Privacy Policy

1. Introduction

BrainPredict OÜ ("we," "our," or "us") operates AI-powered business intelligence platforms including BrainPredict Commerce (e-commerce intelligence with 20 AI models), BrainPredict Supply (supply chain intelligence with 22 AI models), BrainPredict People (HR intelligence with 27 AI models), BrainPredict Sales (sales & revenue intelligence with 26 AI models), BrainPredict Marketing (marketing intelligence with 26 AI models), BrainPredict Legal (legal intelligence with 31 AI models), BrainPredict Risk (enterprise risk intelligence with 25 AI models), BrainPredict Finance (financial intelligence with 35 AI models), BrainPredict Innovation (innovation intelligence with 28 AI models), BrainPredict Controlling (controlling intelligence with 32 AI models), BrainPredict Communications (communications intelligence with 30 AI models), BrainPredict Data (data quality & AI readiness intelligence with 29 AI models), BrainPredict Strategy (strategic intelligence with 28 AI models), BrainPredict Sourcing (procurement intelligence with 26 AI models), BrainPredict Operations (manufacturing intelligence with 32 AI models), and BrainPredict Customer (customer service intelligence with 29 AI models). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platforms and services.

We are committed to protecting your privacy and ensuring the security of your data in compliance with GDPR, CCPA, HIPAA, SOC 2, ISO 27001, FDA 21 CFR Part 11, and EU Data Act. By using our services, you agree to the collection and use of information in accordance with this policy.

For comprehensive compliance documentation and audit-ready evidence, please visit our Compliance Documentation Portal.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Account Information: Name, email address, company name, phone number
• Billing Information: Payment card details, billing address (processed securely through Stripe)
• Profile Information: Job title, company size, industry
• Communication Data: Messages, support tickets, feedback

2.2 Usage Information

We automatically collect information about your use of our services:

• Log Data: IP address, browser type, operating system, pages visited
• Device Information: Device type, unique device identifiers
• Analytics Data: Feature usage, performance metrics, error logs
• Cookies: Session cookies, preference cookies, analytics cookies

2.3 BrainPredict Commerce Platform Data

When you use BrainPredict Commerce, we process your e-commerce business data including:

• Product catalogs, descriptions, images, and pricing
• Customer behavior data (browsing patterns, purchase history)
• Review and rating data
• Social media engagement metrics
• SEO performance data

2.4 BrainPredictSupply Platform Data

When you use BrainPredictSupply, we process your supply chain data including:

• Supply chain operational data (inventory levels, demand forecasts)
• Facility information (locations, capacity, performance metrics)
• Supplier data (performance, risk scores, delivery metrics)
• Quality control data (defect rates, inspection results)
• Safety incident data (workplace safety metrics)
• Logistics data (routes, delivery performance)
• ERP system integration data

2.5 BrainPredict People Platform Data

When you use BrainPredict People, we process your HR and employee data including:

• Employee information (names, job titles, departments, tenure)
• Performance data (reviews, ratings, goals, achievements)
• Compensation data (salaries, bonuses, benefits)
• Engagement data (surveys, feedback, sentiment analysis)
• Learning & development data (training completion, skills, certifications)
• Turnover risk indicators (anonymized behavioral patterns)
• Recruitment data (candidate profiles, hiring success metrics)
• HRIS system integration data

2.6 BrainPredict Sales Platform Data

When you use BrainPredict Sales, we process your sales and revenue data including:

• Sales accounts, opportunities, and pipeline data
• Revenue forecasts and win probability predictions
• Sales rep performance and quota attainment
• Customer relationship and engagement data
• Deal velocity and conversion metrics

2.7 BrainPredict Marketing Platform Data

When you use BrainPredict Marketing, we process your marketing and campaign data including:

• Campaign data (names, channels, budgets, performance metrics)
• Lead and audience data (demographics, behaviors, engagement scores)
• Content performance data (views, clicks, conversions, engagement)
• Marketing attribution data (touchpoints, conversion paths, ROI)
• Customer segmentation data (personas, preferences, lifecycle stages)
• Marketing spend and budget allocation data
• Brand health and sentiment data
• Competitive marketing intelligence data
• Marketing platform integration data (Google Ads, Facebook Ads, HubSpot, Mailchimp, etc.)

2.8 BrainPredict Legal Platform Data

When you use BrainPredict Legal, we process your legal and compliance data including:

• Contract data (agreements, terms, clauses, obligations, deadlines)
• Legal matter data (cases, disputes, litigation, settlements)
• Compliance data (regulatory requirements, audit trails, certifications)
• Intellectual property data (patents, trademarks, copyrights)
• Corporate governance data (board resolutions, policies, procedures)
• Legal spend and budget data (legal fees, vendor costs)
• Risk assessment data (legal risks, exposure analysis)
• Legal platform integration data (DocuSign, LexisNexis, Westlaw, etc.)

2.9 BrainPredict Risk Platform Data

When you use BrainPredict Risk, we process your enterprise risk and compliance data including:

• Risk assessment data (risk identification, scoring, mitigation strategies)
• Compliance monitoring data (regulatory requirements, violations, remediation)
• Incident data (security incidents, breaches, investigations)
• Audit data (audit plans, findings, corrective actions)
• Third-party risk data (vendor assessments, due diligence, monitoring)
• Business continuity data (disaster recovery plans, resilience metrics)
• Cybersecurity data (threat intelligence, vulnerability assessments)
• Risk platform integration data (GRC systems, SIEM tools, etc.)

2.10 BrainPredict Finance Platform Data

When you use BrainPredict Finance, we process your financial and accounting data including:

• Financial statements (balance sheets, income statements, cash flow statements)
• General ledger data (accounts, transactions, journal entries)
• Budget and forecast data (planning, variance analysis, projections)
• Accounts payable and receivable data (invoices, payments, aging reports)
• Tax data (tax returns, compliance, planning, optimization)
• Financial KPIs and metrics (profitability, liquidity, efficiency ratios)
• Cost accounting data (cost centers, allocations, product costing)
• Treasury data (cash management, investments, debt management)
• Financial platform integration data (QuickBooks, SAP, Oracle, NetSuite, etc.)

2.11 BrainPredict Innovation Platform Data

When you use BrainPredict Innovation, we process your innovation and R&D data including:

• Innovation project data (ideas, concepts, prototypes, experiments)
• R&D data (research findings, technical specifications, test results)
• Patent and IP data (patent applications, prior art, competitive analysis)
• Product development data (roadmaps, features, requirements, timelines)
• Innovation metrics (time-to-market, success rates, ROI)
• Collaboration data (team interactions, feedback, ideation sessions)
• Market research data (trends, customer needs, competitive intelligence)
• Innovation platform integration data (Jira, Confluence, PLM systems, etc.)

2.12 BrainPredict Controlling Platform Data

When you use BrainPredict Controlling, we process your controlling and performance management data including:

• KPI and performance metrics (operational, financial, strategic indicators)
• Variance analysis data (budget vs actual, plan vs forecast)
• Cost control data (cost centers, cost drivers, allocation methods)
• Profitability analysis data (product, customer, segment profitability)
• Budget tracking data (budget plans, revisions, approvals)
• Management reporting data (dashboards, reports, presentations)
• Strategic planning data (goals, initiatives, milestones)
• Controlling platform integration data (SAP, Oracle, Power BI, Tableau, etc.)

2.13 BrainPredict Communications Platform Data

When you use BrainPredict Communications, we process your communications and brand data including:

• Crisis detection data (social media monitoring, news alerts, sentiment shifts)
• Brand monitoring data (brand mentions, reputation scores, competitive positioning)
• Sentiment analysis data (customer sentiment, stakeholder sentiment, public opinion)
• Message optimization data (content performance, engagement metrics, A/B tests)
• Stakeholder intelligence data (stakeholder mapping, influence analysis, communication preferences)
• Media relations data (media contacts, press releases, coverage analysis)
• Campaign performance data (reach, engagement, conversion, ROI)
• Communications platform integration data (Hootsuite, Sprinklr, Meltwater, etc.)

2.14 BrainPredict Data Platform Data

When you use BrainPredict Data, we process your data quality and governance data including:

• Data quality metrics (quality scores, completeness, accuracy, consistency, validity)
• Data profiling results (data types, patterns, distributions, anomalies)
• Data cleansing operations (duplicate detection, missing value imputation, outlier detection)
• Data lineage information (data sources, transformations, dependencies, impact analysis)
• PII detection results (personal data identification, sensitivity classification)
• Data anonymization operations (masking, pseudonymization, de-identification)
• AI readiness assessments (feature quality, data completeness, model suitability)
• Compliance audit data (GDPR compliance, data retention, consent management)
• Data governance metadata (data ownership, stewardship, policies, rules)
• Data platform integration data (Informatica, Talend, Snowflake, Databricks, Collibra, etc.)

All business data is processed solely to provide our AI-powered services and is never used for any other purpose without your explicit consent. Employee data, legal data, risk data, financial data, innovation data, controlling data, communications data, and data quality/governance data are handled with the highest level of privacy and security.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Provide, maintain, and improve our AI-powered platforms (BrainPredict Commerce, BrainPredict Supply, BrainPredict People, BrainPredict Sales, BrainPredict Marketing, BrainPredict Legal, BrainPredict Risk, BrainPredict Finance, BrainPredict Innovation, BrainPredict Controlling, BrainPredict Communications, BrainPredict Data, BrainPredict Strategy, BrainPredict Sourcing, and BrainPredict Operations)
• AI Model Training: Train and improve our AI models for better predictions and recommendations
• Cross-Platform Intelligence: Enable intelligence sharing between all 16 BrainPredict platforms (Commerce, Supply, People, Sales, Marketing, Legal, Risk, Finance, Innovation, Controlling, Communications, Data, Strategy, Sourcing, Operations) via our Intelligence Bus (with your explicit consent)
• Account Management: Create and manage your account, process payments
• Communication: Send service updates, security alerts, support messages
• Analytics: Understand usage patterns, improve features, optimize performance
• Security: Detect fraud, prevent abuse, ensure platform security
• Legal Compliance: Comply with legal obligations, enforce our terms
• Marketing: Send promotional materials (with your consent, opt-out available)

3.1 Federated Learning (Optional Opt-In/Opt-Out)

BrainPredict offers an optional federated learning feature that allows your AI models to benefit from collective intelligence across multiple BrainPredict customers while maintaining complete privacy. This feature is enabled by default, but you can opt-out at any time via Settings → Data & Privacy.

What is Federated Learning?

Federated learning is a privacy-preserving machine learning technique that enables AI models to learn from data across multiple customers without ever accessing or sharing the raw data itself. Instead of centralizing data, federated learning trains models locally on each customer's premises and only shares encrypted mathematical parameters (model weights) with the BrainPredict ecosystem.

How Federated Learning Works

1. Local Training: Your AI models train on YOUR data on YOUR premises. Your raw data never leaves your infrastructure.
2. Model Weight Extraction: After training, only the mathematical parameters (model weights) are extracted - NOT your data.
3. Encryption: Model weights are encrypted using AES-256 encryption before transmission.
4. Differential Privacy: Noise is added to model weights (epsilon=0.1) to mathematically guarantee that individual data points cannot be reverse-engineered.
5. Secure Aggregation: Encrypted model weights from multiple customers are aggregated using secure multi-party computation.
6. Global Model Update: The aggregated model improvements are distributed back to all participating customers.
7. Local Model Update: Your local AI models are updated with the collective intelligence while maintaining your business-specific customizations.

Privacy Guarantees

• Zero-Knowledge Architecture: BrainPredict never sees your raw data. All training happens on your premises.
• Data Never Leaves Your Premises: Only encrypted model weights are shared, never your actual business data.
• AES-256 Encryption: All model updates are encrypted with military-grade encryption.
• Differential Privacy (epsilon=0.1): Mathematical guarantees prevent data leakage and reverse-engineering.
• Cannot Be Reverse-Engineered: Cryptographic security and differential privacy make it computationally infeasible to reconstruct your data from model weights.
• No Individual Data Points: Model weights represent aggregate patterns, not individual transactions or records.
• Secure Multi-Party Computation: Aggregation happens without any single party (including BrainPredict) seeing individual contributions.

Benefits of Federated Learning

• Faster Convergence: Reach 95%+ accuracy 2x faster by learning from collective intelligence.
• Better Edge Case Handling: Learn from rare events and edge cases across the ecosystem.
• Industry Best Practices: Benefit from patterns and insights across multiple customers in your industry.
• Continuous Improvement: AI models continuously improve from collective intelligence.
• No Data Sharing Required: Get the benefits of collaborative learning without sharing your data.

Your Control: Opt-In/Opt-Out

Federated learning is enabled by default (opt-out model) because we believe in the power of collective intelligence. However, you have complete control:

• Opt-Out Anytime: Disable federated learning at any time via Settings → Data & Privacy.
• No Penalties: Opting out does not affect your service quality, pricing, or support.
• Immediate Effect: When disabled, your AI models will only learn from your own data.
• Re-Enable Anytime: You can re-enable federated learning at any time.
• Transparent Status: Your federated learning status is clearly displayed in your settings.

Compliance

Our federated learning implementation is fully compliant with:

• GDPR (EU): Data minimization, purpose limitation, privacy by design, right to object.
• CCPA (California): No sale of personal information, consumer rights, opt-out mechanisms.
• HIPAA (Healthcare): PHI protection, encryption, access controls, audit trails.
• SOC 2: Security controls, confidentiality, privacy.
• ISO 27001: Information security management, risk assessment.
• EU AI Act: Transparency, accountability, human oversight, risk management.

Technical Safeguards

• Encryption in Transit: TLS 1.3 for all model weight transmissions.
• Encryption at Rest: AES-256 encryption for stored model weights.
• Access Controls: Role-based access control (RBAC) for federated learning infrastructure.
• Audit Logs: Complete audit trail of all federated learning activities.
• Monitoring: Real-time monitoring for anomalies and security threats.
• Regular Security Audits: Quarterly penetration testing and security assessments.

Questions About Federated Learning?

If you have questions about federated learning, privacy guarantees, or how to opt-out, please contact us at privacy@brainpredict.ai or visit our AI Learning Timeline page for more information.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: Third-party vendors who perform services on our behalf (e.g., Stripe for payments, Hetzner for hosting, Proton Mail for secure email communications, Microsoft Teams for video conferencing via AI Calendar). All service providers are GDPR compliant with signed Data Processing Agreements. See our Subprocessor List for complete details.
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: When you explicitly authorize us to share your information

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: TLS/SSL encryption for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication
• Monitoring: 24/7 security monitoring, intrusion detection
• Compliance: SOC 2 Type II, ISO 27001, GDPR compliant
• Regular Audits: Third-party security audits, penetration testing

Data Hosting

BrainPredict OÜ uses Hetzner Online GmbH (Nuremberg, Germany) as our infrastructure provider. Hetzner is ISO 27001:2022 certified and fully GDPR compliant. All customer data is stored exclusively in Hetzner's German data centers and remains within the European Union. We have a Data Processing Agreement (DPA) with Hetzner in accordance with Art. 28 GDPR.

5A. BrainPredict People-Specific Privacy Protections

BrainPredict People processes sensitive employee data and we implement additional privacy protections:

Enhanced Encryption

• Compensation Data: Additional encryption layer beyond standard AES-256
• Performance Reviews: Encrypted at rest and in transit
• Medical Information: Separate storage with restricted access
• Sensitive Personal Data: Zero-knowledge architecture where possible

Access Controls

• Role-Based Access: Granular permissions (Admin, HR Manager, Analyst, Manager)
• Department Restrictions: Limit access to specific departments
• Compensation Access: Separate permissions for salary data
• Audit Logging: Complete history of who accessed what data and when
• Multi-Factor Authentication: Required for all users with access to employee data

Employee Rights

• Data Access: Employees can request their complete HR data
• Correction Rights: Employees can correct inaccurate information
• Deletion Rights: Automatic deletion 2 years after employment ends (configurable)
• Opt-Out: Employees can opt out of optional features (e.g., engagement surveys)
• Transparency: Employees informed about AI use in HR decisions

AI Ethics & Bias Prevention

• Bias Testing: All AI models tested for gender, age, ethnicity bias
• Adverse Impact Analysis: Monitor for disparate impact on protected groups
• Human Oversight: AI provides recommendations, not final decisions
• Explainability: Clear explanations of AI predictions and recommendations
• Regular Audits: Quarterly bias audits and model recalibration

Compliance

• GDPR: Full compliance with EU data protection regulations
• CCPA: California employee privacy rights respected
• EEO: Equal Employment Opportunity compliance
• ADA: Americans with Disabilities Act compliance
• ADEA: Age Discrimination in Employment Act compliance
• EU AI Act: Compliance with high-risk AI system requirements

Data Minimization

BrainPredict People only collects and processes employee data necessary for HR operations:

• We do not collect social media data without explicit consent
• We do not track employee location outside work hours
• We do not monitor personal communications
• We do not use data for purposes beyond HR operations
• We anonymize data for analytics whenever possible

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@brainpredict.ai

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Account data is retained for the duration of your subscription plus 90 days. Business data is deleted within 30 days of account termination unless legally required to retain it longer.

8. International Data Transfers

BrainPredict OÜ is based in Estonia (EU). If you access our services from outside the EU, your data may be transferred to and processed in the EU. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our platform. Your continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: