Privacy Policy
Effective date: 5 March 2026
Brainstack Technologies, a unit of Aqueduct Advisors Private Limited ("Brainstack", "we", "us"), provides software engineering and consulting services for clients across multiple regions. This policy explains what personal data we collect, how we use it, and the rights available to individuals.
1) Data we collect
- Contact details submitted through forms (name, email, phone, company, message).
- Engagement context (selected service, project scope, timeline, budget range).
- Technical data (IP address, browser/device metadata, timestamps, referrer, UTM parameters).
- Security/anti-abuse data (reCAPTCHA signals and fraud-prevention telemetry).
- Communication records (email correspondence and meeting notes related to your inquiry).
2) How we use personal data
- Respond to inquiries, proposals, and support requests.
- Provide, operate, and improve our services.
- Secure the website, detect abuse, and prevent fraud.
- Comply with legal, regulatory, and contractual obligations.
- Send business communications when you request or consent to them.
3) Legal bases
Depending on jurisdiction, we process data under one or more legal bases: consent, performance of a contract, legitimate interests (for service operations and security), and compliance with legal obligations.
4) Cookies and similar technologies
We may use essential cookies and analytics technologies to operate the site and measure usage. You can control cookies in your browser settings. Blocking some cookies may affect site functionality.
5) Sharing and subprocessors
We do not sell personal data. We may share limited data with trusted subprocessors who support service delivery (for example hosting providers, analytics platforms, spam/fraud protection, and communication tools), under contractual confidentiality and security obligations.
6) International data transfers
Because we serve clients internationally, data may be processed outside your country of residence. Where required, we apply appropriate safeguards (such as contractual protections and access controls) for cross-border transfers.
7) Data retention
We retain inquiry and business communication records only as long as needed for the purposes described above, and to meet legal, accounting, or dispute-resolution requirements. Inactive lead data is periodically reviewed and deleted or anonymized.
8) Security measures
We use industry-standard safeguards including HTTPS/TLS, least-privilege access, audit logging, and monitoring. No system is 100% secure, but we continuously improve controls to reduce risk.
9) Your rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability, or objection to processing of your personal data. You may also withdraw consent where consent is the legal basis.
10) Regional notices (GDPR/UK GDPR/CCPA/Australian Privacy Act)
- EU/UK: You may lodge a complaint with your supervisory authority.
- California: You may request disclosure/deletion rights under applicable California law.
- Australia: We handle personal information in line with the Australian Privacy Principles.
11) Data breach response
If a notifiable data breach occurs, we follow incident response procedures and provide notifications as required by applicable law and contractual obligations.
12) Changes to this policy
We may update this policy from time to time. Material updates will be reflected by revising the effective date on this page.
13) Contact
Privacy requests or questions can be sent to info@brainstacktechnologies.com.
Legal notice: This page provides general privacy information and does not constitute legal advice.