Privacy Policy
Effective date: March 30, 2026 | Company: ECWE Ventures LLC
Plain-language summary: We collect only what we need to run the Service. We do not read, analyze, or sell your brainfile content. You can access, export, or delete your data at any time.
1. Who We Are
Brainfile is operated by ECWE Ventures LLC ("we," "us," "our"). We provide a platform for creating personal AI context files at brainfile.io.
For privacy questions, contact us at [email protected].
2. What Data We Collect
We collect only the data necessary to operate the Service:
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email address, name (optional) | Account creation, authentication, communications |
| Payment data | Last 4 digits, card brand, billing ZIP (via Stripe) | Subscription billing; full card data stored by Stripe only |
| Brainfile content | Text, preferences, and context you write | Stored and delivered back to you; not read by us |
| Usage data | Pages visited, features used, session duration | Improving the Service, diagnosing errors |
| Technical data | IP address, browser type, device type | Security, fraud prevention, analytics |
We do not collect government ID numbers, Social Security numbers, biometric data, or sensitive personal categories.
3. Your Brainfile Content
We do not read, analyze, train on, or share your brainfile content. Your brainfiles are stored securely and returned to you when you use the Service. They are never used for any purpose other than delivering the Service to you.
Brainfile content is stored encrypted at rest. Access to content is restricted to you and — in exceptional circumstances (e.g., legal obligation) — authorized ECWE Ventures LLC personnel. We will notify you of any such access to the extent permitted by law.
4. How We Use Your Data
We use the data we collect to:
- Create and manage your account
- Process subscription payments and send receipts
- Deliver the core features of the Service
- Send transactional emails (e.g., password resets, billing notices)
- Respond to support requests
- Detect and prevent fraud, abuse, and security incidents
- Improve and develop the Service (using aggregated, anonymized usage data)
- Comply with legal obligations
We do not use your data for targeted advertising or behavioral profiling.
5. What We Do Not Do
- We do not sell your personal data to any third party
- We do not rent or broker access to your data
- We do not share your data with advertisers
- We do not use your brainfile content for AI model training
- We do not use your data for any purpose beyond operating and improving the Service
6. Third-Party Services
We use a small number of carefully selected third-party services to operate the platform:
Stripe
Payment processing. Stripe collects and stores your payment card data on our behalf under their own privacy policy and PCI-DSS compliance. We receive only a tokenized reference. stripe.com/privacy
Cloudflare
Website hosting, CDN, DDoS protection, and DNS services. Cloudflare may process technical data (IP addresses, request metadata) as a necessary part of delivering the Service. cloudflare.com/privacypolicy
Beehiiv
Email communications platform used to send newsletters and product updates to subscribers who have opted in. beehiiv.com/privacy
We do not share your personal data with these providers beyond what is required to deliver their services, and we do not authorize them to use your data for their own purposes.
7. Cookies and Tracking
We use essential cookies required to operate the Service (e.g., session authentication). We may also use analytics cookies to understand how the Service is used in aggregate.
We do not use advertising cookies or cross-site tracking cookies. You can control cookies through your browser settings; note that disabling essential cookies may affect Service functionality.
8. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., billing records for up to 7 years).
Brainfile content is deleted within 30 days of account deletion. Backups are purged within 90 days.
9. Data Security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls limiting data access to authorized personnel
- Regular security reviews and vulnerability assessments
No method of transmission or storage is 100% secure. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.
10. Your Rights
You have the following rights with respect to your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct inaccurate or incomplete data
- Deletion: Request deletion of your personal data ("right to be forgotten")
- Export / Portability: Request your data in a machine-readable format
- Restriction: Request that we limit processing of your data in certain circumstances
- Objection: Object to processing based on legitimate interests
- Opt-out of marketing: Unsubscribe from non-transactional emails at any time via the unsubscribe link or by contacting us
To exercise any of these rights, email [email protected]. We will respond within 30 days.
11. GDPR (EU/UK Users)
If you are located in the European Economic Area (EEA) or United Kingdom, the following applies:
Legal basis for processing:
- Contract performance: Processing your account and payment data to fulfill our subscription agreement
- Legitimate interests: Security, fraud prevention, and Service improvement
- Legal obligation: Retaining billing records as required by law
- Consent: Marketing emails (you may withdraw consent at any time)
You have the right to lodge a complaint with your local data protection authority. For cross-border data transfers, we use appropriate safeguards (Standard Contractual Clauses or equivalent) when required.
12. CCPA (California Users)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, or sell
- Delete personal information we hold about you (subject to certain exceptions)
- Opt out of the "sale" of personal information
- Non-discrimination for exercising your privacy rights
We do not sell personal information as defined by the CCPA. To submit a request, email [email protected] with "CCPA Request" in the subject line.
13. Children's Privacy
The Service is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Effective date" at the top of this page. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
Contact Us
For privacy questions, data requests, or concerns:
ECWE Ventures LLC · brainfile.io