Last Updated: May 2, 2026
This Privacy Policy describes how BrikMate, Inc. ("BrikMate," "we," or "our") collects, uses, and shares information in connection with our website at brikmate.com (the "Website") and the BrikMate software-as-a-service platform (the "Platform").
BrikMate is a business-to-business commercial real estate technology company. Most personal information that flows through the Platform is provided to us by our customers (commercial real estate operators, property managers, brokerages, universities, and similar organizations) when they upload lease documents and related materials. When BrikMate processes that information on our customers' behalf, we act as a service provider or processor under applicable U.S. privacy laws, and our customers' own privacy notices govern the collection of that information from the individuals it concerns.
If you have a question about how a specific BrikMate customer collects or uses personal information, please contact that customer directly.
This Policy applies to information BrikMate collects through the Website and the Platform, and to information BrikMate processes on behalf of its customers. We act in two distinct roles:
1.1 Business or Controller. When you visit the Website, contact us, request a demo, apply for a job, or interact with us as a representative of one of our customers or prospective customers, BrikMate is the business or controller of the personal information we collect from you. This Policy describes those activities directly.
1.2 Service Provider or Processor. When a BrikMate customer uses the Platform, the customer determines what data to upload and process. The customer is the business or controller of personal information contained in customer documents (such as lease documents, addenda, and related correspondence). BrikMate acts as that customer's service provider or processor and processes the information only on the customer's documented instructions and in accordance with our agreement with the customer.
When you interact with the Website or the Platform, you may provide us with: name, business email address, phone number, employer or organization, job title, address (typically a business address), account credentials, billing and payment information, content you submit through contact or demo-request forms, and any messages you send to us.
We and our service providers automatically collect certain information when you use the Website or the Platform, including: IP address, device and browser type, operating system, referring and exit URLs, pages viewed, dates and times of access, links clicked, and similar usage information. We use cookies and similar technologies to operate the Website and the Platform, remember your preferences, and analyze usage. The Website does not currently respond to Do Not Track signals. You can control cookies through your browser settings; some Website functions may not work without them.
When a BrikMate customer uses the Platform, the customer uploads lease documents, lease abstracts, and related materials ("Customer Data," as defined in BrikMate's Terms and Conditions). Customer Data may contain personal information about the customer's authorized users, tenants, guarantors, landlords, brokers, and other individuals named in lease documents, including names, business and home addresses, signatures, and, in some lease documents, government-issued identification numbers. BrikMate processes Customer Data as a service provider or processor on the customer's instructions, as described in Section 1.2.
BrikMate does not require, and asks customers not to upload, payment card numbers, full bank account credentials, protected health information, biometric identifiers, children's information, or login credentials or security codes other than those issued by BrikMate for use of the Platform. Customers are responsible for the personal information they choose to upload.
We may receive information about you from publicly available sources, business-data providers, our customers (for example, when a customer adds you as an authorized user), and our service providers (such as analytics and email-delivery providers).
We use the information described in Section 2 to: provide, operate, maintain, and secure the Website and the Platform; create and manage accounts; authenticate users; deliver customer support; process transactions and invoicing; communicate with you about service notices, updates, and security issues; respond to your inquiries; comply with legal obligations and enforce our agreements; and, where permitted, send you marketing communications about BrikMate. You can opt out of marketing emails at any time using the unsubscribe link in those messages.
We use Customer Data only to provide and improve the Platform for our customers, in accordance with our agreement with the relevant customer and Section 4 below.
BrikMate uses artificial-intelligence and machine-learning technology to extract structured information from customer documents and to verify extracted values. This processing happens through service providers identified at brikmate.com/subprocessors.
BrikMate does not use raw Customer Data to train, fine-tune, or otherwise improve any machine-learning model, foundation model, or other artificial-intelligence model. Any data BrikMate uses to improve the Platform is aggregated and de-identified so that it does not directly or indirectly identify any customer, authorized user, or individual whose information appears in Customer Data.
BrikMate's AI service providers are contractually committed not to use BrikMate's API inputs or outputs to train their own models, and BrikMate verifies this posture on a recurring basis.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We share personal information only as described below.
5.1 Service Providers and Sub-processors. We share information with service providers and sub-processors that help us operate the Website and the Platform, as further described in Section 8. These providers are contractually obligated to use the information only to provide services to BrikMate and consistent with this Policy.
5.2 At the Direction of Our Customers. We share Customer Data and related information at the direction of the customer that provided it, including with that customer's authorized users.
5.3 Legal and Safety. We may disclose information to comply with applicable law, valid legal process, or governmental requests; to enforce our agreements and policies; to protect the rights, property, or safety of BrikMate, our customers, or others; or to detect, prevent, or address fraud or security issues.
5.4 Business Transactions. If BrikMate is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be transferred as part of that transaction. We will require any successor entity to honor the commitments in this Policy with respect to information transferred.
5.5 With Your Consent. We may share information for any other purpose with your consent.
BrikMate maintains administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include: encryption in transit using TLS 1.2 or higher; encryption at rest using AES-256 for production databases and object storage; passwords stored as argon2id hashes with per-user salts; multi-factor authentication for production consoles where supported; logical separation of customer environments; least-privilege access controls; audit logging across cloud-provider, application, and database layers; and a written information security program reviewed at least quarterly.
If BrikMate becomes aware of any unauthorized access to, acquisition of, or disclosure of Customer Data while in BrikMate's custody or control, BrikMate will notify the affected customer without undue delay, and in any event within seventy-two (72) hours of becoming aware of the incident, in accordance with the customer's agreement with BrikMate.
No security program is perfect, and we cannot guarantee that information will never be accessed, used, or disclosed in a manner inconsistent with this Policy.
BrikMate is based in the United States and stores production data in cloud regions located in the United States. All BrikMate engineering personnel with logical access to Customer Data are based in the United States.
If you access the Website or the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your jurisdiction.
BrikMate engages third-party service providers ("Sub-processors," as defined in BrikMate's Terms and Conditions) to help us operate the Platform. The current list of Sub-processors that process Customer Data is published at brikmate.com/subprocessors and is the authoritative list of vendors that handle Customer Data.
BrikMate evaluates each Sub-processor for security and privacy posture before engagement, requires a data-processing agreement or equivalent contractual commitments where appropriate, and re-evaluates each Sub-processor on a recurring basis. Sub-processor change-notice obligations to customers are addressed in BrikMate's Terms and Conditions and applicable customer agreements.
BrikMate retains personal information for as long as necessary to provide the Website and the Platform, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary based on the type of information and the purpose for which it was collected.
With respect to Customer Data: on termination or expiration of a customer's agreement, the customer may export Customer Data through the Platform's standard export mechanisms during the thirty (30) day period following the effective date of termination. After that period, BrikMate purges Customer Data from BrikMate's systems, subject to standard backup decay schedules and BrikMate's right to retain aggregated, de-identified information that does not identify the customer or any individual.
Depending on where you live and the nature of your relationship with BrikMate, you may have rights with respect to personal information that BrikMate holds about you, including the right to know what personal information is collected and how it is used; the right to access or obtain a copy of your personal information; the right to request correction of inaccurate personal information; the right to request deletion of personal information; and the right to opt out of certain disclosures.
California residents. If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), provides specific rights, including the rights described above, the right to limit the use of sensitive personal information, and the right not to receive discriminatory treatment for exercising your rights. BrikMate does not sell personal information and does not share personal information for cross-context behavioral advertising.
Other U.S. state privacy laws. If you are a resident of another U.S. state with a comprehensive consumer privacy law, you may have similar rights. We will honor those rights in accordance with applicable law.
If your personal information is contained in Customer Data that BrikMate processes on behalf of a customer, please direct your privacy-rights request to that customer. The customer is the business or controller of that information, and BrikMate will assist the customer in responding to your request as required by our agreement with the customer and applicable law.
To exercise rights with respect to information for which BrikMate is the business or controller, contact us using the information in Section 14. We may need to verify your identity before responding, consistent with applicable law. You may designate an authorized agent to make a request on your behalf, subject to verification.
BrikMate is a business-to-business service. The Website and the Platform are not directed to children under the age of 13, and BrikMate does not knowingly collect personal information from children under 13. If you believe we have collected personal information from a child under 13, please contact us using the information in Section 14, and we will take steps to delete the information.
BrikMate is based in the United States. If you access the Website or the Platform from outside the United States, your information will be transferred to and processed in the United States. Customers operating in jurisdictions subject to the General Data Protection Regulation, the UK GDPR, or other non-U.S. data-protection laws should contact us to discuss a data-processing addendum prior to using the Platform.
BrikMate may update this Policy from time to time. If we make material changes, we will notify you by posting an updated version of this Policy with a revised "Last Updated" date and, where appropriate, by other means such as email or notice through the Platform. Your continued use of the Website or the Platform after the effective date of an updated Policy constitutes acceptance of the updated Policy.
If you have questions about this Policy or our privacy practices, please contact us at:
Email: privacy@brikmate.com
