Legal

Privacy policy

Who we are

Brooks Prequel (“Brooks”) operates the Brooks marketplace at https://brooksweb.uk. Legal identifier: 405713777. Contact: info@brooksweb.uk.

Information we collect

Account information: email address, display name, and authentication identifier provided by Auth0 when you sign in. Profile information: any avatar, bio, region, interests, and location coordinates you choose to add. Purchase information: items purchased, price paid, transaction identifier from Bank of Georgia iPay. Content you create: guides, days, blocks, places, photos, and reviews. Trip data: scheduled times, visited markers, and skip flags you set on purchased trips. Technical information: server logs that record your IP address, request path, and timestamp for security and reliability.

How we use information

To provide the service: authenticating you, showing your purchased guides, syncing your trip data, and delivering purchases. To process payments through Bank of Georgia iPay. To prevent fraud and abuse. To respond to support requests. To improve the product based on aggregate usage patterns.

Service providers we use

Auth0 (Okta) handles authentication and stores your account credentials. Bank of Georgia iPay processes card payments. Google Cloud Platform hosts the application, database, and media files. Mapbox renders interactive maps when you view location-based features. Google Calendar (optional) receives trip events when you connect your calendar. These providers receive only the information necessary to perform their function and are bound by their own privacy policies.

Google user data — limited use disclosure

Brooks’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: when you connect Google Calendar, we request only the calendar and email scopes needed to create a dedicated “Brooks Trips” calendar in your account and write the events for trips you have purchased. We never sell or share Google user data with third parties for advertising, do not transfer it for unrelated purposes, do not allow humans to read it except for support cases you initiate, and store the refresh token encrypted at rest. You can disconnect Google Calendar at any time from the Add-to-Calendar dialog, which deletes the stored refresh token from our database.

Cookies and similar technologies

We use first-party cookies that are strictly necessary to keep you signed in and to remember short-lived state during the OAuth and payment flows. We do not use third-party advertising cookies.

Your rights

You can request access to, correction of, or deletion of your account data by writing to info@brooksweb.uk. We will respond within within 1 business day. You can disconnect optional integrations (such as Google Calendar) from inside the app at any time. Deleting your account removes your profile, purchases, and uploaded content from our active database; backup copies may persist for up to 30 days before being purged.

Data retention

We retain account and purchase information for as long as your account is active or as required to comply with tax and accounting law. Server logs are retained for up to 90 days. Encrypted OAuth refresh tokens are deleted immediately upon disconnect or account deletion.

Security

Data in transit is encrypted with TLS. Sensitive credentials such as third-party API keys and OAuth refresh tokens are encrypted at rest with AES before storage. Access to production systems is restricted to authorised personnel. No system is perfectly secure; please contact us at info@brooksweb.uk if you believe your data has been compromised.

Children

Brooks is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable threshold). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact info@brooksweb.uk and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the email address associated with your account. Continued use of the service after the update constitutes acceptance of the revised policy.

Contact

Questions about this policy: info@brooksweb.uk. Standard response time is within 1 business day during Monday-Friday, 10:00-18:00 Asia/Tbilisi time.