Privacy Policy

How Braille Link collects, uses, shares, retains, and protects information across the platform, Reader, and browser extension.

Effective: June 12, 2026 | Version 2026.2
Braille Link does not sell personal data. We do not use third-party advertising trackers, and we do not use Braille content, learner submissions, workspace messages, uploaded files, or uploaded images to train models unless we separately disclose that use and obtain the required consent or contractual authorisation.

Table of Contents

  1. Scope and Roles
  2. Short Notice at Collection
  3. Information We Collect
  4. Sources of Information
  5. How We Use Information
  6. Legal Bases
  7. Sensitive, Accessibility, and Biometric-Adjacent Data
  8. Children, Learners, and Student Records
  9. Sharing and Disclosure
  10. International Transfers
  11. Retention, Deletion, and Backups
  12. Security Measures
  13. Cookies, Browser Storage, Service Worker, and Device Storage
  14. Automated Processing and AI-Adjacent Features
  15. Your Privacy Rights
  16. Regional Privacy Notices
  17. Security Incident and Breach Notices
  18. Contact and Complaints
  19. Changes to This Policy

1. Scope and Roles

This Privacy Policy applies to the Braille Link websites, application screens, workspace tools, Braille translation APIs, document transcription tools, Document Reader, vision/image tools, browser extensions, account settings, institution dashboards, learner submissions, billing flows, support communications, and related operations (the "Service").

Avora Technologies Limited, trading as Braille Link, is the controller for personal accounts, platform operations, billing, support, security, root/super-admin control-plane activity, service improvement, and legal compliance. For institution-managed users, learner submissions, school records, programme records, tenant records, and staff/learner administration, the relevant institution or programme may be the primary controller or responsible party, and Braille Link may act as a processor or service provider for that institution.

Avora Technologies Limited owns and operates Braille Link. This Privacy Policy explains how Avora Technologies Limited collects, uses, stores, protects, and shares personal information when you use Braille Link and related services.

If you use Braille Link through an institution, programme, school, employer, sponsor, ministry, or other organisation, that organisation may control your account access, role, submissions, exports, retention, and administrative records. You should also review that organisation's privacy notices.

2. Short Notice at Collection

We collect the categories of information below to provide the Service, protect accounts, operate institutions and tenants, process translations and submissions, manage billing, communicate with users, comply with law, and improve reliability and accessibility.

Category Examples Main Purposes
Identifiers Name, email, username, phone, user ID, tenant ID, registration number, access identifier. Accounts, invitations, authentication, role assignment, support, billing, notices.
Education and learner records Learner submissions, table selected, Braille content, translated text, timestamps, institution membership. Instructional review, institution administration, accessibility support, records, exports.
Content and files Workspace text, messages, uploaded images, camera captures, uploaded documents, file names, extracted text, generated audio records, exports. Translation, document transcription, Document Reader narration, vision processing, saving sessions, downloads.
Security and device data IP address, user agent, session token hashes, device fingerprint hash, passkey public-key metadata, MFA status. Authentication, fraud prevention, audit logs, incident response, tenant risk controls.
Billing and commercial data Plan, subscription status, trial status, payment references, Pesapal callback/webhook metadata, receipts. Plan access, payment verification, accounting, support, disputes, tax/legal obligations.
Preferences and usage Accessibility mode, TTS preferences, extension settings, action-notification settings, selected table, pages used, diagnostics. Personalisation, accessibility, reliability, troubleshooting, product improvement.

3. Information We Collect

3.1 Account, Profile, and Contact Data

We may collect email address, password hash, authentication provider, provider reference, display name, username, registration number, phone number, profile text, avatar image data, access identifier, role, programme ID, tenant ID, admin permissions, account status, onboarding status, email verification state, terms acceptance version and timestamp, created/updated timestamps, and related account metadata.

3.2 Authentication, Session, MFA, and Passkey Data

We may collect failed login counts, lockout times, last login time, last login IP address, user agent, token version, session token hashes, session expiry, heartbeat, revocation status, device fingerprint hashes, device labels, blocked-device status, MFA enrollment status, TOTP secrets, backup-code hashes, security question prompts and answer hashes, passkey credential IDs, public-key credential data, signature counters, authenticator labels, and last-used timestamps.

Passkeys use public-key cryptography. We do not receive your fingerprint, face scan, device PIN, or operating system biometric template from your passkey provider.

3.3 Workspace, Translation, and Export Data

We may process Braille Unicode input, text input, selected direction, selected Braille table, translated output, Perkins speech-preview context, generated speech preview text, workspace labels, workspace modes, saved-session content, autosave content, image file names, message history, export format, generated file metadata, timestamps, and request diagnostics.

3.4 Uploaded Documents, Images, and Vision Data

Where document or vision features are enabled, we may process uploaded PDF, DOCX, TXT, BRF, or image files; camera captures selected by the user; file names; file type; extracted text; detected Braille dots; dot confidence values; image width and height; quality warnings; low-confidence cell information; and generated Braille/text output. Vision processing may log operational metadata such as upload size, content type, processing duration, confidence warnings, and selected variant.

Where Document Reader features are enabled, we may also process document titles, original file names, extracted text, document sections, generated audio segment metadata, audio file paths or URLs, segment previews, generation status, selected narration voice, duration estimates, playback position, listening progress, bookmarks where enabled, and related error or diagnostic information needed to generate and resume narration.

3.5 Browser Extension Data

If you install or use the Braille Link Keyboard browser extension, the extension may store local browser data such as the backend API URL, connection status, account summary, entitlement state, selected settings, speech-feedback preferences, and authentication token needed to verify access. The extension is designed to send account and entitlement requests to Braille Link, not the text you type on external websites, raw key chords, passwords, or page content from third-party sites.

The extension may use browser permissions to run keyboard, speech-feedback, and navigation features on external websites. On tusomebraille.com and its subdomains, Braille Link's native web app remains responsible for Braille input and text-to-speech behavior.

Extension permissions are used for limited product functions: storage keeps extension settings, connection state, entitlement status, and accessibility preferences; tab access helps the popup connect to the active Braille Link session and notify open tabs when extension state changes; alarms support periodic entitlement refresh; Braille Link host permissions allow account and entitlement requests to our servers; and content scripts on external pages enable local keyboard, speech-feedback, and navigation behavior in supported text fields.

3.6 Institution, Tenant, Programme, and Learner Data

Institution and tenant records may include tenant code, tenant name, location, notes, owner user ID, manager IDs, seat limits, device/IP policies, session inactivity settings, risk level, risk score, billing enforcement, programme membership, attach requests, approvals, invitation records, invited emails, member roles, workspace access, Braille access, co-admin status, learner registration numbers, learner submissions, and related timestamps.

3.7 Billing and Payment Data

We may collect plan selection, subscription plan, subscription status, trial status, trial start and expiry, grace period, billing customer reference, billing subscription reference, payment gateway status, checkout references, payment callback data, webhook metadata, cancellation requests, receipts, amounts, currencies, and payment-dispute records. Payment gateways may collect payment instrument details directly.

3.8 Admin, Audit, Security, and Operational Logs

We may record actor, target, action, category, severity, status, request ID, IP address, user agent, tenant, role, timestamps, details of admin actions, user recovery exports/restores, privileged-user changes, root and super-admin approvals, emergency controls, feature flags, pricing policies, notification templates, retention policies, rate-limit policies, security events, and error diagnostics.

3.9 Communications and Support

We may collect support emails, security reports, legal notices, feedback, accessibility reports, signup notifications, password reset events, verification email events, billing notices, tenant attach request emails, and other transactional communications.

4. Sources of Information

We collect information from:

5. How We Use Information

We use information to:

7. Sensitive, Accessibility, and Biometric-Adjacent Data

Braille Link is an accessibility platform, so use of the Service may reveal or imply disability, accessibility needs, education status, age group, learning support needs, or institution affiliation. Uploaded documents, images, support requests, and learner submissions may contain additional sensitive information if users or institutions include it.

We ask users and institutions to minimise sensitive data and upload only what is necessary. Do not upload full medical files, identity documents, financial credentials, or highly confidential records unless a separate written agreement and appropriate safeguards are in place.

Passkey metadata is not a biometric template. Your device may use fingerprint, face, PIN, or other local unlock methods, but Braille Link receives passkey public-key credential data, not your biometric sample.

8. Children, Learners, and Student Records

The Service may be used by educational institutions and programmes that support minors, learners with disabilities, and students. The Service is not intended for unsupervised direct use by children.

Institutions must provide appropriate notices and obtain required parent, guardian, learner, student, staff, regulator, sponsor, ministry, or school approvals before creating accounts, inviting learners, submitting learner content, or uploading education records. Institutions must comply with child privacy, education record, accessibility, disability, public-sector, and procurement laws that apply to them.

If United States laws apply to an institution, the institution may have duties under FERPA, PPRA, COPPA, and state student privacy laws. If COPPA applies directly to us for a particular deployment, we will comply with our own operator duties and will not use these terms to shift non-transferable COPPA obligations to a school.

If we learn that child or learner data was collected without required authorisation, we will work with the relevant institution to delete, restrict, return, or otherwise handle the data as required by law and contract.

9. Sharing and Disclosure

We do not sell personal data or share it for cross-context behavioural advertising. We disclose information only as described below.

Recipient Data Shared Purpose
Authorised institution, tenant, and programme administrators Account, role, tenant, workspace access, learner submission, security, usage, and billing status data. Institution administration, learner review, support, access management, compliance.
Hosting, database, storage, deployment, and infrastructure providers Service data stored or processed by the platform. Hosting, backups, availability, deployment, infrastructure security.
Payment gateways and payment processors Checkout references, payment status, callback/webhook metadata, subscription references. Payment processing, verification, receipts, dispute handling, accounting.
Email and notification providers Email address, message content, templates, transactional metadata. Verification, password reset, invitations, billing notices, tenant attach notices, support.
Document, vision, logging, security, or diagnostic components Files, images, extracted text, detected dots, request metadata, logs, error details as needed. Requested feature delivery, troubleshooting, security monitoring, performance improvement.
Lawful recipients Relevant account, billing, content, security, or audit records. Legal compliance, court orders, regulator requests, fraud prevention, safety, enforcement.
Business successors Relevant service records subject to safeguards. Merger, acquisition, financing, reorganisation, asset sale, or continuity planning.

Service providers are expected to process personal data only for authorised purposes and subject to confidentiality, security, and data-protection obligations appropriate to their role.

10. International Transfers

Braille Link is operated from Uganda. We may use hosting, email, payment, logging, security, deployment, and infrastructure providers that process data in Uganda, the United States, the European Economic Area, or other countries where those providers operate.

Where personal data is transferred outside Uganda or another protected jurisdiction, we use available lawful transfer mechanisms and safeguards, such as contractual protections, provider security terms, data processing agreements, consent where required, adequate-protection assessments, or other mechanisms allowed by applicable law.

11. Retention, Deletion, and Backups

We retain personal data only as long as reasonably needed for the purposes described in this Policy, unless a longer period is required or permitted for legal, tax, accounting, billing, institutional, security, audit, backup, dispute, or fraud-prevention reasons. Actual retention may depend on account type, tenant settings, institution instructions, root retention policies, feature use, and applicable law.

Record Type Typical Retention Approach
Account and profile data Retained while the account exists, then deleted, anonymised, or restricted unless needed for valid retention reasons.
Workspace autosave and saved sessions Retained until deleted by the user, account deletion, retention policy, or support/admin action where lawful.
Learner submissions Retained for institutional review and record keeping unless the institution, user right, retention policy, or law requires deletion or restriction.
Uploaded documents and images Processed to provide requested features; may be held in request memory, local or object storage, generated audio storage, logs, backups, saved sessions, or Reader records depending on feature and configuration.
Authentication sessions, device records, MFA, passkeys, and recovery records Retained while active and for a security period after expiry, revocation, deletion, or investigation.
Audit logs and security events Retained for security, fraud prevention, compliance, accountability, incident response, and dispute resolution.
Billing, payment, tax, and accounting records Retained for payment verification, accounting, tax, chargeback, gateway, audit, and legal periods.
Support, legal, and complaint records Retained while needed to respond, maintain support history, establish rights, comply with law, or resolve disputes.

Deletion requests may not immediately remove data from encrypted backups or logs. Backup copies are isolated from active use and are overwritten according to backup cycles unless legal, security, or disaster-recovery needs require otherwise. Tenant owners may need to transfer ownership before deletion can be completed.

12. Security Measures

We use technical and organisational safeguards designed to protect personal data, including:

No security measure is perfect. You should use strong credentials, enable available security features, protect your devices, limit privileged roles, review audit logs where available, and log out on shared devices.

13. Cookies, Browser Storage, Service Worker, and Device Storage

We use a minimal tracking approach and do not use third-party advertising pixels. The frontend uses browser storage, including localStorage, sessionStorage, IndexedDB or equivalent browser storage where supported, and service-worker caching to keep the app functional and remember preferences.

Browser storage may include authentication session state, profile cache, selected workspace mode, selected Braille table, TTS settings, action notification settings, sound preferences, accessibility mode, theme, return paths, passkey prompts, autosave drafts, saved session lists, and local diagnostics. Service-worker caching may store app shell files, scripts, styles, icons, and related assets; it is not intended as secure storage for sensitive personal data.

The browser extension may use extension-managed storage for connection settings, authentication state, entitlement status, and accessibility preferences. Clearing extension storage or removing the extension may disconnect it from your Braille Link account and reset extension preferences.

Clearing browser storage may sign you out, reset settings, remove local drafts, or disable offline-ready app assets until they are reloaded. Shared-device users should log out and clear browser storage after use.

14. Automated Processing and AI-Adjacent Features

Braille Link uses automated processing to translate Braille, extract text from documents, detect Braille dots in images, generate audio narration from extracted text, split uploaded documents into playable sections, calculate low-confidence or quality warnings, apply rate limits, evaluate tenant risk signals, show security events, and route access by role or entitlement.

These features are not intended to make legally significant decisions about a learner, employee, applicant, or customer without human review. Institutions and administrators must review outputs and context before making decisions that affect education, access, discipline, grading, benefits, accommodations, payments, or legal rights.

We do not use user content or learner submissions for third-party advertising. We do not train machine learning models on your Braille content, learner submissions, workspace messages, uploaded documents, or uploaded images unless we separately disclose the use and obtain any required consent or contractual approval.

15. Your Privacy Rights

Depending on your jurisdiction and account context, you may have rights to:

Use self-service export tools where available, or contact support@tusomebraille.com. We may need to verify your identity, confirm your authority, or route institution-controlled learner records to the relevant institution. We will respond within the period required by applicable law, or within a reasonable period where no specific period applies.

16. Regional Privacy Notices

16.1 Uganda

Where Uganda's Data Protection and Privacy Act and Regulations apply, we process personal data according to applicable data-protection principles, data-subject rights, registration duties where applicable, security duties, retention expectations, and cross-border transfer requirements. Complaints may be raised with Uganda's Personal Data Protection Office where applicable.

16.2 European Economic Area and United Kingdom

Where GDPR-style laws apply, this Policy provides information about controllers and processors, categories of personal data, purposes, legal bases, recipients, transfers, retention, rights, and complaint routes. If a data processing agreement, standard contractual clauses, EU/UK representative, or other transfer mechanism is legally required for a deployment, the relevant customer must contact us before production use at scale.

16.3 California and U.S. State Privacy Laws

Where California or similar U.S. state privacy laws apply, this Policy serves as a notice of the categories of personal information we collect and the purposes for collection. We do not sell personal information or share it for cross-context behavioural advertising. We do not knowingly sell or share personal information of minors. Applicable users may have rights to know, access, delete, correct, limit certain sensitive-data uses, and be free from unlawful discrimination for exercising privacy rights.

16.4 U.S. Education Deployments

Where FERPA, PPRA, COPPA, or state student privacy laws apply, the school or educational institution is generally responsible for its direct relationship with parents, eligible students, learners, and staff. We will support lawful institutional instructions, appropriate data processing terms, and our own operator or service-provider obligations where applicable.

17. Security Incident and Breach Notices

If we become aware of a security incident involving personal data, we will investigate, take reasonable steps to contain and remediate the issue, and notify affected users, institutions, regulators, or other parties where required by law or contract. Notice timing, content, and recipients may depend on the facts, legal requirements, security needs, law-enforcement restrictions, and whether an institution controls the affected records.

18. Contact and Complaints

The owner and platform operator responsible for this Policy is:

Please contact us first so we can investigate and respond. If you are not satisfied, you may contact the relevant data protection authority, including Uganda's Personal Data Protection Office where applicable. If your data is controlled by an institution, you may also need to contact that institution.

19. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, system behavior, providers, security practices, institutional workflows, billing, or product features. We will post the updated Policy with a new effective date and version. For material changes, we will use reasonable efforts to notify affected users by email, in-product notice, or another appropriate method where practical.

Your continued use of the Service after an updated Policy takes effect means you acknowledge the updated Policy where permitted by law.