Skip to content

Privacy Policy

Last updated: January 2025

Brainwaves Security & Privacy FAQ

As former marketing and agency people, we understand the utmost importance of data privacy, especially when it comes to handling client data. That's why we've built Brainwaves to be privacy-first. On this page you'll find answers to the most common questions we get regarding privacy and security, and our full Privacy Policy.

What do you mean by privacy-first?

Brainwaves is dedicated to being a privacy-first platform. We prioritize giving you ownership and control of your data:

  • Data Ownership: You own and control all inputs you provide and all outputs generated by our AI services.
  • No Training on Your Data: We do not use your data to train our AI models, nor do we allow our partners to use your data for similar purposes.
  • Confidentiality: Your interactions are private and confidential. Only you can view your inputs and generated outputs, which are encrypted and stored for 30 days. You can delete them at any time before that period.
  • No Claims on your IP: We make no claims to the intellectual property you create using our tools.

What type of user data do you handle?

  • User identifier data: only name, email & company for login.
  • User inputs (including client data): we only handle what the user decides is necessary to input (typically this would be general information for a brief, e.g. target audience, campaign objectives, consumer research). Any inputs from the user are strictly used only to generate outputs.
  • Outputs: the web app outputs are only visible to the user.
  • User analytics: the normal user activity is tracked to inform UX improvements (time spent, bounce rate etc) all tracked at a page level. No analytics on an input/output level.
  • All data is secured and encrypted according to our privacy policy — see below for further detail.

How do you handle the privacy of my data?

Your AI interactions are completely confidential. Only you can see the inputs and outputs of your interactions. We do not use your inputs or outputs to train our models, nor do our partners.

Is my data used to train your models or other AI models?

No, never. We don't use your data to train our models, and nor does OpenAI. When you use Brainwaves, OpenAI models are accessed via API ensuring enterprise-grade privacy and security. Access to OpenAI via Brainwaves is even more private and secure than using the public version of ChatGPT because the public version uses your data to train its models.

Do you store my data?

We do not retain user data (inputs & outputs) beyond 30 days. Inputs/outputs are stored so users can retrieve previous messages. Users can request deletion of messages at any time prior.

Is Brainwaves secure and GDPR and CCPA compliant?

Yes, Brainwaves uses OpenAI's models to process all computing tasks via the OpenAI API. OpenAI has been audited for SOC 2 compliance, and is fully GDPR and CCPA compliant. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

How do you keep data secure?

We are entirely cloud-based and deployed on AWS servers located in the US. AWS have multiple layers of operational and physical security to ensure the integrity and safety of data. This includes features like keeping data centers safe from physical harm (such as natural disasters, power failures and overheating), data encryption, network firewalls, and secure access controls. Amazon AWS is compliant with certifications such as GDPR, SOC 2, CSA, ISO 27001, and more.

How do you encrypt data?

All data is encrypted with AES-256 at rest and in transit with TLS. We only work with partners which offer the same level of encryption.

What data do you transmit to 3rd parties?

We only transmit user data in order to deliver the core functionality of the app. We therefore work with a limited number of partners, and only those that are fully compliant with GDPR, SOC2, CCPA and AES-256 & TLS1.2+ data encryption. Our 3rd party partners are kept up to date on the data processing page on our website.

Key partners are outlined below:

  • AI partners: We use AI partners to generate outputs. User inputs are transmitted to the AI partners to generate outputs in accordance with the security and privacy conditions outlined above. OpenAI and Perplexity — but we are exploring integrating Anthropic and Midjourney models. These providers are also fully compliant with the standards set out above. New AI partners will not be integrated without notifying users of new model integration.
  • Hosting and application infrastructure partner: Brainwaves is built on Bubble.io, an all-in-one application-building platform including hosting (via AWS). Bubble.io is an industry-leading platform trusted by major companies, and fully compliant with all security and encryption standards listed above, including GDPR, SOC2, CCPA and AES-256 & TLS1.2+ data encryption.
  • These are the only partners with which data is transferred (aside from non-identifying analytics data). We will never transmit your data to 3rd parties, except for explicit requests from users or clients.

Brainwaves Privacy Policy

This Privacy Policy outlines our commitment to protect your personal information, explaining how we collect, use, and disclose your information when you use our Services.

1. Our Commitment to Your Privacy

Brainwaves is dedicated to being a privacy-first platform. We prioritize your ownership and control of your data:

  • Data Ownership: You own and control all inputs you provide and all outputs generated by our AI services.
  • No Training on Your Data: We do not use your data to train our AI models, nor do we allow our partners to use your data for similar purposes.
  • Confidentiality: Your interactions are private and confidential. Only you can view your inputs and generated outputs, which are encrypted and stored for 30 days. You can delete them at any time before that period.
  • No Claims on your IP: We make no claims to the intellectual property you create using our tools.

2. Information We Collect

We only collect the data we need in line with standard practice, including:

  • Personal Information: This includes your name, email address, company name, and any other contact details you provide when you create an Account or contact us.
  • User Content: Any data or information you input into the Services.
  • Usage Data: Information that our servers automatically collect when you access the Services, such as IP address, browser type, and usage statistics.
  • Cookies: We use cookies and similar tracking technologies to enhance your experience on our site.

3. How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing, operating, and maintaining our Services.
  • Improving, personalizing, and expanding our Services.
  • Understanding and analyzing how you use our Services.
  • Developing new products, services, features, and functionality.
  • Communicating with you for customer service, updates, and marketing purposes.
  • Preventing fraud and ensuring the security of our Services.

4. Disclosure of Your Information

We may disclose your personal information in the following circumstances:

  • To our service providers and contractors who perform services on our behalf (e.g., cloud storage providers, analytics providers).
  • To comply with legal obligations or respond to lawful requests.
  • In connection with a business transfer, such as a merger, acquisition, or sale of assets, where your information may be one of the transferred assets.
  • Important: We will never sell or share your data with third parties for the purpose of training their AI models.

5. User Rights and Control

You have full control over your data and various rights concerning it, including:

  • Access: The right to request copies of your personal data.
  • Correction: The right to request that we correct any inaccurate or incomplete data.
  • Deletion: The right to request that we erase your personal data under certain conditions.
  • Restriction: The right to request that we restrict the processing of your personal data under certain circumstances.
  • Objection: The right to object to our processing of your personal data under certain circumstances.
  • Data Portability: The right to request that we transfer the data we have collected to another organization or directly to you under certain conditions.

To exercise any of these rights, please contact us at hello@brain-waves.io. We will respond to your request within one month.

6. GDPR Compliance

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR) regarding your personal data. These rights include:

  • The right to request copies of your personal data.
  • The right to request that we correct any information you believe is inaccurate.
  • The right to request that we erase your personal data, under certain conditions.
  • The right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to our processing of your personal data, under certain conditions.
  • The right to request the transfer of your data to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us at hello@brain-waves.io. We will respond to your request within one month.

7. CCPA Compliance

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information is collected about you.
  • The right to request deletion of your personal information.
  • The right to opt-out of the sale of your personal information.

If you wish to exercise these rights, please contact us at hello@brain-waves.io.

8. Data Security

We take reasonable steps to protect your personal information from misuse, loss, unauthorized access, modification, or disclosure. Our information technology systems are password-protected, and we use a range of administrative and technical measures to protect these systems. However, we cannot guarantee the security of your personal information.

9. Children's Information

We do not knowingly collect personal information from children under the age of 13. If you believe we have collected such information, please contact us immediately, and we will take steps to delete that information.

10. Third-Party Privacy Policies

Our Privacy Policy does not apply to other advertisers or websites. We encourage you to review the privacy policies of any third-party services you engage with.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. When we do, we will notify you by posting the new Privacy Policy on this page. Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: hello@brain-waves.io