Privacy Policy

Brian AI ("Brian", "we", "us", or "our") operates the web application at usebrian.app. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information We Collect

Account information

When you create an account we collect your email address and, optionally, your display name. If you sign in with Google we receive your email address and public profile name from Google's OAuth service.

Content you create

We store the messages you send in chat, the notes you write, the projects you create, and the memory entries Brian extracts from your activity. This content is tied to your account and processed on your behalf to deliver the service.

Usage data

We collect standard server logs: IP address, browser type, pages visited, and timestamps. This data is used to monitor uptime, diagnose errors, and understand aggregate usage patterns.

Payment information

Billing is handled by a third-party payment processor. We do not store your full card number on our servers. We retain transaction identifiers and billing history as required by law.

2. How We Use Your Information

• Provide, operate, and improve the Brian AI service.
• Personalise responses using the memory layer you have built up.
• Send transactional emails (sign-in confirmations, account alerts).
• Detect and prevent abuse, fraud, and security incidents.
• Comply with applicable legal obligations.

We do not sell your personal data. We do not use your content to train AI models shared with other users.

3. Data Storage and Security

Your data is stored in Supabase infrastructure hosted in the European Union. Data in transit is encrypted with TLS 1.2 or higher. Data at rest is encrypted using AES-256.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we apply industry-standard controls and respond promptly to any incidents.

4. AI Processing

Brian forwards your messages to large language model (LLM) providers to generate responses. These providers process your content solely to produce a reply; they are contractually prohibited from using your content to train their models. We select providers with strong data processing agreements that meet GDPR requirements.

5. Cookies and Local Storage

We use strictly necessary cookies to maintain your authenticated session. We use browser local storage to persist UI preferences such as your chosen theme. We do not use third-party advertising or tracking cookies.

6. Data Sharing

We share your data only with the following categories of sub-processors, each bound by a data processing agreement:

• Authentication & database — Supabase (EU region).
• AI inference — LLM API providers under GDPR-compliant DPAs.
• Payments — Stripe, Inc.
• Infrastructure — cloud hosting and CDN providers as needed to deliver the service.

We may also disclose your data when required by law, court order, or to protect the rights, property, or safety of Brian AI, our users, or the public.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your account and associated data via Settings → Account → Danger Zone, or by contacting us.
• Portability — receive your data in a structured, machine-readable format.
• Objection / restriction — object to or restrict certain processing activities.

To exercise any right, email us at privacy@usebrian.app. We respond within 30 days.

Data retention notice: Certain records (billing history, payment transactions, audit logs) may be retained for up to 7 years after account closure to satisfy legal and regulatory requirements.

8. Children's Privacy

Brian AI is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have done so, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. When we make material changes we will update the effective date and, where appropriate, notify you by email. Continued use of the service after the updated date constitutes acceptance.

10. Contact

If you have questions about this policy, reach us at privacy@usebrian.app.