Last updated: January 4th, 2026
The Blue Brook ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Software. It applies to all users worldwide and complies with applicable laws, including Japan's Act on the Protection of Personal Information (APPI), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), as amended.
Please read this policy carefully. By using our Software, you agree to the practices described here.
We collect the following categories of personal information:
We do not collect sensitive personal information as defined under applicable laws like GDPR or CCPA.
This information is necessary for the delivery of our services.
We do not sell personal information as defined by CCPA. Any future sharing for marketing would require opt-in consent where mandated (e.g., GDPR).
We process payment information (e.g. credit card details) through a secure third party provider (Stripe) and do not store this information within our organization.
Personal data is collected through user data entry on our platform during account creation and service usage.
We may also collect technical data such as IP addresses, browser types, and usage logs automatically for security and analytics, but this is anonymized where possible.
We may use essential cookies or similar technologies for the Software to function properly. Non-essential tracking requires your consent.
Collected personal data is used exclusively for:
We process data based on:
(a) performance of a contract (service delivery, payments);
(b) legitimate interests (account management, support);
(c) consent (marketing, where applicable).
Marketing communications require your explicit opt-in consent. You can withdraw consent at any time.
We use Stripe as our third-party payment processor. Stripe handles payment transactions securely, and payment information is processed by Stripe directly. We do not store any full payment card details on our systems. Interaction with Stripe may involve sharing necessary billing information to complete payment processing.
We have DPAs with third-party processors ensuring compliance with GDPR and equivalent standards. For data transfers outside Japan (e.g., AWS inter-regional transfers), we use approved mechanisms like Standard Contractual Clauses or adequacy decisions.
Sub-processors may include AWS for backups. A full list is available upon request.
We retain personal data for the duration necessary to provide our services and for the minimum required period to comply with financial and legal auditing obligations related to customer orders and payments. Users can request correction or deletion of their personal data via our support page at support.thebluebrook.com.
Email and account data: retained while active + 1 year for support; payment records: 7 years for legal compliance. Data is anonymized or deleted thereafter.
Deletion requests under GDPR/CCPA will be processed within statutory timelines (e.g., 1 month for GDPR, 45 days for CCPA).
Users have the right to access, correct, or request deletion of their personal data. Such requests can be made through our dedicated support portal.
Under GDPR, you have rights to access, rectify, erase, restrict processing, data portability, and object. Under CCPA, you have rights to know, delete, and opt-out of sales/sharing.
Requests are free, verified for security, and responded to within legal timelines. Denied requests include appeal options.
Our Software and services are not directed to or intended for use by children. We do not knowingly collect, use, or process personal data from children under the age of 16 (or under the age of 13 where required by applicable law, such as under the U.S. Children's Online Privacy Protection Act (COPPA)).
If you are a parent or guardian and believe that we have inadvertently collected personal data from your child, please contact us immediately at privacy@thebluebrook.com. We will promptly delete such information from our records in accordance with applicable laws.
We do not sell or share the personal data of minors under 16 years of age, as defined under the California Consumer Privacy Act (CCPA), without affirmative authorization where required.
We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on you.
All personal data is encrypted both in transit and at rest. Data persistence occurs exclusively in data centers located in Japan. Offsite backups may be stored in AWS data centers overseas only to maintain service continuity. We implement strict security policies and access controls to safeguard personal data.
In case of a data breach, we notify affected users and authorities as required by law.
We will notify users of material changes via email or prominent notice on our platform, at least 30 days in advance where required by law.
Future updates will comply with applicable laws (e.g., APPI, GDPR, CCPA) as required.
We do not sell or share personal data with third parties except for our payment processor.
However, we reserve the right to integrate with future partners solely for marketing purposes related to the business operations of The Blue Brook and its affiliate Ankh. Sharing with affiliates like Ankh is limited to operational purposes and requires consent for marketing.
All marketing communications will include clear options for users to opt out of future messages. Marketing integrations will only occur with your prior consent.
Where marketing emails or messages are sent, each will contain a specific capability that allows recipients to opt out of receiving further communications.
We send marketing only with opt-in consent, revocable anytime.
We collect the following categories of personal information from California residents:
- Identifiers, such as email addresses and names (including those of recipients).
This information is collected and used for the following business purposes:
- Service delivery and fulfillment
- Account creation and management
- Payment processing
- Customer service and support
We do not sell personal information as defined under the CCPA. We do not share personal information for cross-context behavioral advertising.
For a full description of our privacy practices and your rights under the CCPA (including rights to access, delete, correct, opt-out, and limit use of sensitive information), please review this Privacy Policy.
You may submit CCPA requests via our support portal at support.thebluebrook.com or by emailing privacy@thebluebrook.com.
If you have any questions about this Privacy Policy, please contact us at:
Email: privacy@thebluebrook.com
