Legal

The documents that govern your use of BriskQ. All seven are currently drafts pending review by qualified SaaS / data-protection counsel — finalisation is planned alongside our incorporation (Irish or UK Ltd) in 2026. The drafts reflect our actual data flows, sub-processors, and operational practice.

Operator: BriskQ is currently operated by Kevin Shivachi (Polish sole trader). Incorporation as a limited entity is planned for 2026; customers will be notified at least 30 days before any entity change.

v0.1 (draft)

Pending lawyer review

The contract between BriskQ and you when you use the Service. Covers acceptable use, fees, intellectual property, liability cap (12 months ARR), disclaimers and customer verification duty (Section 10), suspension and termination, governing law (Poland; Ireland or UK post-incorporation).

Request the full document →

v0.1 (draft)

Pending lawyer review

How we collect, use, and protect personal data when you use BriskQ. GDPR Article 13/14 compliant. Covers 7 data categories, retention periods, sub-processors, AI features (LLM sees only anonymised ratios), and your rights under GDPR / UK GDPR.

Request the full document →

Data Processing Agreement (DPA)

v0.1 (draft)

Pending lawyer review

GDPR Article 28 DPA — the agreement between you (Controller) and BriskQ (Processor) when we process personal data on your behalf. Includes sub-processor authorisation, international-transfer mechanisms (SCCs, UK IDTA, Swiss FADP), 72-hour breach notification, and audit rights.

Request the full document →

Acceptable Use Policy (AUP)

v0.1 (draft)

Pending lawyer review

What you can and cannot do with the Service. Covers prohibited content (Special Category data, MNPI about public companies, etc.), conduct prohibitions (no probing without authorisation, no multi-tenancy abuse, no scraping for competing products, no audit-trail tampering), API key responsibilities, and the responsible-disclosure programme.

Request the full document →

Cookie Policy

v0.1 (draft)

Pending lawyer review

How we use cookies and similar technologies. Four categories: strictly-necessary, functional, analytics, marketing (we use none). EU ePrivacy + GDPR consent compliant, GPC respected. Includes the consent banner specification.

Request the full document →

Sub-processor List

v1.0 (draft)

Pending lawyer review

The current list of third parties that may process your data on our behalf: Railway (EU hosting + PostgreSQL + Redis), Vercel (frontend), Resend (email), Anthropic (optional AI, anonymised data only), Stripe (when payments active), GoDaddy (DNS only). 30-day change notification with a 15-day objection right.

Request the full document →

Jurisdiction Clauses

v0.1 (draft)

Pending lawyer review

How governing-law, forum, and dispute-resolution clauses adapt as the operating entity moves from Polish sole trader to Irish or UK Ltd (planned 2026), and potentially Swiss / Delaware later. Customer-migration plan with 30-day notice on entity change.

Request the full document →

Questions or concerns?

Legal and contracts: legal@briskq.com

Privacy and data protection: privacy@briskq.com

Security disclosures: security@briskq.com

We respond to legal and privacy enquiries within 5 business days.