Privacy Policy

Overview

Bradford Operations ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services, including our software applications Bradford Lab, Bradford Toolkit, CineMath, and Post Assistant.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Our services are hosted in the United States, and by using them you acknowledge that your data may be processed and stored in the US. By using our services, you consent to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us, including:

• Email addresses (when you sign up for our mailing list or request early access)
• Name and professional role (when you request early access to our products)
• Contact information (when you reach out to us)
• Account information (if you sign in via Google OAuth — we do not store passwords)
• API usage data (if you use our developer tools, such as the Bradford Toolkit API)
• Usage data and preferences related to our software applications

Automatically Collected Information

When you visit our website, we may automatically collect:

• IP addresses and device information
• Browser type and version
• Pages visited and time spent on our site
• Referring website information
• Analytics data to improve our services

How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain our services
• To send you updates about our software applications and services
• To provide early access notifications for new products
• To respond to your inquiries and provide customer support
• To improve our website and services
• To analyze usage patterns and optimize user experience
• To comply with legal obligations

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

• With your explicit consent
• To trusted service providers who assist us in operating our website and services (under strict confidentiality agreements)
• When required by law or to protect our rights and safety
• In connection with a business transfer or merger

Your Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following rights regarding your personal data:

• Right of Access: You can request information about the personal data we hold about you
• Right of Rectification: You can request correction of inaccurate or incomplete data
• Right of Erasure: You can request deletion of your personal data
• Right to Data Portability: You can request a copy of your data in a structured format
• Right to Object: You can object to the processing of your personal data
• Right to Restrict Processing: You can request limitation of data processing
• Right to Withdraw Consent: You can withdraw consent at any time

To exercise these rights, please contact us at privacy@bradfordoperations.com

Data Security and Retention

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required by law.

Bradford Toolkit Data Handling

If you use the Bradford Toolkit (MCP server, REST API, or connector app), the following data practices apply:

File Processing

When you submit a DRX (grade) file as text content for parsing, it is processed in memory and not persisted. When you upload a DRP (project) file, it may be stored in our cloud storage (Cloudflare R2) during and after processing. Files uploaded via the presigned upload flow are stored under your account and are not automatically deleted. You can request deletion of uploaded files at any time.

Usage Analytics

All API requests are logged for operational and debugging purposes, including: which tool was used, processing duration, request size, and HTTP status code. Tool-specific metadata is limited to structural counts (node counts, timeline counts) and boolean flags. Project names, file paths, clip names, and grade labels are never included in logs — all metadata is anonymized before storage.

Grade Training Sessions

When you use the iterative grading workflow, we store: color correction parameters (temperature, contrast, saturation, lift, gamma, gain values), before/after histogram statistics (RGB and luminance data), your reasoning notes, and a hash prefix of the generated grade file. The actual grade file content is not stored — only a short hash for deduplication.

Local Operations

Tools that run through the connector desktop app (color groups, Fairlight bus routing, smart filters, project settings) operate locally on your machine. Data from these operations does not pass through our servers.

Data Deletion

You can request deletion of all your data — including your account, usage logs, grade sessions, API keys, and stored files — through our self-service form at bradfordoperations.com/account/delete-data. Deletion requests are queued with a 30-day window during which you can cancel. After 30 days, deletion executes automatically. You can also email privacy@bradfordoperations.com to request expedited deletion.

AI Assistant & Learning

If you use Post Assistant, our AI-powered assistant, the following data practices apply in addition to the general policies described above.

What We Collect

• Conversation transcripts between you and Post Assistant
• Usage metrics (tokens, models used, session duration, tool calls)
• Relationship models — learned preferences about your communication style, creative tendencies, and workflow patterns
• Project journal entries — observations about your projects extracted from conversations
• Synced memories — facts and preferences that persist across sessions

How We Use It

• To personalize Post Assistant's responses to your working style
• To improve response quality and reduce errors
• To track usage for billing and credit management
• To develop and improve our AI models and service
• To debug issues and maintain service reliability

Your Controls

• You can opt out of personality learning (relationship models, journal entries, and memory building) in Post Assistant Settings
• Opting out does not affect core functionality — you can still use all AI features
• Usage metrics and error logging remain active for billing and service reliability
• You can request deletion of all learned data at any time via Settings or by contacting support

Retention

• Conversation transcripts: retained for the life of your account
• Usage metrics: retained indefinitely for billing and analytics
• Relationship models and memories: retained until you opt out or delete them
• Upon account deletion: all personal AI data is permanently removed within 30 days

Cookies and Tracking

We use cookies and similar technologies to enhance your experience on our website. These include:

• Essential cookies: Session and authentication cookies required for website functionality (e.g., login sessions, CSRF protection). These cannot be disabled.
• Analytics cookies: Used to understand how you interact with our site (PostHog). These are only set with your consent.
• Local storage: We use browser local storage (not cookies) to remember your preferences such as theme settings.

When you first visit our site, you will be asked to consent to analytics cookies. You can change your preferences at any time through the cookie settings link in the site footer.

Disabling essential cookies through your browser settings may affect website functionality.

Third-Party Services

Our website may contain links to third-party services or integrate with external platforms. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

We may use the following third-party services:

• Analytics platforms (PostHog, Umami)
• Authentication services (Google OAuth)
• Cloud hosting and storage services (Vercel, Cloudflare)
• Email services (Google Workspace)

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have it removed.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: