Privacy Policy

Effective Date: January 1, 2025

Brfcase ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our research support services.

1. Information We Collect

1.1 Information You Provide

  • Contact Information: Name, email, phone, institution
  • Project Information: Research topics, requirements, deadlines
  • Clinical Information: De-identified case details (Clinical Intelligence)
  • Legal Information: Incident details, timelines (Medicolegal)
  • Payment Information: Billing details, transaction records

1.2 Information Collected Automatically

  • IP address and approximate location
  • Browser type and version
  • Pages visited and time spent
  • Referring website

1.3 Sensitive Information

For Clinical Intelligence and Medicolegal services, we strongly recommend de-identifying patient information before sharing, removing personal identifiers (names, dates of birth), and using case reference numbers instead of names.

2. How We Use Your Information

  • Completing your requested research projects
  • Communicating about project status and deliverables
  • Providing customer support
  • Processing payments
  • Improving our research methodologies

3. How We Protect Your Information

3.1 Technical Safeguards

  • Encrypted data transmission (HTTPS/TLS)
  • Secure file storage with access controls
  • Regular security assessments
  • Two-factor authentication for team access

3.2 Clinical and Medicolegal Data

Case-related information receives additional protections:

  • Isolated storage separate from general project data
  • Restricted access to assigned team members only
  • Secure deletion upon project completion

4. Information Sharing

We do not sell your data.

We may share information with:

  • Service providers: Payment processors, cloud hosting (bound by data protection agreements)
  • Professional advisors: Legal, accounting (as necessary)
  • Legal requirements: If required by law, court order, or government authority

5. Data Retention

  • Active projects: Retained during project lifecycle
  • Completed projects: 12 months after completion
  • Clinical/Medicolegal: Securely deleted 30 days after completion unless retention requested
  • Payment records: 7 years (legal/tax requirements)

6. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing activities

To exercise these rights, contact privacy@brfcase.com.

7. Cookies and Tracking

We use essential cookies for website functionality. We may use privacy-respecting analytics to understand website usage. We do not use third-party advertising trackers or sell data to advertisers.

8. Jurisdiction-Specific Notices

South Africa (POPIA)

We comply with the Protection of Personal Information Act. Our Information Officer can be reached at privacy@brfcase.com.

European Union (GDPR)

For EU residents, we process data under legitimate interests and contract performance. You have additional rights under GDPR.

United States (CCPA)

California residents have additional rights under CCPA, including the right to know what personal information we collect. Note: we do not sell personal information.

9. Contact Us

For privacy questions or to exercise your rights:

By using Brfcase services, you acknowledge that you have read and understood this Privacy Policy.