Privacy Policy

Last updated: March 12, 2026

BrotherLink ("we", "us", or "our") is operated by BPN Solutions LLC. We built BrotherLink with privacy as a core principle. This platform exists to serve fraternity chapters — not to monetize your data. This Privacy Policy explains how we collect, use, and protect your personal information when you use the BrotherLink platform (the "Service"), including our website and mobile application.

1. Our Privacy Commitment

  • We will never sell, rent, license, or trade your personal data
  • We will never use your data for advertising or marketing by third parties
  • We collect only what is necessary to operate the Service — nothing more
  • Your data stays within your chapter organization — other chapters cannot see it
  • We do not use third-party analytics, advertising trackers, or tracking pixels

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and the password you set during onboarding. Your account is associated with a specific fraternity chapter organization. Passwords are cryptographically hashed — we never store or have access to your plaintext password.

Profile Information

You may choose to provide additional information such as your photo, bio, headline, employer, job title, graduation year, pledge class year, location, phone number, LinkedIn URL, degree, major, career interests, work experience, and chapter positions held. All profile fields beyond your name are optional and entirely within your control.

Content You Create

We store posts, comments, questions, poll responses, event RSVPs, job listings, and other content you submit through the Service.

Device and Usage Data

We collect push notification tokens solely for delivering notifications you have opted in to, and standard server logs (IP addresses and request timestamps) for security monitoring. Server logs are automatically purged after 90 days. We do not fingerprint devices or build behavioral profiles.

3. How We Use Your Information

We use your information strictly to operate the Service. Specifically:

  • Provide the member directory, feed, events, and jobs board to your chapter
  • Verify your identity as a fraternity member during onboarding
  • Send push notifications you have explicitly opted in to
  • Allow chapter admins to manage membership and approve access requests
  • Respond to bug reports and support requests you submit
  • Maintain security, prevent abuse, and enforce our Terms of Service

We do not use your data for any purpose beyond what is listed above. We do not profile users, run behavioral analytics, or make automated decisions about you.

4. Data Isolation

BrotherLink is multi-tenant — each chapter organization's data is isolated at the database level using row-level security policies. Members of one chapter cannot access profiles, posts, events, or any other data belonging to another chapter. Platform administrators (BPN Solutions employees) can access cross-organization data solely for technical support and platform operations.

5. Third-Party Service Providers

We use a minimal set of infrastructure providers to operate the Service. These providers process data on our behalf and are contractually prohibited from using your data for their own purposes:

  • Supabase — hosts our database, authentication, file storage, and serverless functions. Data is encrypted at rest and in transit.
  • Expo — delivers push notifications to mobile devices. Only device tokens and notification content are transmitted.
  • Anthropic (Claude AI) — powers optional AI features (directory search, LinkedIn profile import). Data sent to Anthropic is processed in real time and is not stored or used for model training. You are never required to use AI features.

We do not share data with any other third parties. We will not add new third-party providers without updating this policy.

6. Law Enforcement and Legal Requests

We will not voluntarily disclose your data to law enforcement or any government agency. We will only provide user data in response to a valid, legally binding court order, subpoena, or warrant that we have reviewed and determined to be legally enforceable.

If we receive a legal request for your data, we will:

  • Notify you before disclosing your data, unless we are legally prohibited from doing so
  • Provide only the minimum data specifically required by the legal order — nothing more
  • Challenge overly broad or legally questionable requests where feasible

7. Data Security

Protecting your data is a priority, not an afterthought. Our security measures include:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Encryption at rest for all stored data
  • Row-level security policies enforced at the database level — not just the application layer
  • Cryptographically hashed passwords (we cannot read your password)
  • JWT-based authentication with short-lived tokens and automatic rotation
  • Role-based access controls for admin and platform operations

No system is 100% secure. If we ever discover a data breach that affects your personal information, we will notify affected users within 72 hours of confirmation.

8. Data Retention and Deletion

We retain your account and profile data only for as long as your account is active.

  • You can delete or modify any profile information at any time
  • If you request account deletion, we will permanently remove your profile, personal data, and associated content within 30 days
  • Server logs are automatically purged after 90 days
  • Push notification tokens are deactivated immediately upon sign-out and deleted upon account deletion

9. Your Rights

You have the right to:

  • Access and update your personal information at any time through your profile page
  • Change your password at any time through the settings page
  • Control exactly which push notifications you receive through notification preferences
  • Request complete deletion of your account and all associated data
  • Request a full export of your personal data in a machine-readable format
  • Be notified of any data breach that affects your information

To exercise any of these rights, contact us at support@bpnsolutions.com. We will respond within 14 days.

10. Children's Privacy

The Service is intended for college students and alumni who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from someone under 18, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and sending a notification through the platform. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, your personal data, or our privacy practices, contact us at support@bpnsolutions.com.