Privacy Policy

Last Updated: November 23, 2025

Our Commitment to Privacy

At Braintelligence.ai ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://braintelligence.ai and use our services.

We comply with applicable privacy laws including the General Data Protection Regulation (GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and provincial privacy legislation.

1. Information We Collect

1.1 Information You Provide Directly

When you contact us or use our services, we may collect:

  • Name and contact information (email address, phone number)
  • Company name and business information
  • Project requirements and service preferences
  • Communication history and correspondence
  • Payment information (processed securely through third-party payment processors)

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information:

  • Browser Data: Browser type, version, language preferences
  • Device Data: Device type, operating system, screen resolution
  • Usage Data: Pages visited, time spent, click patterns (when analytics are enabled)
  • Technical Data: IP address (anonymized), referring URLs, access times

1.3 Cookies and Local Storage

Currently, we use minimal browser storage:

  • Theme Preference: We store your dark/light mode preference in your browser's local storage. This is a functional preference and does not track you across sites.
  • Future Analytics: When we implement analytics (with your consent), we will use cookies to understand how visitors use our site. You can opt out at any time.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI consulting services
  • Communication: To respond to inquiries, provide customer support, and send service-related information
  • Business Operations: To process transactions, send invoices, and manage client relationships
  • Legal Compliance: To comply with legal obligations and protect our rights
  • Website Improvement: To understand how our website is used and improve user experience (with consent)
  • Marketing: To send newsletters and promotional materials (only with your express consent, and you can unsubscribe anytime)

For users in the European Economic Area (EEA) and UK, we process your personal data based on:

  • Consent: You have given explicit consent for specific purposes (e.g., receiving marketing emails, analytics cookies)
  • Contract: Processing is necessary to fulfill our contractual obligations to you
  • Legal Obligation: Processing is required by law (e.g., tax and accounting records)
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving services, fraud prevention) while respecting your privacy rights

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist us (e.g., hosting providers, payment processors, email services). These providers are contractually bound to protect your data.
  • Business Partners: With Sundial Coaching (our co-founded sister company) when relevant to integrated service delivery
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified via email and/or website notice)
  • With Your Consent: When you explicitly authorize us to share information with third parties

Third-Party Services We Use

  • Google Fonts: Font delivery (no personal data collected by us)
  • HubSpot: Meeting scheduling and CRM (see HubSpot Privacy Policy)
  • Google Analytics: Website analytics (when implemented, anonymized IP addresses, opt-out available)

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: HTTPS encryption for all data transmission (SSL/TLS certificates)
  • Secure Headers: Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and other security headers
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Updates: Security patches and software updates applied promptly
  • Secure Storage: Canadian-based servers with encryption at rest

Important: While we strive to protect your information, no internet transmission or electronic storage method is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Active Clients: Duration of business relationship plus 7 years (for accounting and legal requirements)
  • Prospective Clients: 3 years from last contact, unless you request deletion sooner
  • Marketing Subscribers: Until you unsubscribe or request deletion
  • Website Analytics: 26 months (Google Analytics default, when implemented)

7. Your Privacy Rights

All Users

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Complaint: Lodge a complaint with a privacy regulator

Additional Rights for GDPR (EEA/UK) Users

  • Portability: Receive your data in a machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

Additional Rights for PIPEDA (Canadian) Users

  • Challenge Compliance: Challenge our compliance with PIPEDA principles
  • Access Personal Information: Receive information about how your data is used

How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to verified requests within 30 days (or as required by applicable law).

8. International Data Transfers

Braintelligence.ai is based in Canada. We primarily store and process data on Canadian servers. If we transfer data outside Canada:

  • We ensure adequate safeguards are in place (e.g., Standard Contractual Clauses for EU transfers)
  • We only work with service providers who comply with applicable data protection laws
  • We minimize cross-border transfers wherever possible

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending email notification to active clients and subscribers
  • Providing prominent notice on our website

Continued use of our services after changes indicates acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Supervisory Authorities

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant privacy authority:

Return to Home
⬆️ Back to top