Privacy Policy

This Privacy Policy describes how CloudBriz Technologies Ltd. ("CloudBriz," "we," "us," or "our") collects, uses, stores, and protects information in connection with the Mediabriz service ("Service"), including the Mediabriz browser extension and associated cloud services.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Roles and Responsibilities

CloudBriz Technologies Ltd. acts as a data processor on behalf of the Customer (the data controller) for personal data processed through the Service in connection with the Customer’s use of the Genesys Cloud platform. CloudBriz does not independently determine the purposes of processing beyond what is necessary to provide the Service. CloudBriz acts as a data controller only for limited service operation data such as billing records, operational logs, and service security data.

The Customer is responsible for ensuring that its use of the Service, and any personal data processed through it, complies with all applicable laws and regulations, including data protection laws. The Customer is solely responsible for determining the purposes and lawful basis for processing personal data through the Service.

For details on data processing responsibilities, see our Data Processing Agreement.

2. Information We Collect

2.1 Information Collected Automatically

When you use the Service, we automatically collect the following categories of information:

• Organization identifiers: Organization ID, name, and data region
• User identifiers: User ID obtained via OAuth authentication
• Conversation metadata: Conversation IDs, channel type, and timestamps
• Media file metadata: File name, type, size, and scan status (if scanning is enabled)

2.2 Information You Provide

• Annotations: Comments and highlights you create on media items within conversations
• Follow-ups: Media items you save to your personal follow-up list

2.3 Information We Do NOT Collect

• Message content: We do not store or analyze the text content of messages or emails. Message content remains within the Customer’s Genesys Cloud environment and is not persisted by CloudBriz.
• Media files: Media files may be processed temporarily as required for Service functionality. CloudBriz does not permanently store customer media files.
• Passwords or credentials: Authentication is handled through Genesys Cloud OAuth. CloudBriz does not receive or store user passwords.
• Direct personal contact information: We do not collect names, email addresses, phone numbers, or other contact details beyond the user ID provided through OAuth.

3. How We Use Your Information

We use the collected information for the following purposes:

• Providing the Service: Enabling media viewing, annotations, and follow-ups within digital conversations
• Security features: If enabled, processing media files for threat detection
• Billing: Tracking organizational usage for billing purposes
• Service operations: Authentication validation, preview generation, and service reliability
• Service improvement: Analyzing aggregated usage data to understand Service usage patterns and improve functionality
• Usage analytics and reporting: Providing the Customer’s authorized administrators with aggregate, organization-level usage analytics and, for Mediabriz Guard subscribers, scan-result reporting through the Mediabriz Insights dashboard. These analytics are presented as per-organization aggregates and do not include per-user activity.

4. Customer Content

CloudBriz does not control, monitor, or review the content submitted, processed, or stored through the Service by the Customer or its authorized users. The Customer retains full ownership of and responsibility for all content processed through the Service. CloudBriz assumes no liability for such content.

5. Legal Basis for Processing (GDPR)

Where the GDPR applies, we process personal data on the following legal bases:

• Performance of a contract (Article 6(1)(b)): Processing necessary to provide the Service under the Customer’s subscription agreement
• Legitimate interests (Article 6(1)(f)): Processing necessary for service security, infrastructure protection, and service operations, where such interests are not overridden by data protection rights
• Legal obligation (Article 6(1)(c)): Processing necessary to comply with applicable legal requirements
• Consent (Article 6(1)(a)): Where applicable and required by law

We do not engage in profiling or automated decision-making that produces legal effects or similarly significant effects on data subjects.

6. Data Storage and Regions

6.1 Storage Locations

CloudBriz operates regionally distributed infrastructure. The Customer’s data region is selected during initial configuration, and data is designed to be stored and processed within the selected region, subject to applicable data transfer safeguards.

For EU organizations, CloudBriz is designed to store and process operational personal data within the EU. Certain Service features may involve processing by third-party services that operate globally. Certain data that does not contain personal data (such as aggregate billing counters) may be stored outside the EU for service operation and reporting purposes.

6.2 Data Retention

CloudBriz retains personal data only as long as necessary to provide the Service and fulfill its contractual and legal obligations. Personal data is deleted or anonymized when no longer required, in accordance with automated retention policies and applicable law.

The following categories describe the general nature of data retention:

• Operational data (such as conversation records, scan results, and user annotations) is retained for a limited period and automatically deleted thereafter.
• Temporary processing data (such as previews and scan files) is retained for short durations and automatically removed.
• Billing data consists of aggregate organizational usage counts that do not contain personal data and may be retained for reporting and compliance purposes.

For complete retention details, see our Data Processing Agreement.

7. Operational Logs

We may collect limited technical logs for service diagnostics, error monitoring, and security protection. These logs may contain system identifiers such as request IDs, timestamps, or service metadata. Logs are retained only as long as necessary for operational purposes and do not contain message content, media files, or direct personal contact information.

8. Data Sharing and Third-Party Services

We do not sell, trade, or rent your personal data. We share data only with third-party service providers as necessary to operate the Service:

The Service relies on third-party platforms, including Genesys Cloud and cloud infrastructure providers. CloudBriz is not responsible for the privacy practices, data handling, availability, performance, or security of third-party platforms. CloudBriz does not control the processing performed independently by third-party platforms. For details on sub-processors, see our Data Processing Agreement.

9. Security

We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, destruction, or alteration. These measures include:

• Encryption in transit: Data transmitted between the extension, our services, and third-party providers is protected using TLS 1.2 or higher
• Encryption at rest: Stored data is encrypted using industry-standard encryption
• Access controls: Authentication and authorization mechanisms with organization-level data isolation
• Infrastructure protection: Network and application-layer protections designed to mitigate common attack patterns

No method of transmission or storage is completely secure. CloudBriz cannot guarantee absolute security and shall not be liable for unauthorized access or data breaches to the extent they occur despite the implementation of reasonable measures. For more information on our security practices, see our Security Overview.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request information about the personal data we process about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to legal retention obligations
• Restriction: Request restriction of processing of your personal data
• Portability: Request a copy of your personal data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Complaint: Lodge a complaint with your local data protection supervisory authority

The exercise of data subject rights is subject to applicable legal conditions and exceptions. To exercise any of these rights, please contact us. All requests will be handled in accordance with applicable law.

Because CloudBriz acts as a data processor, requests related to Customer data should be directed to the Customer (as data controller) in the first instance. CloudBriz will provide reasonable assistance to the Customer in responding to such requests, taking into account the nature of the processing and the information available to CloudBriz.

11. Browser Extension Permissions

The Mediabriz browser extension requires specific browser permissions to function, as declared in its manifest and applicable store listings. The extension interacts with supported web pages to provide Service functionality. The extension does not collect browsing history or access unrelated websites.

12. Cookies and Tracking

Mediabriz is a browser extension and does not use cookies. The extension stores configuration and cache data locally within the browser using extension-specific storage, which is accessible only to the extension.

We do not use third-party analytics services, tracking pixels, or third-party tracking technologies. CloudBriz may analyze aggregated, server-side operational data to understand Service usage patterns and improve the Service. This analysis is based on existing operational logs and does not involve additional data collection or client-side tracking.

13. Children’s Privacy

The Service is designed for use by business professionals. We do not knowingly collect information from children under the age of 16. If you believe a child under 16 has provided us with personal data, please contact us and we will take appropriate steps to delete such data.

14. International Data Transfers

Personal data may be processed in jurisdictions outside the data subject’s country of residence, including countries that may not provide the same level of data protection.

Where personal data is transferred to countries outside the European Economic Area, CloudBriz maintains appropriate safeguards, which may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions of the European Commission
• Other legally recognized transfer mechanisms under applicable data protection law

For details on international transfer safeguards, see our Data Processing Agreement.

15. Changes to This Privacy Policy

CloudBriz may update this Privacy Policy from time to time. Changes will be indicated by updating the "Last Updated" date at the top of this document. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy. CloudBriz is not obligated to provide individual notice of changes beyond updating this document.

16. Contact

For questions about this Privacy Policy, please contact us.

CloudBriz Technologies Ltd.