Privacy Policy

Last updated: 12 April 2026

This Privacy Policy explains how M4siz Limited, trading as Brivkor ("we", "us", "our"), collects, uses, and protects your personal information when you use our CPD management platform at brivkor.com, saas.brivkor.com, and app.brivkor.com (collectively, the "Services").

1. Who We Are

M4siz Limited is a company registered in England and Wales. Our registered address is:

2. Information We Collect

We collect information you provide directly when you:

• Register for an account (name, email address, organisation name)
• Log CPD activities (activity details, dates, hours, supporting documents)
• Subscribe to a paid plan (billing details processed by Stripe — we do not store card numbers)
• Contact us for support

We also collect limited technical data automatically (IP address, browser type, pages visited) for security and performance monitoring.

3. How We Use Your Information

• To provide and operate the Services
• To send transactional emails — account verification, password resets, invitation links, and subscription receipts
• To process payments and manage subscriptions
• To respond to support requests
• To comply with legal obligations

We do not send marketing emails without your explicit consent. We do not sell your personal data to third parties.

4. Email Communications

We send transactional emails only — these are messages required to operate your account (registration verification, password resets, team invitations, subscription confirmations). You opt in to these emails by registering for an account.

If you wish to close your account and stop receiving all communications, please contact us at privacy@brivkor.com.

5. Data Sharing

We share your data only with trusted sub-processors required to deliver the Services:

• Railway — cloud database hosting (PostgreSQL)
• DigitalOcean — server infrastructure
• Vercel — frontend hosting
• Stripe — payment processing
• SendGrid / Brevo — transactional email delivery

6. Data Retention

We retain your personal data for as long as your account is active, or as required to provide the Services. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or accounting purposes.

7. Your Rights (UK GDPR)

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing
• Portability of your data in a machine-readable format

To exercise any of these rights, email privacy@brivkor.com. We will respond within 30 days.

8. Cookies

We use essential session cookies to keep you logged in. We do not use advertising or third-party tracking cookies.

9. Security

We use industry-standard security measures including HTTPS/TLS encryption, hashed passwords, and access controls. No system is completely secure — if you believe your account has been compromised, contact us immediately at privacy@brivkor.com.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the email address associated with your account. Continued use of the Services after notice constitutes acceptance of the updated policy.

11. Contact Us

For privacy enquiries:

Email: privacy@brivkor.com