Privacy Policy

1. Our Role as Data Processor

Brown Thrasher Labs ("BTL") provides software-as-a-service (SaaS) for group travel and logistics management. In this capacity, we act as a Data Processor. Our clients (Casino Operators, Travel Groups, and Event Organizers) act as the Data Controllers.

We process personal data solely on behalf of our clients and in accordance with their instructions. We do not own, sell, or independently use the passenger manifest data entered into our system.

2. Data We Collect

To facilitate travel logistics and CRM functions, the BTL Platform may store the following categories of data:

• Identity Data: Names, Dates of Birth, Passport/ID Numbers (for TSA/Manifest compliance).
• Contact Data: Email addresses, phone numbers, and physical addresses.
• Travel Data: Flight numbers, hotel room assignments, and arrival/departure times.
• Preferences: Dietary restrictions, seating preferences, and tier status provided by the Operator.

3. Infrastructure & Security

Security is the core of our infrastructure. We utilize AWS (Amazon Web Services) regions located within the United States (US-East-1) for primary storage.

• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
• Access Control: We employ strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for all administrative access.
• Audits: We undergo regular third-party vulnerability assessments to maintain SOC 2 compliance standards.

4. Data Retention

We retain client data for the duration of the active service agreement. Upon contract termination, data is kept in a "read-only" recovery state for 30 days before being permanently cryptographically erased, unless a longer retention period is required by gaming regulations or law.