Privacy Policy

Last updated: April 20, 2026.

Draft for beta use — pending counsel review. Brainiac is operated by Dwight Street Group LLC (“Brainiac”). For any access, export, correction, or deletion request, email hello@trybrainiac.com and we will respond within 30 days.

1. Scope

This policy describes what personal information we collect through the Brainiac platform, website, browser extensions, and APIs (the “Service”), how we use it, who we share it with, and the rights you have. It supplements the Terms of Service and applies to all users (investors, experts, compliance reviewers, administrators, staff).

2. What we collect

• Account data: Google account email, name, avatar URL, user role (investor / expert / compliance / admin / staff), and the sub-type your invitation granted (e.g., private-markets investor, public-markets investor).
• Customer Content: search queries, case files, uploaded documents, notes, shortlists, calendar events, and messages you send.
• Expert-submitted data: professional profile, employment history, credentials, rates, and consent records for experts who join the platform.
• Derived data: AI-generated responses, ranked expert lists, utility scores, agent traces, tags, and labels produced by Brainiac systems.
• Operational telemetry: device, browser, IP address, timestamps, request paths, and feature-flag exposure — for security, abuse prevention, and product analytics.
• Compliance records: decisions, reviewer notes, and audit trails for external-share and expert-engagement flows.

3. How we use information

• To provide, maintain, and improve the Service.
• To match experts to investor queries and operate search, scoring, and ranking.
• To run compliance reviews and abuse / fraud detection.
• To train, fine-tune, evaluate, and benchmark Brainiac-owned models, embeddings, rankers, and indices — using de-identified or aggregated data wherever possible.
• To build derived and aggregate data products (e.g., market maps, expertise graphs, benchmark datasets). Individual Customer Content is not sold; expert-submitted profile data may be licensed under Section 5 of the Terms.
• To send transactional and service communications (not marketing without consent).

4. Sub-processors

To power the Service, we share specific fields with these sub-processors:

• Anthropic (Claude API) — search queries and attached context for generation; not used to train Anthropic’s models under our zero-retention configuration.
• Google (OAuth, Calendar, Custom Search) — email for sign-in; calendar events for scheduling; queries for web results.
• Serper.dev — search queries for web discovery.
• Apollo.io, People Data Labs — names, emails, companies, and LinkedIn URLs for enrichment.
• Neon — encrypted Postgres hosting (US East).
• Vercel — application hosting and request logs (US).
• Stripe — only when a paid engagement is processed.
• Resend / SendGrid — transactional email delivery.

A current list is maintained here; we will update it as we change providers.

5. Where data lives & how it’s protected

Primary application data is stored in a Neon Postgres cluster in the US East region, encrypted at rest (AES-256) and in transit (TLS 1.3). Logs are stored in Vercel (US). We do not routinely transfer personal data outside the US. Access is restricted to authorized staff using SSO with MFA and is audited.

6. Retention

We keep Customer Content until you ask us to delete it. On deletion request, your account is soft-deleted immediately (further sign-in disabled) and hard-deleted from our primary database within 30 days. De-identified aggregates, billing records, compliance audit logs, and legally required records may persist beyond 30 days. Sub-processor logs may persist under their own retention terms.

7. Your rights

You may request access, export, correction, or deletion of your personal data by emailing hello@trybrainiac.com. Depending on your jurisdiction you may also have rights to object to processing, restrict processing, or lodge a complaint with your data protection authority. We will respond within 30 days. Experts who request profile removal should note that rights in aggregated or anonymized derived data created prior to removal may persist, per the Terms of Service.

8. Data extraction & scraping

Content returned to you through the Service (expert profiles, contact data, transcripts, agent output) remains subject to the Terms of Service, which prohibit scraping, bulk extraction, or use of the Service to train external models. This is both a contractual and a privacy safeguard for experts and other users.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect data from anyone under 16.

10. Changes to this policy

We may update this policy. Material changes will be announced in-app or by email before they take effect.

Contact: hello@trybrainiac.com — Dwight Street Group LLC