BrainGrid AI
Join Waitlist

Privacy Policy

How we collect, use, and protect your information.

Effective: July 24, 2025
โ€ข
Last updated: July 24, 2025
โ€ขVersion 1.0

BrainGrid AI, Inc. ("BrainGrid", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered development planning platform and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

1. Information We Collect

1.1 Information You Provide to Us

Account Information

  • Name and email address
  • Company name and size
  • Job title and role
  • Password (encrypted)
  • Phone number (optional)
  • Billing and payment information

User Content

  • Project requirements and specifications
  • Task descriptions and planning documents
  • Communications with our team
  • Feedback and feature requests
  • Any other content you submit through the Services

Code and Repository Data

  • Repository metadata (structure, file names, patterns)
  • Code snippets shared for context
  • Integration configurations
  • Access tokens for connected services (encrypted)

1.2 Information We Collect Automatically

Usage Information

  • Features accessed and actions taken
  • Time spent on different sections
  • Interaction patterns with AI agents
  • Performance metrics and error logs

Device and Technical Information

  • IP address and approximate location
  • Browser type and version
  • Operating system
  • Device identifiers
  • Referral URLs
  • Network and connection information

Cookies and Tracking Technologies We use cookies and similar tracking technologies to:

  • Maintain your session
  • Remember your preferences
  • Analyze usage patterns
  • Improve our Services

2. How We Process Your Code

๐Ÿ›ก๏ธ Your Code Stays Yours

We process your code with the highest level of care:

  • ๐Ÿ”’ No Training on Your Code: We never use your proprietary code to train AI models. Your code is processed only to provide you with our Services.

  • ๐Ÿ’พ Ephemeral Processing: Code analysis happens in isolated, temporary environments that are destroyed after processing.

  • ๐Ÿ‘ฅ Multi-Tenant Isolation: Your code is completely isolated from other customers' data with enterprise-grade security boundaries.

  • ๐Ÿ”‘ You Own Your IP: You retain all rights, title, and interest in your code and any derived insights.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

  • Provide AI-powered planning and requirement generation
  • Analyze your codebase to generate contextual insights
  • Create and manage development tasks and specifications
  • Enable integrations with your development tools

3.2 Communication

  • Send service-related notifications
  • Respond to your inquiries and support requests
  • Provide updates about new features (with your consent)
  • Send security alerts and important notices

3.3 Improvement and Analytics

  • Enhance our AI models and algorithms (without using your code)
  • Analyze usage patterns to improve user experience
  • Debug issues and improve performance
  • Develop new features based on aggregated usage data

3.4 Security and Compliance

  • Detect and prevent fraudulent activity
  • Monitor for security threats
  • Comply with legal obligations
  • Enforce our Terms of Service

4. Information Sharing

We are committed to maintaining your trust, and we want you to understand when and with whom we may share your information.

4.1 Service Providers

We share information with third-party service providers that help us operate our Services:

  • AI Model Providers: Anthropic and Google (for Gemini) - to process your requests through their AI models
  • Infrastructure: Vercel, Google Cloud Platform (GCP), Microsoft Azure (Azure), and Amazon Web Services (AWS) - for secure cloud hosting
  • Payment Processing: Stripe - for billing and payments
  • Analytics: For understanding usage patterns (anonymized data only)
  • Communication: For email and in-app messaging

All service providers are contractually obligated to protect your information and use it only for providing services to us.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders or subpoenas
  • Government or regulatory requests
  • To protect our rights, privacy, safety, or property
  • To enforce our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our Services of any change in ownership or uses of your information.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

  • Encryption: All data is encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • Access Controls: Role-based access with mandatory multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Secure Development: Regular security testing and code reviews

5.2 Organizational Measures

  • Employee security training and background checks
  • Strict access controls and need-to-know basis
  • Incident response procedures with defined escalation paths
  • Regular third-party security audits and penetration testing

5.3 Breach Notification

In the event of a data breach that may impact your information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about what information was involved
  • Explain steps we're taking to address the breach
  • Offer guidance on protective measures you can take

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your information
  • Object: Opt-out of certain uses of your information

6.2 Communication Preferences

  • Marketing: Opt-out of marketing emails via the unsubscribe link
  • Notifications: Manage notification preferences in your account settings
  • Cookies: Adjust browser settings to refuse cookies

6.3 Account Deletion

You can delete your account at any time by requesting it. Upon deletion:

  • Your personal information will be removed within 30 days
  • Some information may be retained for legal or legitimate business purposes
  • Anonymized data may be retained for analytics

7. Data Retention

We retain your information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

Specific retention periods:

  • Account Information: Duration of account plus 90 days
  • User Content: Duration of account plus 30 days
  • Usage Logs: 12 months
  • Security Logs: 3 months
  • Billing Records: 7 years (legal requirement)

8. International Data Transfers

Our Services are hosted in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States.

We ensure appropriate safeguards for international transfers through:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • Compliance with Privacy Shield principles (where applicable)

9. Regional Privacy Rights

9.1 European Economic Area (GDPR)

If you are located in the EEA, you have additional rights:

Legal Basis for Processing

  • Contract performance (to provide our Services)
  • Legitimate interests (security, fraud prevention, improvement)
  • Consent (for marketing communications)
  • Legal obligations

Additional Rights

  • Right to lodge a complaint with supervisory authorities
  • Right to withdraw consent at any time
  • Right to object to processing based on legitimate interests

9.2 California (CCPA/CPRA)

California residents have additional rights:

  • Right to know what personal information we collect
  • Right to know if we sell or share personal information (we don't)
  • Right to opt-out of sale (not applicable as we don't sell data)
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact BrainGrid.

9.3 Other Jurisdictions

We respect privacy rights under applicable laws in all jurisdictions where we operate. Contact us for information about your specific rights.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

11. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending email notification for significant changes

Your continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us.

Response Time: We aim to respond to all privacy inquiries within 30 days.

Back to Legal Center