Brown Thrasher Labs
Brown Thrasher Labs

01. Privacy Policy

Privacy

Last updated: June 10, 2026

1. Our Role as Data Processor

Brown Thrasher Labs ("BTL") provides a software-as-a-service (SaaS) dashboard and data management platform. In this capacity, we act as a Data Processor. Our clients (organizations using BTL-Dashboard to manage their operational data) act as the Data Controllers.

We process personal data solely on behalf of our clients and in accordance with their instructions. We do not own, sell, or independently use any data entered into the platform by our clients or their users.

2. Data We Collect

To facilitate dashboard and data management functions, the BTL-Dashboard platform may store the following categories of data:

  • Identity Data: Names, email addresses, and user account information for authentication and access control.
  • Contact Data: Email addresses, phone numbers, and addresses stored within client-defined data collections.
  • Operational Data: Records, files, and structured data entered into collections by client users.
  • Configuration Data: Dashboard layouts, schema definitions, branding settings, and permission configurations.

3. Infrastructure & Security

Security is the core of our infrastructure. We utilize AWS (Amazon Web Services) regions located within the United States (US-East-1) for primary storage.

  • Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Access Control: We employ strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for all administrative access.
  • Audits: We conduct security reviews and are working toward SOC 2 Type II certification.

4. Data Retention

We retain client data for the duration of the active service agreement. Upon contract termination, data is kept in a "read-only" recovery state for 30 days before being permanently cryptographically erased, unless a longer retention period is required by applicable regulations or law.

Contact the Data Protection Officer

For inquiries regarding data residency, DPA signatures, or security audits, reach our security team directly.