Privacy Policy
Last updated: April 1, 2026 · Effective: April 1, 2026
Plain English summary: We collect only what we need to run the service — your email, phone number, timezone, language preference, and tone choice. We never sell your data. We share it only with Twilio (SMS delivery) and PayPal (billing). You can request deletion at any time.
1. Introduction
Brutal Kick ("we," "us," or "our") operates the SMS subscription service available at brutalkick.com. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.
By subscribing to Brutal Kick, you consent to the collection and use of your personal data as described in this Privacy Policy. If you do not agree, please do not subscribe.
Our contact for privacy matters: [email protected]
2. Information We Collect
We collect only the minimum personal data necessary to operate the Service. We do not collect any additional data beyond what is listed below.
| Data | Why we collect it | Retention |
|---|---|---|
| Email address | Account identification, billing communications, service updates | Until account deletion or 2 years after last activity |
| Phone number | SMS message delivery | Until account deletion |
| Timezone & preferred send time | Deliver messages at your chosen time | Until account deletion |
| Language preference | Deliver messages in your chosen language | Until account deletion |
| Tone preference (Soft / Medium / Hard) | Deliver messages at your chosen tone level | Until account deletion |
| Subscription status & mode (callout / support) | Determine which messages to send and whether to send them | Until account deletion |
| PayPal subscription ID | Billing management and payment verification | Until account deletion or as required by tax law |
| SMS delivery logs (timestamp, status) | Prevent duplicate sends, troubleshoot delivery issues | 90 days |
We do not collect: browsing history, location data beyond timezone, demographic data, social media profiles, or any sensitive personal data (health, biometric, financial beyond PayPal ID).
3. How We Collect Your Information
We collect data directly from you when you:
- Complete the subscription form on brutalkick.com
- Complete payment through PayPal (PayPal shares your subscription ID with us via webhook)
- Reply to our SMS messages (we process your reply keyword — START or STOP — only)
We do not use tracking pixels, third-party analytics cookies, or behavioural profiling tools beyond basic Google Analytics (page views only, with IP anonymisation).
4. How We Use Your Information
We use your data solely to:
- Deliver your daily SMS messages at the correct time, in the correct language and tone
- Process your subscription and verify payment status
- Respond to opt-out (STOP) and mode-change (START) requests
- Send transactional emails related to your subscription (billing confirmation, cancellation notice)
- Troubleshoot delivery issues
We do not use your data for: advertising, profiling, selling to third parties, or any purpose beyond operating the Service.
5. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Delivering SMS messages you subscribed to | Performance of contract (Art. 6(1)(b) GDPR) |
| Processing your payment via PayPal | Performance of contract (Art. 6(1)(b) GDPR) |
| Obtaining your explicit consent to receive Hard-tier content | Consent (Art. 6(1)(a) GDPR) |
| Maintaining delivery logs for service reliability | Legitimate interest (Art. 6(1)(f) GDPR) |
| Complying with applicable law | Legal obligation (Art. 6(1)(c) GDPR) |
6. SMS Communications
By subscribing, you explicitly consent to receive recurring automated SMS messages from Brutal Kick. Consent is not a condition of purchase. You may revoke consent at any time by replying STOP to any message.
We comply with applicable SMS marketing laws including the US Telephone Consumer Protection Act (TCPA), UK PECR, and equivalent regulations in other countries where we operate.
Message frequency: 1 message per day. Standard carrier rates may apply.
7. Sharing Your Information
We share your data only with the following third-party service providers, and only to the extent necessary to operate the Service:
| Third party | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Twilio Inc. | SMS delivery | Phone number, message content | twilio.com/legal/privacy |
| PayPal Holdings, Inc. | Subscription billing | Email address, subscription ID | paypal.com/privacy |
| Hostinger International | Web hosting & database | All subscriber data (stored on their servers) | hostinger.com/privacy-policy |
| Google LLC | Analytics (page views only) | Anonymised IP address, page visits | policies.google.com/privacy |
We do not sell, rent, trade, or otherwise transfer your personal data to any other parties. We do not allow our service providers to use your data for their own marketing purposes.
We may disclose your data if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights or comply with legal process.
8. Data Storage and Security
Your data is stored on Hostinger's servers in the European Union. We implement reasonable technical and organisational security measures to protect your data against unauthorised access, loss, or disclosure, including:
- HTTPS encryption for all data transmitted between your browser and our servers
- Database access restricted to application-level credentials only
- PayPal webhook signature verification to prevent fraudulent requests
- No storage of payment card details (PayPal handles all payment processing)
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but take reasonable steps to protect your data.
9. Data Retention
We retain your personal data for as long as your subscription is active, plus a reasonable period afterwards to comply with legal obligations or resolve disputes. Specifically:
- Active subscriber data: Retained while your subscription is active
- Cancelled subscriber data: Retained for up to 24 months after cancellation, then deleted or anonymised
- SMS delivery logs: Deleted after 90 days
- Billing records: Retained for 7 years as required by tax law
You may request early deletion of your data at any time by contacting [email protected].
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restriction: Request that we limit our processing of your data
- Right to data portability: Request a copy of your data in a structured, machine-readable format
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time (without affecting the lawfulness of prior processing)
- Right to object: Object to processing based on legitimate interests
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.
If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your national data protection authority.
11. Children's Privacy
The Service is strictly intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us immediately at [email protected] and we will delete it promptly.
12. International Data Transfers
We are based in Serbia and our data is hosted in the EU. However, some of our service providers (Twilio, PayPal, Google) are based in the United States. When we transfer data to the US, we ensure appropriate safeguards are in place:
- Twilio and PayPal participate in EU-US Data Privacy Framework or offer Standard Contractual Clauses
- Google Analytics is configured with IP anonymisation
13. Cookies
Our website uses minimal cookies:
- Google Analytics: Two anonymised analytics cookies (_ga, _gid) to understand page-level traffic. No personal identification. These can be blocked via browser settings or the Google Analytics opt-out browser add-on.
- No advertising cookies, no cross-site tracking, no session cookies beyond what is technically necessary.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by sending an SMS or email at least 7 days before the change takes effect. Your continued use of the Service after the effective date of any change constitutes acceptance of the revised Policy.
The current version of this Privacy Policy is always available at brutalkick.com/privacy.html.
15. Contact
For all privacy-related enquiries, requests to exercise your rights, or complaints:
- Email: [email protected]
- General support: [email protected]
- Website: brutalkick.com
We aim to respond to all privacy requests within 30 days.