses the collected personal information for the following purposes, which are reasonable and necessary in the context of providing a B2B referral platform:

• To Provide and Maintain the Service: We process your personal data to authenticate you when you log in, to display your content (like your list of clients or recommended providers), and to enable you to share recommendations with your clients. For example, we will use a client's email address to send them a recommendation list on your behalf if you choose to do so. We also use personal data to maintain and administer the platform (such as backing up data, preventing crashes, and securing your information).
• To Facilitate Communication: We use contact information (your email, and your client's email if provided) to send necessary communications. This includes sending verification emails, notifications about referrals (e.g. "Your realtor has shared a list of providers with you"), updates about platform features, or important service alerts (such as security or downtime notices). We may also use your phone number if provided for account security (e.g. two-factor authentication via SMS) or urgent issues.
• To Improve and Develop the Service: Usage data and feedback are used to understand how our users interact with Bruno so we can improve functionality and user experience. For instance, we analyze which features are most used or where users encounter errors, so we can optimize those areas. We might use aggregated data to develop new tools or features that benefit our users. Any analytics we perform on personal data are typically done in an aggregate or de-identified manner (we remove or anonymize personal identifiers) whenever feasible.
• To Provide User Support: Information you provide in support requests (and relevant account or usage info) will be used to help resolve your issue or answer your questions. We may also use your feedback or support queries to fix problems and enhance Bruno.
• Analytics and Usage Tracking: We use third-party analytics services (such as Google Analytics or PostHog) to collect and analyze usage information, helping us understand user behavior and preferences. These services may use cookies and similar technologies (as described above) to gather usage data and report trends. Analytics data is generally in aggregate form and does not focus on individual user identities, though some analytic tools might record user session information. We use this data internally to make informed decisions about improvements and to monitor the health of our Service.
• Marketing and Updates (Opt-In): Bruno may occasionally send you informational newsletters, product updates, or promotional communications about new features if you have consented to such communications or if you are an existing user and applicable laws allow. For example, as a registered user, we might email you tips on using Bruno or notify you of new functionality. You will have the opportunity to opt out of marketing emails at any time by clicking the unsubscribe link in any such email or by adjusting your email preferences in your account settings. (Transactional or service-related communications, such as security alerts or password resets, cannot be opted out of, as they are necessary for service usage.)
• Ensure Security and Prevent Misuse: We may use personal information (like account IDs and logs) to monitor for suspicious or fraudulent activity, to verify accounts, and to enforce our Terms and Conditions. This includes reviewing logs in case of suspected violations or investigating incidents. If we detect potential security threats or misuse of the Service, we may use relevant personal data to mitigate and address these issues (e.g. blocking an IP address that is hammering our server, or contacting a user if their account appears compromised).
• Legal Compliance: We will use and disclose personal information as necessary to comply with our legal obligations. For instance, to respond to a court order or lawful request by public authorities (more details in "Disclosure" section), to meet tax and accounting requirements, or to assert our legal rights or defend against legal claims.

Bruno will not use personal information for purposes other than those described above without obtaining your consent, unless otherwise required or permitted by law. We do not engage in automated decision-making or profiling that produces legal effects concerning individuals, outside of typical filtering or sorting that occur within the platform's functionality as directed by users.

Disclosure of Personal Information

Bruno is not in the business of selling or renting personal data. We only share personal information in the ways described here, in order to provide our Service, with your consent, or as required by law. The circumstances under which we may disclose personal information include:

In all cases of disclosure, we always aim to minimize the amount of personal data shared to only what is necessary for the specific purpose. When personal information is disclosed to third parties (including service providers), we take steps to ensure those parties implement appropriate privacy and security measures.

International Data Storage and Transfers

Bruno is based in Canada, but we may use cloud services or processors located in other countries (for example, the United States) to store and process data. Personal information may therefore be transferred to, or stored in, a jurisdiction outside of your own, including the USA or other countries that may have different data protection laws than Canada. In particular, data stored on cloud servers in other countries may be subject to lawful access requests by courts, law enforcement, or other authorities in those jurisdictions.

However, in all cases, Bruno will ensure protection of personal data in line with PIPEDA requirements. When personal information is transferred outside of Canada, we will rely on contractual safeguards (such as standard data protection clauses) and the policies of our service providers to ensure that your information remains protected.

By using Bruno and providing personal information, you understand and consent that your data may be stored or processed in other countries as explained. If you prefer or require your data to be stored only in Canada, please contact us to discuss any available options – we will do our best to accommodate reasonable requests, though our primary infrastructure may involve cross-border processing.

Data Retention

Bruno retains personal information only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal or business requirements. This means:

Once personal information is no longer necessary or relevant for the identified purposes, or once you request deletion (and we have no other legal basis to keep it), we will either securely delete, destroy, erase, or anonymize the information. We strive to ensure that our retention practices comply with PIPEDA's principles of limiting use, disclosure, and retention.

Protection of Personal Information (Security)

Bruno takes the security of personal information seriously. We implement administrative, technical, and physical safeguards that are appropriate to the sensitivity of the personal data in our custody. These measures are designed to protect your personal information against loss or theft, as well as unauthorized access, use, copying, disclosure, alteration, or destruction. Some of the security practices we employ include:

• Encryption: We use encryption to protect data in transit and at rest. For example, our website and app use HTTPS (TLS encryption) for all data transfer, and sensitive data in our databases is encrypted or hashed (like passwords).
• Access Controls: We restrict access to personal information to employees, contractors, and service providers who need to know that information in order to operate, develop, or improve our Service. Those who have access are bound by strict confidentiality obligations. Our staff are trained on the importance of privacy and are required to adhere to our privacy and security policies.
• Network and System Security: Our servers are protected by firewalls and monitoring systems. We regularly update our software and apply security patches to address potential vulnerabilities. We may employ intrusion detection and prevention systems to alert us of suspicious activities.
• Testing and Assessments: We periodically test and assess our security measures (for example, through security audits or penetration testing by qualified experts) to ensure our systems are robust.
• Data Minimization: We only collect information that we truly need, which helps reduce the risk in case of any security issue. We also strive to anonymize or pseudonymize data when full details are not required for the operation (for instance, using unique user IDs internally instead of easily identifiable info in logs when feasible).
• Incident Response: Bruno has a data breach response plan. In the event of a security breach that affects personal information, we will act promptly to contain the issue, assess the scope, and notify affected parties and authorities as required by law. PIPEDA requires us to report certain breaches to the Privacy Commissioner of Canada and to notify individuals if there is a risk of significant harm; we are committed to fulfilling these obligations.

Despite our efforts, no security measures are completely infallible. The transmission of information via the internet is not entirely secure, so we cannot guarantee absolute security of data. It is important that you also play a role in keeping your information safe: use a strong, unique password for Bruno, do not share your login credentials, and notify us immediately if you suspect any unauthorized access to your account. We will support users in recovering from any security incidents to the best of our ability.

Your Rights and Choices

As a user of Bruno, or as an individual whose information is stored on Bruno, you have certain rights and choices regarding your personal data. We are committed to respecting these rights in accordance with Canadian law:

We will never discriminate against someone for exercising their privacy rights. Any requests related to personal data rights can be sent to us through the contact information below. We may need to verify your identity before processing certain requests (to ensure that we are protecting the correct person's data). Verification might involve confirming account details or requesting additional information as needed. We will respond to your request within a reasonable timeframe, and in any event as required by law (usually within 30 days for access requests under PIPEDA, with possible extension if needed, which we would communicate to you).

Children's Privacy

Bruno is a business-oriented service not intended for use by children. We do not knowingly collect personal information from individuals under the age of 13 (and in most cases, Bruno's user base is professional adults). If you are under 13, please do not use Bruno or provide any personal information. We advise all users not to add personal details of anyone under 13 into the platform unless absolutely necessary and done in compliance with law (for example, if a minor is a client, ensure proper parental consent).

If we become aware that we have inadvertently collected personal data from a child under 13 without appropriate consent, we will take steps to delete such information from our records.

Updates to this Privacy Policy

Bruno may update or change this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will revise the "Last Updated" date at the top of this Policy. If we make any material changes, we will provide a prominent notice, which may include notifications within the Bruno platform or sending an email to registered users, to inform you of the update.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Bruno after any changes to this Policy signifies your acceptance of the updated terms (to the extent permitted by law). If you do not agree with the changes, you should cease using the Service and you may request that we remove your personal data.

Contact Us

Bruno welcomes questions, requests, and feedback regarding this Privacy Policy and our privacy practices. If you would like to access or correct your information, or if you have a privacy-related concern or complaint, please contact our Privacy Officer at:

When contacting us, please provide sufficient information for us to verify your identity (if applicable) and to understand your request. We will respond to privacy inquiries as promptly as possible.

If you feel that we have not addressed your privacy questions or concerns satisfactorily, you have the right to contact the Office of the Privacy Commissioner of Canada (OPC) for further assistance or to lodge a complaint. The OPC can be reached at 1-800-282-1376 or www.priv.gc.ca. If you are in Quebec, Alberta, or British Columbia, you may also contact your provincial privacy commissioner, as PIPEDA may not apply to intra-provincial activities in those provinces which have their own private-sector privacy laws.

Thank you for trusting Bruno with your professional needs and your personal data. We are dedicated to maintaining that trust by safeguarding privacy and being transparent about our practices.