Privacy Policy

1. Introduction

Bryan Hughes Business Connections ("BHBC," "we," "us," or "our") operates this website and provides membership networking services ("Services"). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information. By registering, accessing, or using BHBC, you agree to the terms described below. Those under 18 are not permitted to register.

2. Information We Collect

2.1 Personal & Membership Data

• Registration Details: Full name, email, phone, business name, title/role.
• Profile Data: Business description, profile photo, group memberships, tier status.
• Billing Info: Billing address; tokenized payment identifiers (credit card, ACH); payment history and receipts.
• Authentication Data: Firebase UID, password hash, login timestamps.
• Membership Preferences: Convenience fee waivers, grandfathered status, subscription preferences.
• Communication Data: Email delivery status, reminder preferences, message overrides.

2.2 Technical & Usage Data

• Device & Browser Info: IP address, browser/app type, operating system.
• Cookies / Local Storage / Session Storage: For authentication, session persistence, preferences, and analytics.
• Analytics Data: Aggregate site usage collected via Vercel Analytics in production.

3. How We Use Information

• Service Delivery: Manage member accounts, group access, profile display, tier calculations.
• Payment & Billing: Process membership dues and fees through secure payment gateway. Membership costs vary by tier level.
• Communication: Send automated receipts, membership renewal reminders, meeting notifications, password resets, and announcements via SendGrid and EmailJS.
• Site Enhancements: Improve user experience and performance via anonymized analytics and usage tracking.
• Administrative Functions: Membership synchronization, payment tracking, email management, and customer support.
• Automated Systems: Quarterly tier upgrade reminders, renewal notifications, and meeting format management for hybrid groups.

5. Third-Party Services

We work with various service providers under strict data protection terms:

• NMI: Payment processing, secure vault storage, subscription management, and transaction reporting
• Firebase / Google Cloud: Authentication, real-time database storage, and cloud functions
• Vercel: Site hosting, serverless functions, and analytics
• SendGrid: Automated email communications, receipts, reminders, and notifications
• EmailJS: Contact form submissions and general inquiries
• Puppeteer: PDF receipt generation and document processing
• Google Analytics: Website usage analytics and performance tracking

6. Data Sharing & Disclosure

We do not sell your personal information. We only share data when:

• Required by law, regulation, or court order.
• Protecting BHBC rights, users, or public safety.
• Engaging third-party vendors under confidentiality obligations.
• In connection with company mergers, acquisitions, or asset sales (with notice to users).

8. Security Measures

• HTTPS/TLS for data in transit; encrypted storage at rest.
• Role-based access controls in Firebase.
• Periodic vulnerability assessments and security audits.
• Adherence to PCI DSS requirements in handling payment data.

9. Automated Communications

We send various automated communications to enhance your membership experience:

• Payment Receipts: Automatically sent via email with PDF attachments after successful payments
• Renewal Reminders: Sent 30 days before membership expiration for one-time payments (not auto-renewal subscriptions)
• Tier Upgrade Reminders: Quarterly emails to eligible members showcasing available tier upgrades
• Meeting Notifications: Daily reminders sent at 7:30 AM EST for next day's meetings
• Custom Message Overrides: Special notifications for holidays, events, or schedule changes

You can manage communication preferences in your account settings or contact us to opt out of non-essential communications.

10. Cookies & Browser Storage

We use cookies, localStorage, and session storage to:

• Authenticate users securely.
• Remember preferences and session data.
• Support site analytics.
• Track outage status and retry attempts.

You can disable cookies, though this may limit functionality.

11. Children's Privacy

Our Services are intended solely for adults (18+). We do not knowingly collect data from minors under 18. If we learn that a minor's data was inadvertently collected, we will delete it promptly.

12. International Data Transfers

Your data is collected and stored in the United States. If accessed or transferred globally, we ensure appropriate safeguards and comply with applicable laws.

13. Pennsylvania State Law Compliance

As a Pennsylvania-based organization, we comply with applicable Pennsylvania state laws regarding data protection and consumer privacy:

• Data Protection: We maintain reasonable security measures as required under Pennsylvania law
• Breach Notification: We follow Pennsylvania's breach notification requirements for affected residents
• Consumer Rights: Pennsylvania residents may request information about data collection and use
• Business Records: We maintain records in accordance with Pennsylvania business record retention requirements

14. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about personal data collected, used, or shared
• Right to Delete: Request deletion of personal information (subject to legal exceptions)
• Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at bryan@bryanhughes.biz with "CCPA Request" in the subject line.

15. Data Processing Lawful Basis (GDPR)

For users in the European Economic Area, we process personal data based on:

• Contract Performance: To provide membership services you've requested
• Legitimate Interest: To improve our services and communicate with members
• Consent: For marketing communications (which you can withdraw anytime)
• Legal Obligation: To comply with financial and tax reporting requirements

16. Breach Notification

We will notify affected users and relevant authorities within 72 hours of discovering a data breach, as required under applicable law. Notifications will include the nature of the breach, data involved, and steps being taken to address it.

17. Data Minimization & Purpose Limitation

We collect only the personal information necessary to provide our services and use it solely for the purposes disclosed in this policy. We regularly review and delete unnecessary data.

18. Policy Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. For material changes, we will provide 30 days advance notice through email or prominent site announcements. Continued use after the effective date constitutes acceptance of the updated policy.