Privacy Policy

PRIVACY POLICY

Last Updated: April 26, 2026 Company: Brain Frame Website: Brain-frame.ai Product: SPOT

This Privacy Policy explains how Brain Frame collects, uses, stores, and shares your personal information when you visit our website or interact with our team.

We are committed to protecting your personal data and ensuring transparency in how we operate. This policy complies with the General Data Protection Regulation (GDPR) and relevant data protection laws.

1. Information We Collect

We collect different types of information depending on your interaction with our business.

A. Information You Provide Directly

This includes information provided when you:

Create an Account: Name, email address (e.g., jennifer@brain-frame.ai), billing address, phone number, and account credentials.

Purchase or Sign Up: Payment details (processed by secure third-party payment processors), and subscription preferences.

Support & Communication: Correspondence via email, support tickets, and troubleshooting details.

Device/Service Data: Private, not collected

When you use our website, we automatically collect:

Technical Data: IP address, browser type, operating system, referring URLs, and timestamps of access.

Usage Patterns: Details about how you interact with the platform, the features you use, and the time spent on different sections.

2. Legal Basis for Processing (GDPR Requirement)

Under GDPR, we must define the lawful basis for processing your personal data. We process your data based on the following grounds:

Consent: Where you have given explicit consent for a specific purpose (e.g., marketing emails). You have the right to withdraw consent at any time.

Contractual Necessity: Processing necessary to provide services or fulfill a purchase agreement (e.g., using your billing information to send your Spot device).

Legitimate Interest: Where we need to process data for our legitimate business interests (e.g., fraud detection, improving platform security, or analyzing aggregate usage patterns), provided that this interest does not override your fundamental rights and freedoms.

Legal Obligation: Where we must process data to comply with applicable law (e.g., maintaining financial records).

3. How We Use Your Data (Purpose of Processing)

We use the collected data for the following purposes:

To Provide Services: To operate, manage, and improve the core functionality of the SPOT platform (e.g., processing commands, running automations).

To Improve Products: To analyze usage patterns and diagnose technical issues, helping us refine the AI models, features, and user experience.

Billing and Support: To manage payments, handle refunds, and provide customer support.

Security and Fraud Prevention: To detect and prevent fraudulent activity, misuse of the platform, and unauthorized access, which is crucial given the sensitivity of the data we process (e.g., PII).

Marketing: To send you updates, feature announcements, and marketing materials (only if explicit consent is given).

4. Data Storage, Retention, and Security Measures

A. Storage and Retention

We store your data securely on servers and infrastructure designated by our technical team. We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, or as required by applicable law (e.g., financial records must be kept for 3 years).

B. Security Measures

We implement robust security measures, including:

Encryption: All sensitive data (data in transit and at rest) is protected using industry-standard encryption protocols (e.g., SSL/TLS).

Access Control: Strict internal policies and access controls are enforced, ensuring that only authorized Brain Frame personnel have access to your data.

Privacy by Design: We are committed to building security and privacy into the core architecture of Spot.

5. Sharing and Disclosure of Data

We do not sell your personal data. We may share your information in the following limited circumstances:

Service Providers (Processors): We may engage trusted third-party service providers (e.g., cloud hosting services, payment processors, communication APIs) to perform functions on our behalf. These third parties are contractually obligated to process data only on our instructions and to maintain confidentiality and security.

Legal Requirements: If required by law, subpoena, or other legal process.

Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the new owner, who agrees to be bound by the terms of this Policy.

6. International Data Transfers

If your data is transferred outside the European Economic Area (EEA) or other jurisdiction that has enacted adequate data protection laws, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or binding corporate rules, to guarantee that your data remains protected to the standard required by GDPR.

7. Your Data Protection Rights (GDPR Rights)

As a user, you have significant rights regarding your personal data:

Right to Access: You have the right to request a copy of all personal data we hold about you.

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete data.

Right to Erasure (“Right to be Forgotten”): You have the right to request the deletion of your personal data, subject to certain legal requirements (e.g., we may need to retain billing data for tax purposes).

Right to Object/Restrict Processing: You can object to the processing of your data for certain purposes, such as direct marketing.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

How to Exercise Your Rights

To exercise any of these rights, please contact us immediately using the details provided in Section 9. We will verify your identity before taking any action and will respond to your request within the legally mandated time frame.

8. Changes to This Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy on this page and notify you of significant changes via email or through the service.

9. Utah State Compliance & Consumer Rights

In addition to international standards, Brain Frame is committed to complying with relevant state laws affecting consumer transactions in Utah.

Truth in Advertising & Deceptive Practices: We commit to ensuring that all marketing and product claims for Spot are accurate, truthful, and not misleading to Utah consumers. Should you believe any product claim is misleading, please contact us immediately.

Warranty and Returns: Our sales and return policies adhere to Utah’s relevant commercial codes and consumer rights regarding warranties and product fitness for use.

Local Address: For any local inquiries or compliance issues specific to Utah, please direct your communications to our physical office located at 11632 S Copper Rose Way, South Jordan, UT 84009.

Data Security: While federal and international laws guide our technical security, we recognize the importance of protecting consumer data locally and implement security measures designed to meet or exceed Utah’s standards for electronic and personal data privacy.

10. Contact Information

If you have any questions, concerns, or wish to exercise any of your rights under this policy, please contact us:

Brain Frame Data Protection Officer: jennifer@brain-frame.ai Mailing Address: 11632 S Copper Rose Way, South Jordan, UT 84009 Date of Contact: April 26, 2026