Sign Up Today

Privacy Policy

Effective date: 28/01/2026

This Privacy Policy explains how brix Innovation (“brix”, “we”, “us”, or “our”) collects, uses, discloses, and protects information when you use our applications and services, including:

  • brix UI (the web application used by administrators and technicians)
  • Public quote/share pages (customer-facing quote links, where enabled)
  • Backend APIs that support the above

If you do not agree with this Privacy Policy, do not use the Services.

brix complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), where applicable. Where users are located outside Australia, we take reasonable steps to comply with applicable local privacy laws.

1.Information we collect

1.1 Information you provide

Depending on how you use the Services, you may provide:

  • Account and profile information: name, email address, phone number, organisation details.
  • Business data you input: price book items, quotes, quote options, work orders, settings, templates, and related notes/metadata.
  • Files and media: documents, photos, and other attachments you upload (e.g., “Docs & Photos”).
  • Signature information: where you capture or apply signatures in connection with quotes/approvals (including the typed/printed name and signature image you provide).
  • Communications: information included when you contact support or communicate with us.

1.2 Information collected automatically

When you use the Services, we (and our service providers) may automatically collect:

  • Device and browser information: browser type/version, operating system, device identifiers, and settings.
  • Usage information: pages/screens viewed, features used, actions taken, timestamps, referring pages, and diagnostic events.
  • Network information: IP address, approximate location inferred from IP, and network metadata.
  • Log data: server logs and security/audit logs generated as part of operating the Services.

1.3 Authentication and identity

We use AWS Cognito for authentication. Authentication tokens and session information may be stored on your device by the authentication library (e.g., AWS Amplify), depending on configuration and browser capabilities.

2.How we use information

We use the information we collect to:

  • Provide and operate the Services (authentication, tenant routing, rendering, file access, and core functionality).
  • Process and display your content (quotes, pricebook data, attachments, signatures, templates).
  • Secure the Services (fraud prevention, abuse monitoring, access control, auditing).
  • Maintain and improve the Services (debugging, performance monitoring, feature development).
  • Communicate with you about the Services, including support messages and service-related notices.
  • Send you marketing communications and newsletters, where you have opted in or as permitted by law.
  • Comply with legal obligations and enforce our terms and policies.

3.How we share information

We do not sell personal information. We may share information in the following circumstances:

3.1 Service providers (processors)

We use third-party service providers to host and operate parts of the Services, including:

  • Amazon Web Services (AWS): authentication (Cognito), hosting/infrastructure, storage (e.g., S3), content delivery (e.g., CloudFront), and related services.
  • Google Maps JavaScript API: used to power address/search/place features in the Admin UI, where enabled/configured.

By using our application, you are bound by the Google Maps/Google Earth Additional Terms of Service and the Google Privacy Policy.

These providers process data on our behalf under agreements and instructions consistent with this Privacy Policy.

3.2 Customer/tenant sharing

If you use features that share content externally (for example, public quote links), information you choose to share may be visible to recipients. Access may also involve email-based sharing or invitation flows where applicable.

3.3 Integrations you enable

If you enable third-party integrations (for example, field-service or CRM integrations), we may share information with those third parties as needed to provide the integration, subject to your configuration and the third party’s policies.

3.4 Legal and safety

We may disclose information if we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or governmental request.
  • Protect the rights, property, and safety of our users, customers, or others.
  • Prevent fraud, security issues, or abuse of the Services.

3.5 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed and transferred as part of that transaction, consistent with applicable law.

3.6 Business vs Users vs Customers

brix customers (business account holders) control the business data entered into the platform. Technicians and end customers interact with that data as authorised by the account holder. Requests relating to business data may need to be directed through the relevant account owner.

4.Cookies, local storage, and similar technologies

4.1 Cookies

We may use cookies and similar technologies for security and to deliver content. For example:

  • Signed cookies for protected content: The backend may set CloudFront signed cookies (typically Secure and HttpOnly) to allow your browser to access protected files and media via our content delivery network.

Some cookies may be required for the Services to function.

4.2 Local/session storage

The Services may store certain data locally in your browser, such as:

  • Session and auth-related information stored by authentication libraries depending on configuration.

You can remove local storage/session storage through your browser settings, but doing so may sign you out or reset app state.

5.Data retention

We retain information for as long as necessary to:

  • Provide the Services and fulfill the purposes described in this Privacy Policy,
  • Comply with legal obligations,
  • Resolve disputes, and
  • Enforce our agreements.

Retention periods may vary depending on the type of data and how it is used. Where feasible, we may delete or de-identify information when it is no longer needed.

Upon account termination, we will retain or delete customer data in accordance with our retention policies, legal obligations, and contractual commitments. Where feasible, data will be deleted or anonymised within a reasonable period after termination, unless retention is required by law.

6.Security

We take reasonable administrative, technical, and organisational measures designed to protect information against unauthorised access, loss, misuse, alteration, and disclosure. However, no security measure is perfect, and we cannot guarantee absolute security.

In the event of a data breach that is likely to result in serious harm, we will comply with applicable data breach notification laws, including notifying affected individuals and regulators as required.

7.International transfers

Your information may be processed and stored in countries other than where you live, including where our service providers operate their infrastructure. When we transfer information internationally, we take steps designed to ensure appropriate safeguards are in place, consistent with applicable law.

8.Your choices and rights

Depending on your location and applicable law, you may have rights to:

  • Access information we hold about you,
  • Correct inaccurate information,
  • Delete information in certain circumstances,
  • Object to or restrict certain processing, and
  • Port your information where applicable.

To exercise these rights, contact us using the details in the “Contact us” section. We may need to verify your identity and/or authority to act on behalf of a tenant organisation.

We will only send marketing communications where you have explicitly opted in or where permitted under applicable spam and marketing laws. You can opt out at any time.

9.Children’s privacy

The Services are not intended for children, and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us, and we will take appropriate steps to delete it.

10.Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date. Your continued use of the Services after the effective date means you accept the updated policy.

11.Contact us

If you have questions or requests regarding this Privacy Policy, contact:

If you have a complaint about how we handle your personal information, please contact us. We will respond within a reasonable timeframe (usually 30 days).