Privacy Policy

Effective Date: 07/01/2025

Ex.Brain Inc. (“Ex.Brain,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your data with transparency, security, and care. This Privacy Policy explains how we collect, use, share, and protect personal and business information through our websites, applications, products, and related services (collectively, the “Services”).

By accessing or using Ex.Brain, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

1. Scope

This Privacy Policy applies to all Ex.Brain Services, including:

  • Our public websites (ex-brain.com and subdomains).
  • The Ex.Brain platform, including ExBrains, Core Ex.Brain, and AI agents.
  • Mobile applications and integrations.
  • Communications and support channels (email, chat, phone).

It covers personal data, business data, and any information processed through our Services.

2. Information We Collect

2.1 Information You Provide Directly

  • Account & Registration Data: Name, email, company name, role/title, password.

  • Billing & Payment Data: Processed through third-party providers (e.g., Stripe); we do not store sensitive payment card numbers.

  • Uploaded Content: Text, documents, audio, video, or other data you or your organization submit to Ex.Brain.

  • Communications: Messages you send to us (support, sales, feedback).

 

2.2 Information We Collect Automatically

  • Usage Data: IP address, browser type, device information, pages visited, time spent, referring URLs.

  • Device & App Data: Operating system, app version, crash logs, error reports.

  • Cookies & Similar Technologies: For authentication, preferences, analytics, and security. (See our Cookie Policy).

 

2.3 Information From Third Parties

  • Integrations: If you connect Ex.Brain to third-party tools (e.g., Google Drive, Microsoft Teams, Slack), we may receive data per your settings.

  • Partners & Vendors: Data from resellers, distributors, or integration partners.

  • Public Sources: Professional information available in public directories or sites.

3. How We Use Information

Ex.Brain does not train its AI models on your data. Your business knowledge is private and used only for your organization.

We use information to:

  • Provide and operate the Services.
  • Authenticate users and manage accounts.
  • Process transactions and subscriptions.
  • Capture and structure knowledge (e.g., meetings, speech-to-knowledge).
  • Respond to inquiries and provide support.
  • Improve features, usability, and security.
  • Send important notices (service updates, security alerts).
  • Comply with legal obligations.

4. Legal Bases (EEA/UK/Switzerland Only)

Where GDPR or similar laws apply, we process personal information on:

  • Consent.
  • Contract performance.
  • Legitimate interests (e.g., improving Services).
  • Legal obligations.

5. How We Share Information

We only share data as described below:

  • Service Providers: Hosting, payments, analytics, support (bound by confidentiality agreements).
  • Business Transfers: In mergers, acquisitions, or financing, subject to notice and rights.
  • Legal Requirements: When required by law or to protect rights, safety, or property.
  • With Your Consent: When you explicitly approve sharing.
  • Aggregated/De-Identified Data: For research, never identifying individuals.

We never sell your data.

6. Data Retention

We retain data only as long as necessary to:

  • Provide the Services.
  • Meet contractual or legal requirements.
  • Support audit or compliance needs.

When no longer required, data is securely deleted or anonymized.

7. International Transfers

Ex.Brain is headquartered in the U.S., but we may process data globally. Where required (e.g., GDPR), we use approved safeguards like Standard Contractual Clauses.

8. Security & Compliance

  • Encryption at rest and in transit.
  • Role-based access controls.
  • Logically isolated customer environments.
  • Continuous monitoring, penetration testing, and patching.
  • Incident response aligned with NIST standards.

See our Security & Compliance page for full details.

9. Your Privacy Rights

Depending on your location, you may have rights to:

  • Access, correct, or delete your personal data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent.

9.1 California Residents (CCPA/CPRA)

  • Right to know categories of personal information collected.
  • Right to request deletion.
  • Right to opt out of sale/sharing (we do not sell personal information).
  • Right to non-discrimination.

To exercise your rights, contact privacy@exbrain.ai .

10. Children’s Privacy

Ex.Brain is built for enterprises, not children. We do not knowingly collect data from anyone under 13. If you believe a child provided us data, contact us for prompt deletion.

11. Third-Party Links

Our Services may link to third-party sites. We are not responsible for their privacy practices. Review their policies before use.

12. Changes to This Policy

We may update this Privacy Policy periodically. Updates are effective upon posting. If changes are significant, we will provide notice (email or in-product).

13. Contact Us

Ex.Brain Inc.
Email: privacy@exbrain.ai
Security inquiries: security@exbrain.ai