Privacy Policy

1. Introduction

Braintu prioritizes user privacy. This policy outlines how we collect, use, and share information when you access our services. We are committed to safeguarding your privacy while delivering a personalized service experience.

2. Information Collection

We gather the following types of information:

• Personal Information: Name, email, and contact details from account registration or support inquiries
• Technical Data: IP address, browser type, and operating system for service improvement and security
• Usage Data: User interaction patterns, pages visited, and actions taken on the platform

3. Third-Party Platform Integration

Braintu integrates with third-party platforms to process documents, files, calendar data, and other information. This data provides context to Large Language Models (LLMs) to enhance your interactions.

We collect information through official APIs and integrations provided by these platforms. Integration data is only accessed when you explicitly connect a service and invoke related actions. You can disconnect any integration at any time, which revokes access tokens and removes the connection.

OAuth tokens for connected integrations are stored securely in our database with encryption and are never exposed to the frontend application. We request only the minimum OAuth scopes necessary for each integration to function.

Braintu's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Artificial Intelligence and Data Processing

Braintu uses third-party AI services to power its conversational assistant. We do not train or host our own AI models. The AI service providers we use are:

• Anthropic
• OpenAI
• Google AI
• Groq
• OpenRouter

When you send a message in a conversation, your message and relevant context (such as referenced documents or calendar data) are sent to the selected AI provider to generate a response. Data from connected integrations (e.g., Google Calendar events) is only sent to AI providers when you explicitly invoke a related action in a conversation.

Data Segregation for Google User Data

AI-powered agents (including those with access to Google Calendar and other Google integrations) exclusively use models from Anthropic, OpenAI, and Google AI. Data obtained from Google APIs is never sent to OpenRouter or any other third-party AI aggregator. This architectural separation ensures that Google User Data remains within providers that comply with the Google API Services User Data Policy Limited Use requirements.

Important: Your data is not used to train any AI models. We maintain data processing agreements with our AI providers that prohibit the use of your data for model training. Chat data is processed solely to generate responses and is not retained by AI providers beyond what is necessary to fulfill the request.

5. Information Usage

Your data is used to:

• Provide and maintain our services
• Improve and personalize your experience
• Communicate updates and respond to inquiries
• Analyze usage patterns

6. Information Sharing

We may share information with third parties in the following circumstances:

• Third-party AI service providers (Anthropic, OpenAI, Google AI, Groq, and OpenRouter), solely to generate AI responses on your behalf
• Infrastructure and service providers who assist with our operations
• When required by law or to protect safety
• In connection with business transfers such as mergers or acquisitions

We do not sell your personal information to third parties. Data shared with AI providers is subject to their respective data processing agreements and is not used for purposes beyond generating your requested responses.

7. Data Security and Protection

We implement the following security measures to protect your information, including sensitive data such as OAuth tokens and integration credentials:

• Encryption in transit: All data transmitted between your browser, our servers, and third-party services is encrypted using TLS (Transport Layer Security)
• Encryption at rest: Sensitive credentials, including OAuth access tokens and refresh tokens for connected integrations are stored encrypted in our database
• Access controls: OAuth tokens and sensitive credentials are never exposed to the frontend application. API access requires authenticated sessions with organization membership validation
• Token management: Integration tokens are automatically refreshed when expired and securely revoked when you disconnect an integration
• Infrastructure security: Our services run on Cloudflare's global network, which provides DDoS protection, Web Application Firewall (WAF), and network-level security
• Least privilege access: We request only the minimum OAuth scopes necessary for each integration to function

Data Retention

We retain your data only as long as necessary to provide our services or as required by law. When you delete your account or disconnect an integration, associated data (including OAuth tokens) is removed from our systems. You can request deletion of your data at any time by contacting us.

8. User Rights and Controls

You have the right to:

• Request access to your personal information
• Request correction of inaccurate data
• Request deletion of your data
• Opt out of marketing communications
• Request restrictions on data processing

9. Cookies and Tracking

We use cookies to track activity on our platform. You can control cookie settings through your browser preferences, though disabling cookies may affect functionality.

10. International Data Transfers

Your information may be transferred to and processed in jurisdictions outside your own, where data protection laws may differ from those in your country.

11. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect information from minors. If we discover such data has been collected, we will delete it promptly.

12. Policy Changes

We may update this policy periodically. Changes will be posted on our website, and we encourage you to review it regularly.