Privacy Policy

1. Introduction

Welcome to Brain2Chat ("we," "our," "us"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, process, and safeguard your information when you visit our website and use our AI-powered chat support services (collectively, the "Service").

This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws in Europe.

Our registered company is [Your Company Name], located at [Your Company's Registered Address, City, Country]. For any privacy-specific questions, you can reach us at the contact details provided in Section 13.

2. Information We Collect

We may collect and process the following categories of personal data:

  • Identity and Contact Data: This includes your first name, last name, email address, company name (if applicable), and any other identifiers you may provide when you create an account or communicate with us.
  • Chat and Communication Data: This includes the content of your chat conversations with our AI, your queries, feedback, survey responses, and any other information you provide when using the support features or communicating with us. This data is crucial for the AI to function and for us to provide support.
  • Usage Data: Information about how you use our Service, such as features used, pages visited, interaction patterns, timestamps of access, and performance metrics. This may include data about your interactions with the AI, such as prompts and AI responses.
  • Technical Data: Information collected automatically when you access the Service, such as your IP address, browser type and version, operating system, device information, time zone setting, and language preferences.
  • Cookie and Tracking Data: Information collected through cookies and similar tracking technologies. Please see our "Cookies and Tracking Technologies" section below for more details.

We do not intentionally collect sensitive personal data (e.g., health information, racial or ethnic origin, political opinions, religious beliefs) unless you voluntarily provide it within a chat context. We advise against sharing sensitive personal data through the chat service.

3. How We Use Your Information

We use the information we collect for various purposes, including:

  • To provide, operate, and maintain our Service.
  • To create and manage your account.
  • To process your chat interactions and provide AI-driven support.
  • To improve, personalize, and expand our Service, including training and refining our AI models (we will anonymize or pseudonymize data for AI training where feasible and appropriate).
  • To understand and analyze how you use our Service for development and business intelligence.
  • To communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes (with your consent where required).
  • To process transactions (if applicable).
  • To detect and prevent fraud, and to ensure the security of our Service.
  • To comply with legal obligations and enforce our terms and conditions.

4. Legal Basis for Processing Personal Data under GDPR

We process your personal data based on the following legal grounds:

  • Consent: Where you have given us explicit consent to process your personal data for a specific purpose (e.g., for marketing communications or non-essential cookies). You can withdraw your consent at any time.
  • Performance of a Contract: When processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (e.g., to provide the core chat service you signed up for).
  • Legal Obligations: When processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax, accounting, or law enforcement requests).
  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by your interests or fundamental rights and freedoms. Our legitimate interests include improving our Service, ensuring its security, understanding user behavior for business development, and (with appropriate safeguards) training our AI models. We will always balance our legitimate interests against your rights.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers: We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work (e.g., hosting providers, payment processors, analytics providers, AI model providers, customer support tools). These providers are contractually obligated to protect your data and use it only for the purposes for which it was disclosed.
  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), to protect our rights, or to ensure the safety of our users or the public.
  • With Your Consent: We may disclose your personal information for any other purpose with your explicit consent.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy [Link to your Cookie Policy - highly recommended to have a separate one or a detailed section here].

In brief, cookies help us:

  • Remember your preferences and settings.
  • Understand how our Service is being used.
  • Improve user experience.
  • Deliver relevant advertising (if applicable, and with consent).

You can manage your cookie preferences through your browser settings or through a cookie consent banner on our website.

7. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Chat history and usage data may be retained for a longer period in an anonymized or aggregated form for service improvement and AI model training purposes.

8. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures include encryption, access controls, secure software development practices, and regular security assessments.

However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal data, transmission of personal information to and from our Service is at your own risk. You should only access the Service within a secure environment.

9. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located in the European Economic Area (EEA), UK, or Switzerland, this means your data may be transferred outside of these regions. When we transfer your personal data to countries outside the EEA, we will ensure that appropriate safeguards are in place to protect your personal data, such as by using Standard Contractual Clauses (SCCs) approved by the European Commission, or by relying on an adequacy decision or other valid transfer mechanisms under GDPR.

This is particularly relevant if we use third-party service providers (e.g., cloud hosting, AI model providers) based in countries like the United States.

10. Your Data Protection Rights under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Brain2Chat aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure (right to be forgotten): You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions, particularly where we rely on legitimate interests as our legal basis.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to withdraw consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.

If you wish to exercise any of these rights, please contact us using the details in Section 13. We may need to verify your identity before responding to such requests.

You also have the right to lodge a complaint with a data protection supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement.

11. Children's Privacy

Our Service is not intended for use by children under the age of 16 (or a higher age if stipulated by applicable local law). We do not knowingly collect personally identifiable information from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. For significant changes, we may also notify you through email or a prominent notice on our Service.

13. Contact Us

If you have any questions about this Privacy Policy, your rights, or our data processing practices, please contact us: