— Legal · Privacy

Privacy policy

Last updated: 3 June 2026 · Brippo Ltd · Company No. 14493682

This policy explains what personal data Brippo Ltd ("Brippo", "we", "us") collects when you use brippo.com, why we collect it, who we share it with, and how you can exercise your rights under UK GDPR and the Data Protection Act 2018.

This policy covers the brippo.com marketing site. The handling of cardholder data through Brippo's payment products is governed by the Customer Terms & Conditions you sign as a merchant — available from your account manager or on request to info@brippo.com.

Who we are

Data controller: Brippo Ltd, a company registered in England and Wales under company number 14493682, registered office 71–75 Shelton Street, London WC2H 9JQ.

For privacy questions or to exercise your rights, contact info@brippo.com.

What data we collect

Through this site we collect personal data only when you actively give it to us:

  • Contact form (/contact): your name, email address, company name (optional), and the message you write.
  • Email correspondence: if you email us at info@brippo.com, we receive your email address and message contents.

We do not currently run analytics or marketing cookies on this site. See our Cookie policy for the full picture and what changes if we add analytics in future.

Why we collect it and our lawful basis

  • To respond to your enquiry — lawful basis: legitimate interests (Article 6(1)(f) UK GDPR). It's in our interest to respond to people who contact us, and in yours to receive a reply.
  • Follow-up communication you've asked for (e.g. a scheduled demo, a proposal) — lawful basis: performance of a contract or steps prior to entering one (Article 6(1)(b)).
  • Future marketing emails — only if you give us explicit consent (Article 6(1)(a)). We do not currently send marketing emails to contact-form submissions.

Who we share it with

We rely on a small set of third-party processors to operate the site. Each is bound by a data processing agreement and processes data only on our documented instructions:

ProcessorWhat they handleWhere
Stripe Payments UK Ltd
(FRN 900461)		 Regulated payment processing for Brippo's payment products. No contact-form data is sent here. UK / EU / US (SCCs)
Mandrill / Mailchimp Transactional Sends the email generated by the contact form to our team. Receives your name, email, company and message. US (UK adequacy + SCCs)
Cloudflare Hosting, CDN and DDoS protection for the site. Processes IP addresses transiently to serve pages. Global (UK adequacy / SCCs)

We do not sell personal data and we do not share it with advertising or data-broker networks.

International transfers

Where data is processed outside the UK (e.g. Mandrill in the US), we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an applicable adequacy decision. We will provide a copy of the safeguards in place on request.

How long we keep it

  • Contact-form submissions: kept for up to 24 months from your last contact, then deleted, unless we are in active commercial conversation with you (in which case standard CRM retention applies — see your Customer T&Cs if you become a customer).
  • Email correspondence: kept for as long as needed to handle your request plus a reasonable record-keeping period (typically up to 24 months).

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify data that is inaccurate or incomplete
  • Erase your data ("right to be forgotten") where it is no longer needed
  • Restrict processing while a question is being resolved
  • Object to processing based on legitimate interests
  • Receive a copy of your data in a portable format
  • Withdraw consent at any time where consent is the basis for processing

To exercise any of these rights, email info@brippo.com. We respond within one month.

If you believe we have mishandled your data, you can also complain to the UK Information Commissioner's Office: ico.org.uk/make-a-complaint.

Security

The site runs on Cloudflare Pages, TLS 1.3 in transit. Contact-form payloads are sent server-side to Mandrill via authenticated API and are not retained in the browser. The wider Brippo platform is certified to PCI-DSS Level 1 (via Stripe) and operates with the controls described on our Security & Compliance page.

Cookies

See our separate Cookie policy for the current cookie state and what controls the consent banner.

Changes to this policy

We may update this policy as the site evolves (for example, when we add analytics). The "Last updated" date at the top reflects the latest version. Material changes will be highlighted on this page for at least 30 days.

Contact

Privacy questions, data-subject requests, or anything else: info@brippo.com.

Regulatory note. Regulated payment services are provided by Stripe Payments UK Ltd (FRN 900461). Brippo never handles your funds — the payment flow is governed by Stripe's own privacy and terms in addition to your Customer T&Cs with Brippo.