BBrand-in-a-Box
Legal

Privacy Policy

Last updated: February 2026

Brand-in-a-Box ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services. This policy is intended to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).

1. Information We Collect

We collect the following categories of information:

  • Contact information you voluntarily provide via the intake form, contact form, or email correspondence — including name, email address, company name, role, website, and project details.
  • Cookie and usage data collected automatically when you visit the site, including IP address, browser type, pages viewed, and referring URL.
  • Communication records when you contact us, including email threads, project briefs, and feedback.

2. How We Use Your Information

  • To respond to proposal requests and prepare custom proposals.
  • To deliver and manage branding engagements.
  • To issue invoices and process payments.
  • To send service-related communications.
  • To send marketing communications, only where you have provided explicit consent.
  • To improve our website performance and user experience.

3. Legal Basis for Processing (GDPR / UK GDPR)

We process your personal data under one or more of the following legal bases: contract performance, legitimate interests, legal compliance, and consent.

4. Cookies

We use essential, analytics, marketing, and preference cookies. You can manage your preferences at any time via the cookie banner or by visiting our Cookie Policy.

5. Analytics

We may use privacy-respecting analytics providers to understand aggregate usage. Analytics cookies are only set after you grant consent.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Submission records are retained for up to 36 months unless a longer period is required by law.

7. Third-Party Services

We may share information with vetted third-party providers strictly to operate our business — for example, payment processors, email providers, and hosting providers. These providers process information only on our behalf and are bound by data protection obligations.

8. International Transfers

Where personal data is transferred outside the EEA/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

9. Your Rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. California residents have specific rights under the CCPA, including the right to know, delete, and opt-out of the "sale" of personal information. We do not sell personal information.

10. Security

We implement reasonable administrative, technical, and physical safeguards to protect your information. However, no method of transmission over the internet is fully secure.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes

We may update this policy from time to time. The "Last updated" date will reflect any changes.

13. Contact

For privacy-related requests, contact hello@bigeyedeassystems.com.

We value your privacy

We use cookies to enhance browsing experience and analyse traffic. Read our Cookie Policy.

Made with Emergent