Table of Contents
- Scope and Roles
- Short Notice at Collection
- Information We Collect
- Sources of Information
- How We Use Information
- Legal Bases
- Sensitive, Accessibility, and Biometric-Adjacent Data
- Children, Learners, and Student Records
- Sharing and Disclosure
- International Transfers
- Retention, Deletion, and Backups
- Security Measures
- Cookies, Browser Storage, Service Worker, and Device Storage
- Automated Processing and AI-Adjacent Features
- Your Privacy Rights
- Regional Privacy Notices
- Security Incident and Breach Notices
- Contact and Complaints
- Changes to This Policy
1. Scope and Roles
This Privacy Policy applies to the Braille Link websites, application screens, workspace tools, Braille translation APIs, document transcription tools, Document Reader, vision/image tools, browser extensions, account settings, institution dashboards, learner submissions, billing flows, support communications, and related operations (the "Service").
Avora Technologies Limited, trading as Braille Link, is the controller for personal accounts, platform operations, billing, support, security, root/super-admin control-plane activity, service improvement, and legal compliance. For institution-managed users, learner submissions, school records, programme records, tenant records, and staff/learner administration, the relevant institution or programme may be the primary controller or responsible party, and Braille Link may act as a processor or service provider for that institution.
Avora Technologies Limited owns and operates Braille Link. This Privacy Policy explains how Avora Technologies Limited collects, uses, stores, protects, and shares personal information when you use Braille Link and related services.
If you use Braille Link through an institution, programme, school, employer, sponsor, ministry, or other organisation, that organisation may control your account access, role, submissions, exports, retention, and administrative records. You should also review that organisation's privacy notices.
2. Short Notice at Collection
We collect the categories of information below to provide the Service, protect accounts, operate institutions and tenants, process translations and submissions, manage billing, communicate with users, comply with law, and improve reliability and accessibility.
| Category | Examples | Main Purposes |
|---|---|---|
| Identifiers | Name, email, username, phone, user ID, tenant ID, registration number, access identifier. | Accounts, invitations, authentication, role assignment, support, billing, notices. |
| Education and learner records | Learner submissions, table selected, Braille content, translated text, timestamps, institution membership. | Instructional review, institution administration, accessibility support, records, exports. |
| Content and files | Workspace text, messages, uploaded images, camera captures, uploaded documents, file names, extracted text, generated audio records, exports. | Translation, document transcription, Document Reader narration, vision processing, saving sessions, downloads. |
| Security and device data | IP address, user agent, session token hashes, device fingerprint hash, passkey public-key metadata, MFA status. | Authentication, fraud prevention, audit logs, incident response, tenant risk controls. |
| Billing and commercial data | Plan, subscription status, trial status, payment references, Pesapal callback/webhook metadata, receipts. | Plan access, payment verification, accounting, support, disputes, tax/legal obligations. |
| Preferences and usage | Accessibility mode, TTS preferences, extension settings, action-notification settings, selected table, pages used, diagnostics. | Personalisation, accessibility, reliability, troubleshooting, product improvement. |
3. Information We Collect
3.1 Account, Profile, and Contact Data
We may collect email address, password hash, authentication provider, provider reference, display name, username, registration number, phone number, profile text, avatar image data, access identifier, role, programme ID, tenant ID, admin permissions, account status, onboarding status, email verification state, terms acceptance version and timestamp, created/updated timestamps, and related account metadata.
3.2 Authentication, Session, MFA, and Passkey Data
We may collect failed login counts, lockout times, last login time, last login IP address, user agent, token version, session token hashes, session expiry, heartbeat, revocation status, device fingerprint hashes, device labels, blocked-device status, MFA enrollment status, TOTP secrets, backup-code hashes, security question prompts and answer hashes, passkey credential IDs, public-key credential data, signature counters, authenticator labels, and last-used timestamps.
Passkeys use public-key cryptography. We do not receive your fingerprint, face scan, device PIN, or operating system biometric template from your passkey provider.
3.3 Workspace, Translation, and Export Data
We may process Braille Unicode input, text input, selected direction, selected Braille table, translated output, Perkins speech-preview context, generated speech preview text, workspace labels, workspace modes, saved-session content, autosave content, image file names, message history, export format, generated file metadata, timestamps, and request diagnostics.
3.4 Uploaded Documents, Images, and Vision Data
Where document or vision features are enabled, we may process uploaded PDF, DOCX, TXT, BRF, or image files; camera captures selected by the user; file names; file type; extracted text; detected Braille dots; dot confidence values; image width and height; quality warnings; low-confidence cell information; and generated Braille/text output. Vision processing may log operational metadata such as upload size, content type, processing duration, confidence warnings, and selected variant.
Where Document Reader features are enabled, we may also process document titles, original file names, extracted text, document sections, generated audio segment metadata, audio file paths or URLs, segment previews, generation status, selected narration voice, duration estimates, playback position, listening progress, bookmarks where enabled, and related error or diagnostic information needed to generate and resume narration.
3.5 Browser Extension Data
If you install or use the Braille Link Keyboard browser extension, the extension may store local browser data such as the backend API URL, connection status, account summary, entitlement state, selected settings, speech-feedback preferences, and authentication token needed to verify access. The extension is designed to send account and entitlement requests to Braille Link, not the text you type on external websites, raw key chords, passwords, or page content from third-party sites.
The extension may use browser permissions to run keyboard, speech-feedback, and navigation features on external websites. On tusomebraille.com and its subdomains, Braille Link's native web app remains responsible for Braille input and text-to-speech behavior.
Extension permissions are used for limited product functions: storage keeps extension settings, connection state, entitlement status, and accessibility preferences; tab access helps the popup connect to the active Braille Link session and notify open tabs when extension state changes; alarms support periodic entitlement refresh; Braille Link host permissions allow account and entitlement requests to our servers; and content scripts on external pages enable local keyboard, speech-feedback, and navigation behavior in supported text fields.
3.6 Institution, Tenant, Programme, and Learner Data
Institution and tenant records may include tenant code, tenant name, location, notes, owner user ID, manager IDs, seat limits, device/IP policies, session inactivity settings, risk level, risk score, billing enforcement, programme membership, attach requests, approvals, invitation records, invited emails, member roles, workspace access, Braille access, co-admin status, learner registration numbers, learner submissions, and related timestamps.
3.7 Billing and Payment Data
We may collect plan selection, subscription plan, subscription status, trial status, trial start and expiry, grace period, billing customer reference, billing subscription reference, payment gateway status, checkout references, payment callback data, webhook metadata, cancellation requests, receipts, amounts, currencies, and payment-dispute records. Payment gateways may collect payment instrument details directly.
3.8 Admin, Audit, Security, and Operational Logs
We may record actor, target, action, category, severity, status, request ID, IP address, user agent, tenant, role, timestamps, details of admin actions, user recovery exports/restores, privileged-user changes, root and super-admin approvals, emergency controls, feature flags, pricing policies, notification templates, retention policies, rate-limit policies, security events, and error diagnostics.
3.9 Communications and Support
We may collect support emails, security reports, legal notices, feedback, accessibility reports, signup notifications, password reset events, verification email events, billing notices, tenant attach request emails, and other transactional communications.
4. Sources of Information
We collect information from:
- You, when you create an account, update your profile, configure settings, submit content, upload files, or contact us.
- Institutions, tenant managers, programme administrators, root owners, super admins, and other authorised administrators.
- Your browser, device, network, passkey provider, browser extension, and browser storage when you use the Service.
- Payment gateways, email providers, hosting providers, and other service providers.
- System-generated logs, audit records, security events, and diagnostics created while operating the Service.
5. How We Use Information
We use information to:
- Create, authenticate, secure, recover, suspend, delete, and support user accounts.
- Provide Braille translation, text-to-Braille conversion, Perkins input support, browser-extension entitlement checks, speech preview, document transcription, Document Reader narration, vision processing, exports, and workspace sessions.
- Enable institution, tenant, programme, learner, invitation, submission, role, and permission workflows.
- Manage subscriptions, trials, grace periods, billing enforcement, payment gateway callbacks, receipts, cancellations, and disputes.
- Provide email verification, password reset, MFA, passkeys, security questions, session management, and device controls.
- Detect, prevent, investigate, and respond to abuse, fraud, malware, unauthorised access, credential compromise, excessive usage, and service attacks.
- Maintain audit logs, security events, root/super-admin approvals, data-retention controls, and operational accountability.
- Send service notices, security alerts, billing reminders, policy updates, verification emails, reset emails, and support responses.
- Debug errors, improve reliability, improve accessibility, test features, measure aggregate usage, and plan capacity.
- Comply with legal, tax, accounting, procurement, court, regulator, contract, and law-enforcement requirements.
6. Legal Bases
Where a legal basis is required, we rely on one or more of the following:
- Contract: To provide the Service, accounts, subscriptions, support, and requested features.
- Consent: For optional profile information, optional settings, optional uploads, certain communications, and learner participation where consent is required.
- Legitimate interests: To secure the Service, prevent abuse, maintain logs, improve reliability, protect users, and run our platform.
- Legal obligation: To comply with tax, accounting, payment, court, regulatory, data protection, security, and public-law duties.
- Public interest or institutional responsibility: Where a public body, school, donor programme, or institution uses the Service under a lawful public, educational, or accessibility mandate.
- Vital interests: In rare cases where processing is necessary to protect someone's life, health, or safety.
Institutions are responsible for identifying and documenting their lawful basis for institution-controlled learner, staff, guardian, programme, and student-record processing.
7. Sensitive, Accessibility, and Biometric-Adjacent Data
Braille Link is an accessibility platform, so use of the Service may reveal or imply disability, accessibility needs, education status, age group, learning support needs, or institution affiliation. Uploaded documents, images, support requests, and learner submissions may contain additional sensitive information if users or institutions include it.
We ask users and institutions to minimise sensitive data and upload only what is necessary. Do not upload full medical files, identity documents, financial credentials, or highly confidential records unless a separate written agreement and appropriate safeguards are in place.
Passkey metadata is not a biometric template. Your device may use fingerprint, face, PIN, or other local unlock methods, but Braille Link receives passkey public-key credential data, not your biometric sample.
8. Children, Learners, and Student Records
The Service may be used by educational institutions and programmes that support minors, learners with disabilities, and students. The Service is not intended for unsupervised direct use by children.
Institutions must provide appropriate notices and obtain required parent, guardian, learner, student, staff, regulator, sponsor, ministry, or school approvals before creating accounts, inviting learners, submitting learner content, or uploading education records. Institutions must comply with child privacy, education record, accessibility, disability, public-sector, and procurement laws that apply to them.
If United States laws apply to an institution, the institution may have duties under FERPA, PPRA, COPPA, and state student privacy laws. If COPPA applies directly to us for a particular deployment, we will comply with our own operator duties and will not use these terms to shift non-transferable COPPA obligations to a school.
If we learn that child or learner data was collected without required authorisation, we will work with the relevant institution to delete, restrict, return, or otherwise handle the data as required by law and contract.
9. Sharing and Disclosure
We do not sell personal data or share it for cross-context behavioural advertising. We disclose information only as described below.
| Recipient | Data Shared | Purpose |
|---|---|---|
| Authorised institution, tenant, and programme administrators | Account, role, tenant, workspace access, learner submission, security, usage, and billing status data. | Institution administration, learner review, support, access management, compliance. |
| Hosting, database, storage, deployment, and infrastructure providers | Service data stored or processed by the platform. | Hosting, backups, availability, deployment, infrastructure security. |
| Payment gateways and payment processors | Checkout references, payment status, callback/webhook metadata, subscription references. | Payment processing, verification, receipts, dispute handling, accounting. |
| Email and notification providers | Email address, message content, templates, transactional metadata. | Verification, password reset, invitations, billing notices, tenant attach notices, support. |
| Document, vision, logging, security, or diagnostic components | Files, images, extracted text, detected dots, request metadata, logs, error details as needed. | Requested feature delivery, troubleshooting, security monitoring, performance improvement. |
| Lawful recipients | Relevant account, billing, content, security, or audit records. | Legal compliance, court orders, regulator requests, fraud prevention, safety, enforcement. |
| Business successors | Relevant service records subject to safeguards. | Merger, acquisition, financing, reorganisation, asset sale, or continuity planning. |
Service providers are expected to process personal data only for authorised purposes and subject to confidentiality, security, and data-protection obligations appropriate to their role.
10. International Transfers
Braille Link is operated from Uganda. We may use hosting, email, payment, logging, security, deployment, and infrastructure providers that process data in Uganda, the United States, the European Economic Area, or other countries where those providers operate.
Where personal data is transferred outside Uganda or another protected jurisdiction, we use available lawful transfer mechanisms and safeguards, such as contractual protections, provider security terms, data processing agreements, consent where required, adequate-protection assessments, or other mechanisms allowed by applicable law.
11. Retention, Deletion, and Backups
We retain personal data only as long as reasonably needed for the purposes described in this Policy, unless a longer period is required or permitted for legal, tax, accounting, billing, institutional, security, audit, backup, dispute, or fraud-prevention reasons. Actual retention may depend on account type, tenant settings, institution instructions, root retention policies, feature use, and applicable law.
| Record Type | Typical Retention Approach |
|---|---|
| Account and profile data | Retained while the account exists, then deleted, anonymised, or restricted unless needed for valid retention reasons. |
| Workspace autosave and saved sessions | Retained until deleted by the user, account deletion, retention policy, or support/admin action where lawful. |
| Learner submissions | Retained for institutional review and record keeping unless the institution, user right, retention policy, or law requires deletion or restriction. |
| Uploaded documents and images | Processed to provide requested features; may be held in request memory, local or object storage, generated audio storage, logs, backups, saved sessions, or Reader records depending on feature and configuration. |
| Authentication sessions, device records, MFA, passkeys, and recovery records | Retained while active and for a security period after expiry, revocation, deletion, or investigation. |
| Audit logs and security events | Retained for security, fraud prevention, compliance, accountability, incident response, and dispute resolution. |
| Billing, payment, tax, and accounting records | Retained for payment verification, accounting, tax, chargeback, gateway, audit, and legal periods. |
| Support, legal, and complaint records | Retained while needed to respond, maintain support history, establish rights, comply with law, or resolve disputes. |
Deletion requests may not immediately remove data from encrypted backups or logs. Backup copies are isolated from active use and are overwritten according to backup cycles unless legal, security, or disaster-recovery needs require otherwise. Tenant owners may need to transfer ownership before deletion can be completed.
12. Security Measures
We use technical and organisational safeguards designed to protect personal data, including:
- HTTPS/TLS in production for data in transit.
- Cryptographic password hashing rather than plain-text password storage.
- Role-based access controls, tenant scoping, admin permissions, and least-privilege practices.
- Email verification, password reset controls, lockouts, session revocation, device controls, MFA, security questions, and passkeys.
- Audit logs for administrator and security-relevant activity.
- Rate limits, tenant risk signals, device/IP limits, emergency controls, and root/super-admin security challenges where configured.
- Provider controls for hosting, databases, backups, payments, and email delivery.
No security measure is perfect. You should use strong credentials, enable available security features, protect your devices, limit privileged roles, review audit logs where available, and log out on shared devices.
13. Cookies, Browser Storage, Service Worker, and Device Storage
We use a minimal tracking approach and do not use third-party advertising pixels. The frontend uses browser storage, including localStorage, sessionStorage, IndexedDB or equivalent browser storage where supported, and service-worker caching to keep the app functional and remember preferences.
Browser storage may include authentication session state, profile cache, selected workspace mode, selected Braille table, TTS settings, action notification settings, sound preferences, accessibility mode, theme, return paths, passkey prompts, autosave drafts, saved session lists, and local diagnostics. Service-worker caching may store app shell files, scripts, styles, icons, and related assets; it is not intended as secure storage for sensitive personal data.
The browser extension may use extension-managed storage for connection settings, authentication state, entitlement status, and accessibility preferences. Clearing extension storage or removing the extension may disconnect it from your Braille Link account and reset extension preferences.
Clearing browser storage may sign you out, reset settings, remove local drafts, or disable offline-ready app assets until they are reloaded. Shared-device users should log out and clear browser storage after use.
14. Automated Processing and AI-Adjacent Features
Braille Link uses automated processing to translate Braille, extract text from documents, detect Braille dots in images, generate audio narration from extracted text, split uploaded documents into playable sections, calculate low-confidence or quality warnings, apply rate limits, evaluate tenant risk signals, show security events, and route access by role or entitlement.
These features are not intended to make legally significant decisions about a learner, employee, applicant, or customer without human review. Institutions and administrators must review outputs and context before making decisions that affect education, access, discipline, grading, benefits, accommodations, payments, or legal rights.
We do not use user content or learner submissions for third-party advertising. We do not train machine learning models on your Braille content, learner submissions, workspace messages, uploaded documents, or uploaded images unless we separately disclose the use and obtain any required consent or contractual approval.
15. Your Privacy Rights
Depending on your jurisdiction and account context, you may have rights to:
- Access personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete data, subject to legal, security, billing, audit, backup, and institutional retention limits.
- Restrict or object to certain processing.
- Withdraw consent where processing is based on consent.
- Receive a portable copy of certain data where technically feasible and legally required.
- Appeal or complain about our handling of your request where applicable.
- Opt out of marketing communications, if any, while still receiving transactional service notices.
Use self-service export tools where available, or contact support@tusomebraille.com. We may need to verify your identity, confirm your authority, or route institution-controlled learner records to the relevant institution. We will respond within the period required by applicable law, or within a reasonable period where no specific period applies.
16. Regional Privacy Notices
16.1 Uganda
Where Uganda's Data Protection and Privacy Act and Regulations apply, we process personal data according to applicable data-protection principles, data-subject rights, registration duties where applicable, security duties, retention expectations, and cross-border transfer requirements. Complaints may be raised with Uganda's Personal Data Protection Office where applicable.
16.2 European Economic Area and United Kingdom
Where GDPR-style laws apply, this Policy provides information about controllers and processors, categories of personal data, purposes, legal bases, recipients, transfers, retention, rights, and complaint routes. If a data processing agreement, standard contractual clauses, EU/UK representative, or other transfer mechanism is legally required for a deployment, the relevant customer must contact us before production use at scale.
16.3 California and U.S. State Privacy Laws
Where California or similar U.S. state privacy laws apply, this Policy serves as a notice of the categories of personal information we collect and the purposes for collection. We do not sell personal information or share it for cross-context behavioural advertising. We do not knowingly sell or share personal information of minors. Applicable users may have rights to know, access, delete, correct, limit certain sensitive-data uses, and be free from unlawful discrimination for exercising privacy rights.
16.4 U.S. Education Deployments
Where FERPA, PPRA, COPPA, or state student privacy laws apply, the school or educational institution is generally responsible for its direct relationship with parents, eligible students, learners, and staff. We will support lawful institutional instructions, appropriate data processing terms, and our own operator or service-provider obligations where applicable.
17. Security Incident and Breach Notices
If we become aware of a security incident involving personal data, we will investigate, take reasonable steps to contain and remediate the issue, and notify affected users, institutions, regulators, or other parties where required by law or contract. Notice timing, content, and recipients may depend on the facts, legal requirements, security needs, law-enforcement restrictions, and whether an institution controls the affected records.
18. Contact and Complaints
The owner and platform operator responsible for this Policy is:
- Organisation: Avora Technologies Limited
- Privacy and data requests: support@tusomebraille.com
- Legal and admin: admin@tusomebraille.com
- Website: tusomebraille.com
Please contact us first so we can investigate and respond. If you are not satisfied, you may contact the relevant data protection authority, including Uganda's Personal Data Protection Office where applicable. If your data is controlled by an institution, you may also need to contact that institution.
19. Changes to This Policy
We may update this Privacy Policy to reflect changes in law, system behavior, providers, security practices, institutional workflows, billing, or product features. We will post the updated Policy with a new effective date and version. For material changes, we will use reasonable efforts to notify affected users by email, in-product notice, or another appropriate method where practical.
Your continued use of the Service after an updated Policy takes effect means you acknowledge the updated Policy where permitted by law.