Data Protection & Privacy Policy

Effective date: 01-02-2025

Company: Break Front LLC (“Break Front”, “we”, “us”)

Contact: info@breakfrontservices.com • Break Front LLC - C/O MS 331 - 325 N Saint Paul St., Suite 3100, Dallas, TX. 75201

We provide consulting and SaaS onboarding for business customers. We do not receive, hold, or transfer client funds and do not process payments for third parties.

1) Scope & roles

This Policy explains how we collect, use, disclose, transfer, and safeguard personal data when you visit our website, buy a plan, or use our services.

• For our own website, sales and support, we act as Data Controller.

• When we process client-provided data inside our SaaS/onboarding workflows, we act as Processor under a Data Processing Addendum (DPA) upon request.

2) What we collect

A. Data you provide

• Business contact & account: name, company, role, email, phone, country, billing address.

• Plan & billing: plan purchased, invoices, tax info. Card data is handled by our payment processor; we do not store full card numbers.

• KYC/KYB documentation (where applicable): IDs, proof of address, company documents, UBO details—only when needed for banking-ready packs or compliance onboarding.

• Communications: messages, forms, support tickets, recordings (if we notify you).

B. Data collected automatically

• Device, browser, IP, timezone, referrer, pages viewed, session metadata, and cookie identifiers.

C. Data from third parties

• Identity/KYC vendors, sanctions/PEP screening sources, payment processors, and service providers (e.g., hosting, analytics), strictly to fulfill services or compliance.

We do not intentionally collect data from children; see §11.

3) Why we use data (purposes & legal bases)

Contract (GDPR Art. 6(1)(b))

• Create/manage accounts, deliver plans (SaaS, onboarding, audits), provide support, issue invoices.

Legitimate interests (Art. 6(1)(f))

• Secure our services, prevent abuse/fraud, improve UX, measure performance, B2B marketing to existing/prospective clients (you can opt out at any time).

Legal obligation (Art. 6(1)(c))

• KYC/KYB record-keeping where applicable; sanctions screening; tax and accounting.

Consent (Art. 6(1)(a))

• Non-essential cookies/analytics in EEA/UK; certain marketing communications. You may withdraw consent at any time.

We do not use sensitive data for profiling; we process due-diligence data only where lawful and necessary.

4) Payments

Payments are processed by a third-party payment processor (e.g., Stripe, PayPal). We receive tokens/confirmation—not full card details. The processor acts as its own controller for fraud prevention and compliance.

5) Sharing & disclosures

We share personal data only with:

• Processors performing services under contract (hosting, email, support, analytics, identity/KYC, document storage, payment processing).

• Professional partners (e.g., licensed counsel) when you request services requiring them.

• Authorities when legally required, to protect rights, or to prevent fraud/abuse.
  We do not sell personal information and do not share it for cross-context behavioral advertising (as defined by CPRA).

6) International transfers

If we transfer personal data outside your region (e.g., EEA→US), we use lawful safeguards such as Standard Contractual Clauses (SCCs) and additional measures. If we join an approved transfer framework, we will state it here: [e.g., EU-US Data Privacy Framework status, if applicable].

7) Retention

We keep data only as long as needed for the purposes above:

• Account, plan and billing records: up to 7 years after the relationship ends (tax/compliance).

• KYC/KYB files: 5–7 years or as required by applicable law/contract.

• Support and marketing records: 24–36 months, unless you opt out or request deletion.
  We then delete or irreversibly anonymize.

8) Security

We apply technical and organizational measures including encryption in transit, access controls (least privilege), logging, vendor due diligence, and regular backups. No method is 100% secure; report issues to complains@breakfront-services.com.

9) Your rights

EEA/UK (GDPR): access, rectification, erasure, restriction, portability, and objection (including to direct marketing). Where processing relies on consent, you may withdraw it anytime.

California (CPRA): right to know/access, delete, correct, opt out of “sale”/“sharing” (we do neither), limit use of sensitive personal information (we don’t use it for inferring characteristics), and non-discrimination.

To exercise rights: email dpo@breakfront-services.com. We may verify your identity and respond within statutory timelines. You may lodge a complaint with your local authority (e.g., ICO/EEA DPA).

10) Cookies & tracking

We use:

• Essential cookies (strictly necessary for the site).

• Analytics/Performance (only with consent in EEA/UK).

• Functional (to remember preferences).

Manage preferences via our Cookie Banner/Settings and your browser controls. We currently do not respond to “Do Not Track” signals.

11) Children

Our services target business users. We do not knowingly collect data from children under 16 (or the age required by your jurisdiction). If you believe a child provided data, contact us for deletion.

12) Third-party sites & services

Our site may link to third-party websites/services with their own privacy terms. We are not responsible for their practices.

13) Processor list & DPA

A current list of core processors (hosting, email, analytics, identity/KYC, payments) and our Data Processing Addendum are available on request at dpo@breakfront-services.com.

14) Changes to this Policy

We may update this Policy to reflect legal, technical, or business changes. The “Effective date” shows the latest version. Material changes will be notified through the site or email.

15) Who to contact

• Privacy inquiries/rights: dpo@breakfront-services.com

• EU/UK representative (if applicable): dpo@breakfront-services.com

• Data Protection Officer (if appointed): dpo@breakfront-services.com

Short notice for plan pages 

“We use your business contact and plan data to deliver services and support; card data is handled by our payment processor. Manage cookies in settings; see our Privacy Policy for details.”