PRIVACY POLICY
Last updated September 21, 2025
This Privacy Notice for exabrainAI GmbH (doing business as exabrainAI) (“we,” “us,” or “our”) describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:
• Visit our website at https://www.exabrain.ai or any website of ours that links to this Privacy Notice
• Download and use our mobile application (exabrain) or any other application of ours that links to this Privacy Notice
• Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at info@exabrainai.com.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information? We do not process sensitive personal information.
Do we collect any information from third parties? We do not collect information from third parties.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.
How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission or storage technology can be guaranteed 100% secure.
What are your rights? Depending on where you are located, you may have certain rights regarding your personal information.
How do you exercise your rights? The easiest way is by visiting https://www.exabrain.ai/contact or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the Privacy Notice in full below.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
9. HOW LONG DO WE KEEP YOUR INFORMATION?
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
11. WHAT ARE YOUR PRIVACY RIGHTS?
12. CONTROLS FOR DO-NOT-TRACK FEATURES
13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
15. DO WE MAKE UPDATES TO THIS NOTICE?
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.
Personal information provided by you. The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include:
• Email addresses
Sensitive information. We do not process sensitive information.
Payment data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by:
• Stripe (https://stripe.com/privacy)
• Apple (Apple Pay) (https://www.apple.com/legal/privacy/)
• Google (Google Pay) (https://policies.google.com/privacy)
Social media login data. We may provide you with the option to register with us using your existing social media account details (e.g., Facebook, X). If you register this way, we will collect certain profile information from the social media provider, as described under “HOW DO WE HANDLE YOUR SOCIAL LOGINS?”
Application data. If you use our application(s), we may collect the following information if you choose to provide access or permission:
• Mobile device data. We automatically collect device information (such as your mobile device ID, model, manufacturer), OS and version, system configuration, device/app identification numbers, browser type/version, hardware model, ISP and/or mobile carrier, and IP address (or proxy). We may also collect information about the phone network, platform, and features of our apps you access.
• Push notifications. We may request to send push notifications regarding your account or certain features. You can disable these in your device settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for internal analytics and reporting. All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.
Information automatically collected
In short: Some information — such as IP address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (e.g., name or contact information) but may include device and usage information, such as IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, how and when you use our Services, and other technical information. This is primarily needed to maintain the security and operation of our Services, and for internal analytics and reporting.
The information we collect includes:
• Log and usage data: service-related, diagnostic, usage, and performance information recorded in log files (e.g., IP address, device info, browser type, settings, pages/files viewed, searches, timestamps, actions taken, system activity, error reports, hardware settings).
• Device data: information about the computer, phone, tablet, or other device used to access the Services (e.g., IP/proxy, device/app IDs, location, browser type, hardware model, ISP/mobile carrier, OS, configuration).
• Location data: information about your device’s location (precise or imprecise). You can opt out by refusing access or disabling location settings, but some features may not work.
Google API
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
• Policy: https://developers.google.com/terms/api-services-user-data-policy
• Limited Use: https://developers.google.com/terms/api-services-user-data-policy#limited-use
2. HOW DO WE PROCESS YOUR INFORMATION?
In short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes only with your prior explicit consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including to:
• Facilitate account creation and authentication and otherwise manage user accounts.
• Deliver and facilitate delivery of services to the user.
• Respond to user inquiries/offer support.
• Send administrative information (e.g., product/service details, changes to terms/policies).
• Fulfill and manage orders, payments, returns, and exchanges.
• Request feedback and contact you about your use of our Services.
• Send marketing and promotional communications (consistent with your preferences; you can opt out at any time).
• Identify usage trends to improve our Services.
• Determine the effectiveness of marketing and promotional campaigns.
• Save or protect an individual’s vital interest (e.g., to prevent harm).
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
In short: We only process your personal information when necessary and we have a valid legal reason (legal basis) to do so under applicable law, such as with your consent, to comply with laws, to provide services or perform/fulfill a contract, to protect your rights, or to fulfill legitimate business interests.
If you are located in the EU or UK, the GDPR/UK GDPR require us to explain the legal bases we rely on. We may rely on:
• Consent: You can withdraw consent at any time (see “Withdrawing your consent”).
• Performance of a contract: To fulfill our contractual obligations to you or at your request prior to entering a contract.
• Legitimate interests: When reasonably necessary to achieve our legitimate business interests and they do not override your rights and freedoms (e.g., sending offers/discounts, analyzing usage to improve engagement and retention, supporting marketing activities, improving user experience).
• Legal obligations: For compliance with legal duties (e.g., cooperate with law enforcement/regulators, exercise/defend legal rights, litigation).
• Vital interests: To protect your vital interests or those of a third party (e.g., safety).
If you are located in Canada:
• We may process your information with your express or implied consent. You can withdraw your consent at any time.
• In some exceptional cases, we may process without consent where permitted by law (e.g., urgent interests, investigations/fraud prevention, certain business transactions, insurance-related witness statements, identification of injured/ill/deceased persons and next of kin, suspected financial abuse, investigations where consent would compromise availability/accuracy, court orders/subpoenas, employment-produced information, journalistic/artistic/literary purposes, publicly available information specified by regulation, de-identified information for approved research/statistics with safeguards).
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In short: We may share information in specific situations and/or with the following third parties.
Vendors, consultants, and other third-party service providers. We may share your data with third parties who perform services for us or on our behalf and require access to such information to do that work. Our contracts require them to protect your information, only process it under our instructions, and not share it with others.
The third parties we may share personal information with include:
• AI Service Providers: OpenAI
• Cloud Computing Services: Google Cloud Platform
• Functionality and Infrastructure Optimization: Firebase Realtime Database, Cloud Storage for Firebase, Firebase Hosting
• Invoice and Billing: Stripe, Apple Pay, Google Wallet/Google Pay, Android Pay
• User Account Registration and Authentication: Google Sign-In
• Web and Mobile Analytics: Google Analytics
Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition.
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar technologies (e.g., web beacons, pixels) to gather information when you interact with our Services. Some are necessary to maintain security, prevent crashes, fix bugs, save preferences, and assist basic site functions. We also permit third parties/service providers to use tracking technologies for analytics and advertising (including interest-based ads and abandoned cart reminders, depending on your preferences).
To the extent such tracking is deemed a “sale”/“sharing” under applicable US state laws, you can opt out by submitting a request as described under “DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?”
Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
Google Analytics.
We may share your information with Google Analytics to track and analyze use of the Services. To opt out: https://tools.google.com/dlpage/gaoptout
Google Privacy & Terms: https://policies.google.com/privacy
6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
In short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (“AI Products”).
Use of AI technologies.
We provide AI Products through third-party service providers (“AI Service Providers”), including OpenAI. Your inputs, outputs, and personal information may be shared with and processed by these providers to enable your use of our AI Products, consistent with this Privacy Notice and applicable legal bases. You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.
Our AI Products are designed for, for example:
• AI applications
How we process your data using AI.
Personal information processed via our AI Products is handled in line with this Privacy Notice and our agreements with third parties to ensure security and safeguards.
7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In short: If you register or log in using a social media account, we may have access to certain information about you.
If you use third-party social logins (e.g., Facebook, X), we receive certain profile info (e.g., name, email, friends list, profile picture, and other public information). We use the information we receive only for the purposes described in this Privacy Notice or as otherwise explained. We do not control the social media providers’ own use of your data; review their privacy notices for details and preference controls.
8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
In short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the United States. Your information may be transferred to, stored by, and processed by us and by third parties (see “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”) in the United States and other countries.
If you are in the EEA, UK, or Switzerland, these countries may not have data protection laws as comprehensive as those in your country. We take necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.
Standard Contractual Clauses (SCCs). We have implemented SCCs for transfers among our group companies and with third-party providers to require adequate protection for EEA/UK-origin personal data. Our SCCs, or details of similar safeguards with third parties, are available upon request.
9. HOW LONG DO WE KEEP YOUR INFORMATION?
In short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
We keep personal information only as long as needed for the purposes set out in this Notice, unless a longer retention period is required or permitted by law (e.g., tax, accounting). No purpose will require keeping your personal information longer than the period in which you have an account with us. When there is no ongoing legitimate business need to process your personal information, we will delete or anonymize it, or securely store and isolate it until deletion is possible (e.g., backups).
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
In short: We aim to protect your personal information through organizational and technical security measures.
We implement appropriate and reasonable security measures. However, no method of transmission or storage is 100% secure. Transmission of personal information to and from our Services is at your own risk. Access the Services only in a secure environment.
11. WHAT ARE YOUR PRIVACY RIGHTS?
In short: Depending on your jurisdiction (e.g., certain US states; EEA, UK, Switzerland, Canada), you may have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time (subject to local law).
In some regions (e.g., EEA, UK, Switzerland, Canada), you may have the right to:
• Request access and obtain a copy of your personal information
• Request rectification or erasure
• Restrict processing
• Data portability (if applicable)
• Not be subject to automated decision-making producing legal or similarly significant effects (we will inform you of automated decisions, explain key factors, and offer a way to request human review)
• Object to processing in certain circumstances
We will consider and act upon requests in accordance with applicable law.
If you are in the EEA or UK and believe we are unlawfully processing your data, you have the right to complain to your Member State data protection authority or the UK ICO:
• EU DPAs: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
• UK ICO: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/
If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch/edoeb/en/home.html
Withdrawing your consent. If we rely on consent, you may withdraw it at any time by contacting us (see “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”). This will not affect processing before withdrawal or processing based on other lawful grounds.
Opting out of marketing. You can unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us. We may still send non-marketing communications (e.g., service, account, legal notices).
Account information. To review/change your account information or terminate your account, log in to your account settings. Upon your request to terminate, we will deactivate or delete your account and information from active databases; some information may be retained to prevent fraud, troubleshoot, support investigations, enforce terms, and comply with law.
Questions about your privacy rights: info@exabrainai.com
12. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile OS/apps include a Do-Not-Track (DNT) setting. No uniform standard for recognizing/implementing DNT signals currently exists, so we do not respond to DNT signals. If a standard is adopted we must follow, we will update this Notice. California law requires us to state this.
13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have rights to access details about your personal information and how we processed it, correct inaccuracies, obtain a copy, delete it, or withdraw consent. These rights may be limited by law.
Categories of Personal Information We Collect (past 12 months)
• A. Identifiers (e.g., name, alias, postal address, phone, unique identifier, online identifier, IP, email, account name) — Collected: YES
• B. Personal information defined in the California Customer Records statute (e.g., name, contact info, education, employment, financial) — Collected: NO
• C. Protected classification characteristics (e.g., gender, age, DOB, race/ethnicity, national origin, marital status) — Collected: NO
• D. Commercial information (e.g., transactions, purchase history, financial details, payment info) — Collected: NO
• E. Biometric information (e.g., fingerprints, voiceprints) — Collected: NO
• F. Internet or similar network activity (e.g., browsing/search history, interactions with sites/apps/ads) — Collected: NO
• G. Geolocation data (e.g., device location) — Collected: [not specified in table]
• H. Audio, electronic, sensory, or similar information (e.g., images, audio/video/call recordings) — Collected: NO
• I. Professional or employment-related information — Collected: NO
• J. Education information — Collected: NO
• K. Inferences drawn from collected personal information — Collected: NO
• L. Sensitive personal information — Collected: NO
We may also collect other personal information when you interact with us (e.g., support channels, surveys/contests, facilitating Service delivery, responding to inquiries).
Retention examples:
• Category A: as long as the user has an account with us
• Category G: as long as the user has an account with us
Sources of personal information: See “WHAT INFORMATION DO WE COLLECT?”
How we use and share personal information: See “HOW DO WE PROCESS YOUR INFORMATION?” and “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”
Will your information be shared with anyone else? We may disclose personal information to service providers under written contracts. Categories of third parties are listed under “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”
We may use personal information for our own business purposes (e.g., internal research and development). This is not a “sale.”
Your US state privacy rights may include:
• Right to know whether we process your personal data
• Right to access your personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to obtain a copy of personal data you shared with us
• Right to non-discrimination for exercising rights
• Right to opt out of targeted advertising (or “sharing” under California), sale of personal data, or profiling for decisions producing legal/similarly significant effects
Depending on your state, you may also have rights to:
• Access categories of personal data processed (e.g., Minnesota)
• Obtain a list of categories of third parties to whom we disclosed personal data (e.g., California, Delaware, Maryland)
• Obtain a list of specific third parties to whom we disclosed personal data (e.g., Minnesota, Oregon)
• Review/understand/question/correct profiling (e.g., Minnesota)
• Limit use/disclosure of sensitive personal data (e.g., California)
• Opt out of collection of sensitive data and data via voice/facial recognition (e.g., Florida)
How to exercise your rights:
Submit requests at https://www.exabrain.ai/contact or use the contact details at the bottom of this Notice.
Opting out of selling/sharing/targeted advertising/profiling: Disable cookies in Cookie Preference Settings.
Authorized agents: You may designate an authorized agent to submit requests. We may require proof of authorization and identity verification.
Request verification: We will verify your identity using information we already maintain or by requesting additional information solely for verification/security/fraud-prevention.
Appeals: If we decline your request, you may appeal by emailing info@exabrainai.com. We will provide a written response. If denied, you may contact your state attorney general.
California “Shine The Light” Law (Civ. Code §1798.83): California residents may request, once per year and free of charge, information about categories of personal information (if any) disclosed to third parties for direct marketing in the prior calendar year and the names/addresses of those third parties. Submit requests using our contact details under “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”
14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In short: You may have additional rights based on the country you reside in.
Australia and New Zealand
We collect and process personal information under Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020. This Notice satisfies the Acts’ notice requirements (what we collect, sources, purposes, and recipients). If you do not provide necessary personal information, it may affect our ability to:
• Offer products or services you want
• Respond to/help with your requests
• Manage your account
• Confirm your identity and protect your account
You may request access to or correction of your personal information (see “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”).
Complaints:
• Australia OAIC: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us
• New Zealand Privacy Commissioner: https://www.privacy.org.nz/your-rights/making-a-complaint/
Republic of South Africa
You may request access to or correction of your personal information (see “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”).
If unsatisfied with our response:
• Information Regulator (South Africa): https://inforegulator.org.za/
• General enquiries: enquiries@inforegulator.org.za
• Complaints (Form 5): PAIAComplaints@inforegulator.org.za and POPIAComplaints@inforegulator.org.za
15. DO WE MAKE UPDATES TO THIS NOTICE?
In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date at the top. If we make material changes, we may notify you by prominently posting a notice or by sending you a notification. Please review this Notice frequently.
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, email us at info@exabrainai.com or contact us by post at:
exabrainAI GmbH
Hauptstrasse 64
Edlibach, Zug 6313
Switzerland
17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information (subject to law). To submit a request, visit: https://www.exabrain.ai/contact.
Last updated September 21, 2025
This Privacy Notice for exabrainAI GmbH (doing business as exabrainAI) (“we,” “us,” or “our”) describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:
• Visit our website at https://www.exabrain.ai or any website of ours that links to this Privacy Notice
• Download and use our mobile application (exabrain) or any other application of ours that links to this Privacy Notice
• Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at info@exabrainai.com.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information? We do not process sensitive personal information.
Do we collect any information from third parties? We do not collect information from third parties.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.
How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission or storage technology can be guaranteed 100% secure.
What are your rights? Depending on where you are located, you may have certain rights regarding your personal information.
How do you exercise your rights? The easiest way is by visiting https://www.exabrain.ai/contact or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the Privacy Notice in full below.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
9. HOW LONG DO WE KEEP YOUR INFORMATION?
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
11. WHAT ARE YOUR PRIVACY RIGHTS?
12. CONTROLS FOR DO-NOT-TRACK FEATURES
13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
15. DO WE MAKE UPDATES TO THIS NOTICE?
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.
Personal information provided by you. The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include:
• Email addresses
Sensitive information. We do not process sensitive information.
Payment data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by:
• Stripe (https://stripe.com/privacy)
• Apple (Apple Pay) (https://www.apple.com/legal/privacy/)
• Google (Google Pay) (https://policies.google.com/privacy)
Social media login data. We may provide you with the option to register with us using your existing social media account details (e.g., Facebook, X). If you register this way, we will collect certain profile information from the social media provider, as described under “HOW DO WE HANDLE YOUR SOCIAL LOGINS?”
Application data. If you use our application(s), we may collect the following information if you choose to provide access or permission:
• Mobile device data. We automatically collect device information (such as your mobile device ID, model, manufacturer), OS and version, system configuration, device/app identification numbers, browser type/version, hardware model, ISP and/or mobile carrier, and IP address (or proxy). We may also collect information about the phone network, platform, and features of our apps you access.
• Push notifications. We may request to send push notifications regarding your account or certain features. You can disable these in your device settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for internal analytics and reporting. All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.
Information automatically collected
In short: Some information — such as IP address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (e.g., name or contact information) but may include device and usage information, such as IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, how and when you use our Services, and other technical information. This is primarily needed to maintain the security and operation of our Services, and for internal analytics and reporting.
The information we collect includes:
• Log and usage data: service-related, diagnostic, usage, and performance information recorded in log files (e.g., IP address, device info, browser type, settings, pages/files viewed, searches, timestamps, actions taken, system activity, error reports, hardware settings).
• Device data: information about the computer, phone, tablet, or other device used to access the Services (e.g., IP/proxy, device/app IDs, location, browser type, hardware model, ISP/mobile carrier, OS, configuration).
• Location data: information about your device’s location (precise or imprecise). You can opt out by refusing access or disabling location settings, but some features may not work.
Google API
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
• Policy: https://developers.google.com/terms/api-services-user-data-policy
• Limited Use: https://developers.google.com/terms/api-services-user-data-policy#limited-use
2. HOW DO WE PROCESS YOUR INFORMATION?
In short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes only with your prior explicit consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including to:
• Facilitate account creation and authentication and otherwise manage user accounts.
• Deliver and facilitate delivery of services to the user.
• Respond to user inquiries/offer support.
• Send administrative information (e.g., product/service details, changes to terms/policies).
• Fulfill and manage orders, payments, returns, and exchanges.
• Request feedback and contact you about your use of our Services.
• Send marketing and promotional communications (consistent with your preferences; you can opt out at any time).
• Identify usage trends to improve our Services.
• Determine the effectiveness of marketing and promotional campaigns.
• Save or protect an individual’s vital interest (e.g., to prevent harm).
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
In short: We only process your personal information when necessary and we have a valid legal reason (legal basis) to do so under applicable law, such as with your consent, to comply with laws, to provide services or perform/fulfill a contract, to protect your rights, or to fulfill legitimate business interests.
If you are located in the EU or UK, the GDPR/UK GDPR require us to explain the legal bases we rely on. We may rely on:
• Consent: You can withdraw consent at any time (see “Withdrawing your consent”).
• Performance of a contract: To fulfill our contractual obligations to you or at your request prior to entering a contract.
• Legitimate interests: When reasonably necessary to achieve our legitimate business interests and they do not override your rights and freedoms (e.g., sending offers/discounts, analyzing usage to improve engagement and retention, supporting marketing activities, improving user experience).
• Legal obligations: For compliance with legal duties (e.g., cooperate with law enforcement/regulators, exercise/defend legal rights, litigation).
• Vital interests: To protect your vital interests or those of a third party (e.g., safety).
If you are located in Canada:
• We may process your information with your express or implied consent. You can withdraw your consent at any time.
• In some exceptional cases, we may process without consent where permitted by law (e.g., urgent interests, investigations/fraud prevention, certain business transactions, insurance-related witness statements, identification of injured/ill/deceased persons and next of kin, suspected financial abuse, investigations where consent would compromise availability/accuracy, court orders/subpoenas, employment-produced information, journalistic/artistic/literary purposes, publicly available information specified by regulation, de-identified information for approved research/statistics with safeguards).
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In short: We may share information in specific situations and/or with the following third parties.
Vendors, consultants, and other third-party service providers. We may share your data with third parties who perform services for us or on our behalf and require access to such information to do that work. Our contracts require them to protect your information, only process it under our instructions, and not share it with others.
The third parties we may share personal information with include:
• AI Service Providers: OpenAI
• Cloud Computing Services: Google Cloud Platform
• Functionality and Infrastructure Optimization: Firebase Realtime Database, Cloud Storage for Firebase, Firebase Hosting
• Invoice and Billing: Stripe, Apple Pay, Google Wallet/Google Pay, Android Pay
• User Account Registration and Authentication: Google Sign-In
• Web and Mobile Analytics: Google Analytics
Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition.
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar technologies (e.g., web beacons, pixels) to gather information when you interact with our Services. Some are necessary to maintain security, prevent crashes, fix bugs, save preferences, and assist basic site functions. We also permit third parties/service providers to use tracking technologies for analytics and advertising (including interest-based ads and abandoned cart reminders, depending on your preferences).
To the extent such tracking is deemed a “sale”/“sharing” under applicable US state laws, you can opt out by submitting a request as described under “DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?”
Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
Google Analytics.
We may share your information with Google Analytics to track and analyze use of the Services. To opt out: https://tools.google.com/dlpage/gaoptout
Google Privacy & Terms: https://policies.google.com/privacy
6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
In short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (“AI Products”).
Use of AI technologies.
We provide AI Products through third-party service providers (“AI Service Providers”), including OpenAI. Your inputs, outputs, and personal information may be shared with and processed by these providers to enable your use of our AI Products, consistent with this Privacy Notice and applicable legal bases. You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.
Our AI Products are designed for, for example:
• AI applications
How we process your data using AI.
Personal information processed via our AI Products is handled in line with this Privacy Notice and our agreements with third parties to ensure security and safeguards.
7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In short: If you register or log in using a social media account, we may have access to certain information about you.
If you use third-party social logins (e.g., Facebook, X), we receive certain profile info (e.g., name, email, friends list, profile picture, and other public information). We use the information we receive only for the purposes described in this Privacy Notice or as otherwise explained. We do not control the social media providers’ own use of your data; review their privacy notices for details and preference controls.
8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
In short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the United States. Your information may be transferred to, stored by, and processed by us and by third parties (see “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”) in the United States and other countries.
If you are in the EEA, UK, or Switzerland, these countries may not have data protection laws as comprehensive as those in your country. We take necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.
Standard Contractual Clauses (SCCs). We have implemented SCCs for transfers among our group companies and with third-party providers to require adequate protection for EEA/UK-origin personal data. Our SCCs, or details of similar safeguards with third parties, are available upon request.
9. HOW LONG DO WE KEEP YOUR INFORMATION?
In short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
We keep personal information only as long as needed for the purposes set out in this Notice, unless a longer retention period is required or permitted by law (e.g., tax, accounting). No purpose will require keeping your personal information longer than the period in which you have an account with us. When there is no ongoing legitimate business need to process your personal information, we will delete or anonymize it, or securely store and isolate it until deletion is possible (e.g., backups).
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
In short: We aim to protect your personal information through organizational and technical security measures.
We implement appropriate and reasonable security measures. However, no method of transmission or storage is 100% secure. Transmission of personal information to and from our Services is at your own risk. Access the Services only in a secure environment.
11. WHAT ARE YOUR PRIVACY RIGHTS?
In short: Depending on your jurisdiction (e.g., certain US states; EEA, UK, Switzerland, Canada), you may have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time (subject to local law).
In some regions (e.g., EEA, UK, Switzerland, Canada), you may have the right to:
• Request access and obtain a copy of your personal information
• Request rectification or erasure
• Restrict processing
• Data portability (if applicable)
• Not be subject to automated decision-making producing legal or similarly significant effects (we will inform you of automated decisions, explain key factors, and offer a way to request human review)
• Object to processing in certain circumstances
We will consider and act upon requests in accordance with applicable law.
If you are in the EEA or UK and believe we are unlawfully processing your data, you have the right to complain to your Member State data protection authority or the UK ICO:
• EU DPAs: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
• UK ICO: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/
If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch/edoeb/en/home.html
Withdrawing your consent. If we rely on consent, you may withdraw it at any time by contacting us (see “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”). This will not affect processing before withdrawal or processing based on other lawful grounds.
Opting out of marketing. You can unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us. We may still send non-marketing communications (e.g., service, account, legal notices).
Account information. To review/change your account information or terminate your account, log in to your account settings. Upon your request to terminate, we will deactivate or delete your account and information from active databases; some information may be retained to prevent fraud, troubleshoot, support investigations, enforce terms, and comply with law.
Questions about your privacy rights: info@exabrainai.com
12. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile OS/apps include a Do-Not-Track (DNT) setting. No uniform standard for recognizing/implementing DNT signals currently exists, so we do not respond to DNT signals. If a standard is adopted we must follow, we will update this Notice. California law requires us to state this.
13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have rights to access details about your personal information and how we processed it, correct inaccuracies, obtain a copy, delete it, or withdraw consent. These rights may be limited by law.
Categories of Personal Information We Collect (past 12 months)
• A. Identifiers (e.g., name, alias, postal address, phone, unique identifier, online identifier, IP, email, account name) — Collected: YES
• B. Personal information defined in the California Customer Records statute (e.g., name, contact info, education, employment, financial) — Collected: NO
• C. Protected classification characteristics (e.g., gender, age, DOB, race/ethnicity, national origin, marital status) — Collected: NO
• D. Commercial information (e.g., transactions, purchase history, financial details, payment info) — Collected: NO
• E. Biometric information (e.g., fingerprints, voiceprints) — Collected: NO
• F. Internet or similar network activity (e.g., browsing/search history, interactions with sites/apps/ads) — Collected: NO
• G. Geolocation data (e.g., device location) — Collected: [not specified in table]
• H. Audio, electronic, sensory, or similar information (e.g., images, audio/video/call recordings) — Collected: NO
• I. Professional or employment-related information — Collected: NO
• J. Education information — Collected: NO
• K. Inferences drawn from collected personal information — Collected: NO
• L. Sensitive personal information — Collected: NO
We may also collect other personal information when you interact with us (e.g., support channels, surveys/contests, facilitating Service delivery, responding to inquiries).
Retention examples:
• Category A: as long as the user has an account with us
• Category G: as long as the user has an account with us
Sources of personal information: See “WHAT INFORMATION DO WE COLLECT?”
How we use and share personal information: See “HOW DO WE PROCESS YOUR INFORMATION?” and “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”
Will your information be shared with anyone else? We may disclose personal information to service providers under written contracts. Categories of third parties are listed under “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”
We may use personal information for our own business purposes (e.g., internal research and development). This is not a “sale.”
Your US state privacy rights may include:
• Right to know whether we process your personal data
• Right to access your personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to obtain a copy of personal data you shared with us
• Right to non-discrimination for exercising rights
• Right to opt out of targeted advertising (or “sharing” under California), sale of personal data, or profiling for decisions producing legal/similarly significant effects
Depending on your state, you may also have rights to:
• Access categories of personal data processed (e.g., Minnesota)
• Obtain a list of categories of third parties to whom we disclosed personal data (e.g., California, Delaware, Maryland)
• Obtain a list of specific third parties to whom we disclosed personal data (e.g., Minnesota, Oregon)
• Review/understand/question/correct profiling (e.g., Minnesota)
• Limit use/disclosure of sensitive personal data (e.g., California)
• Opt out of collection of sensitive data and data via voice/facial recognition (e.g., Florida)
How to exercise your rights:
Submit requests at https://www.exabrain.ai/contact or use the contact details at the bottom of this Notice.
Opting out of selling/sharing/targeted advertising/profiling: Disable cookies in Cookie Preference Settings.
Authorized agents: You may designate an authorized agent to submit requests. We may require proof of authorization and identity verification.
Request verification: We will verify your identity using information we already maintain or by requesting additional information solely for verification/security/fraud-prevention.
Appeals: If we decline your request, you may appeal by emailing info@exabrainai.com. We will provide a written response. If denied, you may contact your state attorney general.
California “Shine The Light” Law (Civ. Code §1798.83): California residents may request, once per year and free of charge, information about categories of personal information (if any) disclosed to third parties for direct marketing in the prior calendar year and the names/addresses of those third parties. Submit requests using our contact details under “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”
14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In short: You may have additional rights based on the country you reside in.
Australia and New Zealand
We collect and process personal information under Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020. This Notice satisfies the Acts’ notice requirements (what we collect, sources, purposes, and recipients). If you do not provide necessary personal information, it may affect our ability to:
• Offer products or services you want
• Respond to/help with your requests
• Manage your account
• Confirm your identity and protect your account
You may request access to or correction of your personal information (see “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”).
Complaints:
• Australia OAIC: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us
• New Zealand Privacy Commissioner: https://www.privacy.org.nz/your-rights/making-a-complaint/
Republic of South Africa
You may request access to or correction of your personal information (see “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”).
If unsatisfied with our response:
• Information Regulator (South Africa): https://inforegulator.org.za/
• General enquiries: enquiries@inforegulator.org.za
• Complaints (Form 5): PAIAComplaints@inforegulator.org.za and POPIAComplaints@inforegulator.org.za
15. DO WE MAKE UPDATES TO THIS NOTICE?
In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date at the top. If we make material changes, we may notify you by prominently posting a notice or by sending you a notification. Please review this Notice frequently.
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, email us at info@exabrainai.com or contact us by post at:
exabrainAI GmbH
Hauptstrasse 64
Edlibach, Zug 6313
Switzerland
17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information (subject to law). To submit a request, visit: https://www.exabrain.ai/contact.
