Privacy Policy

1. Information We Collect

1.1 Account Data

When you register for an account, we collect information necessary to create and manage your account. This includes:

• Full name and display name
• Email address
• Password (stored as a salted cryptographic hash — never in plain text)
• Organisation or institution name (for institutional accounts)
• Role within your institution (e.g., administrator, learner)
• Profile preferences and notification settings

Institutional administrators who set up billing also provide billing contact details and, where applicable, payment method information. Payment card data is processed and stored by our PCI-compliant payment processor and is never stored on Braille Link servers.

1.2 Usage Data

When you use the Service, we automatically collect information about how you interact with it, including:

• Translation requests submitted (Braille input type, language table used, timestamp)
• Documents exported (format, file size, timestamp)
• Features accessed and frequency of use
• API requests and response codes
• Error events and diagnostic information
• Session duration and page views within the platform

We do not retain the content of your Braille translation inputs beyond the time needed to process and return a response, unless you explicitly save content in your workspace.

1.3 Device and Technical Data

We collect technical information to ensure the Service functions correctly and to maintain security:

• IP address and approximate geographic location (country/city level)
• Browser type and version
• Operating system and device type
• Referring URL
• Session identifiers and authentication tokens
• Time zone and language settings

1.4 Communications

If you contact us for support or send us feedback, we retain the content of that communication together with your contact details in order to respond and maintain a record of support interactions.

2. How We Use Information

We use the information we collect for the following purposes:

2.1 Providing and Improving the Service

• Authenticating your identity and authorising access
• Processing Braille translation requests and returning results
• Generating and delivering exported documents
• Maintaining and improving platform performance, reliability, and accuracy
• Training and refining our translation models (using anonymised, aggregated data only)

2.2 Account and Subscription Management

• Creating and managing your user account
• Processing subscription payments and renewals
• Sending billing receipts and payment notifications
• Enforcing feature entitlements and usage limits

2.3 Communication

• Sending service-related notices (e.g., security alerts, policy updates, maintenance windows)
• Responding to support requests and enquiries
• Sending product updates and feature announcements (you may opt out at any time)

2.4 Security and Compliance

• Detecting and preventing fraud, abuse, and unauthorised access
• Maintaining audit logs of administrative and security-relevant actions
• Complying with applicable legal obligations
• Enforcing our Terms of Service and Acceptable Use Policy

2.5 Analytics

We use aggregated, anonymised usage data to understand how the Service is used, identify areas for improvement, and measure the effectiveness of new features. This data cannot be used to identify you individually.

3. Data Sharing and Disclosure

3.1 Service Providers

We share data with trusted third-party service providers who help us operate the Service, under strict contractual obligations of confidentiality. These include:

• Cloud infrastructure and hosting providers
• Payment processors (who handle billing data under their own PCI-compliant frameworks)
• Email delivery providers (for transactional emails)
• Error monitoring and logging services

All service providers are required to process personal data only as instructed by us and in accordance with this Privacy Policy.

3.2 Institutional Administrators

If you use Braille Link through an institutional account, your institution's administrators can access information about your account activity, including usage statistics, assigned roles, and workspace content. This is a necessary feature of the multi-user institutional product.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to a valid legal process (such as a court order, subpoena, or government request). We will notify you of such a request where legally permitted to do so, and we will only disclose the minimum information required.

3.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your data may be transferred to a successor entity. We will provide notice of any such transfer and the new entity will be required to honour this Privacy Policy.

3.5 With Your Consent

We may share your information with third parties for any other purpose with your explicit prior consent.

4. Data Retention

We retain personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy, subject to the following guidelines:

• Account data: Retained for the duration of your account. When you delete your account, personal identifiers are anonymised immediately and the account is deactivated. Some data (such as audit log entries referencing the account) may persist in anonymised form for the retention period of those records.
• Usage and activity logs: Retained for up to 90 days to support audit, security investigation, and analytics, then deleted or anonymised.
• Translation session data: Transient data used only for processing is retained for up to 60 days in server logs, then purged automatically.
• Billing records: Retained for 2 years (730 days) in compliance with applicable financial record-keeping obligations.
• Support communications: Retained for 3 years from the date of the last interaction.

4.1 Right to Deletion

You may delete your account directly from your account settings, which takes effect immediately. You may also contact us at support@tusomebraille.com to request deletion of specific data. Note that some data may be retained where required by law (e.g., billing records) or legitimate security purposes (e.g., audit log entries of security incidents). Account deletion is permanent and cannot be reversed once processed.

5. Security Measures

We implement a range of technical and organisational security measures to protect your data. For full details, see our Security Policy. Key measures include:

• Encryption in transit: All data transmitted between your browser and Braille Link servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: Stored data is encrypted using AES-256.
• Access controls: Role-based access control (RBAC) ensures users can only access data appropriate to their role. Administrative access is governed by the principle of least privilege.
• Multi-factor authentication: MFA is available and enforced for administrator accounts to reduce the risk of credential compromise.
• Audit logs: All security-relevant actions (login events, admin changes, data exports) are logged and retained for investigation purposes.
• Vulnerability management: We conduct regular security assessments and promptly patch identified vulnerabilities.

While we take all reasonable steps to protect your data, no system is completely secure. We cannot guarantee absolute security and encourage you to use strong, unique passwords and enable MFA on your account.

6. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data. We honour these rights for all users regardless of location to the extent technically feasible.

• Right of Access: You may request a copy of the personal data we hold about you.
• Right of Correction: You may request that we correct any inaccurate or incomplete personal data.
• Right of Deletion: You may request that we delete your personal data, subject to our retention obligations.
• Right to Data Portability: You may request a machine-readable export of your personal data in a common format (e.g., JSON or CSV).
• Right to Object: You may object to the processing of your data for marketing purposes at any time.
• Right to Restrict Processing: In certain circumstances you may request that we limit how we use your data.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@tusomebraille.com. We will respond within 30 days. We may need to verify your identity before processing your request.

7. Cookies and Tracking

Braille Link uses a minimal cookie approach focused on providing a functional and secure experience. We do not use third-party advertising trackers or behavioural profiling cookies.

7.1 Session Cookies

We use session cookies that are strictly necessary to authenticate you and maintain your login session. These cookies expire when you close your browser or explicitly log out. They do not track you across other websites.

7.2 Preference Cookies

We may store a small number of functional cookies to remember your preferences (such as language or display settings). These are first-party cookies and are not shared with any third party.

7.3 No Third-Party Trackers

We do not embed third-party advertising pixels, social media trackers, or cross-site behavioural analytics scripts on the Braille Link platform. Our analytics are powered by server-side log analysis using only data you provide us directly.

You can control or delete cookies through your browser settings. Disabling strictly necessary cookies may prevent you from logging into the Service.

8. Children's Privacy

The Service is not intended for direct use by children under the age of 13 without institutional oversight. Braille Link is designed for use within educational institutions, where learners including minors may use the platform under the supervision and administration of their institution.

Where an institution deploys Braille Link for learners under 13 (or the applicable age threshold in your jurisdiction), the institution:

• Acts as the responsible party with respect to those learners' data under FERPA (where applicable) and equivalent laws.
• Must ensure appropriate parental or guardian consents are in place as required by COPPA or equivalent local legislation.
• Must only grant learner accounts to individuals who have the required consents in place.

Braille Link processes data about minor learners only on behalf of and as instructed by the institution. If we become aware that personal data has been collected from a child without the required consent, we will take steps to delete that data promptly.

9. International Data Transfers

Braille Link is operated from Uganda, and our primary data infrastructure is hosted within the region. If you access the Service from outside Uganda, your data may be transferred to and processed in Uganda or in other countries where our service providers operate.

We ensure that any international transfers are made only to countries or service providers that offer adequate data protection standards, or under appropriate contractual safeguards (such as standard contractual clauses). By using the Service, you acknowledge and consent to such transfers where necessary.

10. Contact and Data Controller

The data controller responsible for your personal data is:

• Organisation: Braille Link Limited
• Privacy enquiries: support@tusomebraille.com
• General support: support@tusomebraille.com
• Website: tusomebraille.com

If you have a complaint about how we handle your personal data, please contact us in the first instance. If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by email and/or by displaying a prominent notice within the Service at least 14 days before the changes take effect.

The effective date at the top of this page indicates when the current version was last updated. We encourage you to review this policy periodically. Your continued use of the Service after any changes take effect constitutes your acceptance of the updated policy.