Privacy Policy
Effective from: 2 July 2026 · Terms of Service · International Data Transfers
This page describes what personal data BREVET collects, how we use it, and how we protect it. This document is prepared in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Act No. 110/2019 Coll., on the Processing of Personal Data.
BREVET Tech, s.r.o.
Registered seat: Mužíkova 1, Prague 4, 140 00, Czech Republic
Company ID (IČO): 29756359
Contact email: info@brevet.cz
1. What Data We Collect
In operating the BREVET platform (intermediation of tradesperson services), we collect the following categories of personal data:
| Category | Specific data | From whom |
|---|---|---|
| Identifying information | First and last name | Customers, Tradespeople |
| Contact information | Phone number, email address | Customers, Tradespeople |
| Location data | Address or location of the Job | Customers |
| Business information | Company ID (IČO), trade licence number, field of activity, banking and payout details processed via Stripe Connect | Tradespeople |
| Communication data | Content of messages via WhatsApp / SMS and voice calls (robocall) in connection with facilitating a Job | Customers, Tradespeople |
| Payment data | Transaction data processed via the Stripe payment gateway (Stripe Connect) — BREVET does not store payment card numbers | Customers, Tradespeople |
| Ratings and reviews | Review text, numeric rating, reviewer's name (limited to first name and last-initial), link to the specific completed Job | Customers |
2. Purpose of Processing
We process personal data for the purpose of:
- Facilitating contact between a Customer and a Tradesperson
- Communication regarding a specific Job (confirmations, notifications, scheduling coordination)
- Verifying Tradespeople's qualifications as part of the approval process, including management of the Platform's safety and liability
- Operating the emergency dispatch cascade (automated voice calling) in urgent cases
- Phone contact with the Tradesperson for emergency Jobs (automated call connection)
- Processing payment for services rendered
- Publishing verified ratings of completed Jobs
- Fulfilling legal obligations (e.g. accounting and tax regulations)
- Improving the quality and security of the Platform
3. Legal Basis for Processing
- Performance of a contract — processing necessary to facilitate and carry out a Job, including operational messages via WhatsApp / SMS and the emergency dispatch cascade
- Legitimate interest— fraud prevention, Platform security, verification of Tradespeople's qualifications
- Legal obligation — accounting and tax records
4. Communication via WhatsApp, SMS, and Voice Calls
BREVET uses the WhatsApp Business API (operated by Meta) to send messages related to Jobs — e.g. job confirmations, registration links, notification of a new Tradesperson.
- We only send messages to users who have consented to receive them (e.g. by replying to the first message or registering in the app)
- Messages are encrypted (Signal protocol) in transit between the user's device and Meta's infrastructure (WhatsApp Cloud API). At that point, Meta, acting as a processor, decrypts the message and forwards it to BREVET's systems; Meta does not use the content for its own purposes (e.g. advertising) and retains messages on its servers for a maximum of 30 days
- For emergency Jobs, BREVET uses Twilio to place automated voice calls (robocalls) to available Tradespeople as part of the dispatch cascade; this processes the Tradesperson's phone number and the basic Job information necessary to offer the Job for acceptance
- Users may opt out of this communication at any time by replying „STOP" or by contacting us at our contact email
5. Who We Share Data With
Personal data may be disclosed to the following third parties, solely for the purpose of operating the service:
- Meta / WhatsApp Business Platform — for message delivery
- Stripe — for payment processing (Stripe Connect)
- Twilio — for automated voice calls (robocalls) to Tradespeople as part of the emergency dispatch cascade
- Supabase — for database storage (hosting and authentication)
- Vercel — for hosting the web and mobile application
- Google Ireland Ltd. — for web analytics and advertising measurement (Google Analytics, Google Ads)
- Seznam.cz, a.s. — for conversion measurement and remarketing (Sklik)
These companies process data under data processing agreements (DPAs) and in accordance with GDPR. We never sell data to third parties for marketing purposes. Several of these companies are based outside the European Economic Area — details on the legal basis for this transfer are set out in a separate document, International Data Transfers.
6. Data Retention Period
- Job and communication data: for the duration of the contractual relationship + 3 years (to address any potential disputes)
- Accounting and tax records: per statutory retention periods applicable in the Czech Republic (typically 10 years)
- Ratings and reviews: for as long as the Platform operates, as part of the brand's rating history; a reviewer's personal identifying information may be anonymized upon request (see Section 7)
- Marketing/communication data: until consent is withdrawn
7. Your Rights
As a data subject, under GDPR you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erasure („the right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time, without affecting the lawfulness of processing carried out before its withdrawal
- Lodge a complaint with the Office for Personal Data Protection (ÚOOÚ), www.uoou.cz
Where an erasure request concerns a published review, BREVET will generally anonymize the reviewer's personal data (name, link to the specific individual), while the substantive content of the review, as information about the service provided, may be retained in accordance with Article 17(3) GDPR and the Platform's Terms of Service.
To exercise any of these rights, please contact us at info@brevet.cz. We will respond to your request within 30 days at the latest.
8. Data Security
We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, or misuse, including encrypted communication and restricted access to databases.
9. Changes to This Document
This document may be updated from time to time. We will inform users of material changes via the Platform or by email.
10. Contact
Write to us at: info@brevet.cz