← BrainCopy

Privacy Policy

Effective date: 15 November 2024

Last updated: 2 May 2026

This policy explains what data BrainCopy collects, why, where it's stored, who it's shared with, and what rights you have over it. BrainCopy is operated by Cnvert Sweden AB, a Swedish company registered at Gothenburg, Sweden (org. nr. 559158-5710). The quickest way to reach us about anything in this policy is the support chat at braincopy.ai; your message routes directly to the team and we respond within 30 days for formal GDPR requests (usually same-day for operational issues).

1. Summary

• We are the data controller for your BrainCopy account data under the EU General Data Protection Regulation (GDPR).
• Your personal content — photos, diary entries, messages, notes — stays on servers we operate in the European Union (Sweden and Germany).
• We don't sell your data. We don't share it with advertisers. We don't use it to train third-party AI models.
• You can export everything you've given us, anytime. You can delete everything you've given us, anytime. Account deletion is processed within seven days and cascades through all our systems.
• We only use third-party services where necessary to provide the product, and only transmit the minimum data they need.

2. Data we collect

2.1 Account data

When you create an account, we collect your email address, display name, and an encrypted password hash (or a third-party identity token if you sign in with Apple or Google). We collect basic account metadata: creation date, last login, language preference, device identifier and push notification token for our mobile apps.

2.2 Content you give us

BrainCopy is a personal archive. You actively give us your content so that we can organize and preserve it. That includes:

• Text captures — thoughts, tasks, diary entries you type or dictate
• Voice recordings — audio files you upload from the mobile app
• Photos, videos, and documents — media you upload directly or via social-media export files (Facebook, Instagram, Google Photos, iCloud, WhatsApp, Messenger, Evernote, etc.)
• People, projects, ideas — entities you create or that our AI extracts from your text
• Imports and exports — the raw data files you upload during onboarding

2.3 Generated data

When you opt in to AI processing, our system creates derived data:

• Thumbnails and resized previews of your photos
• Face clusters (groupings of photos containing the same detected face)
• AI-generated descriptions, tags, and estimated dates for images
• AI-generated diary narrative and daily/weekly digests
• OCR text extracted from handwritten notes
• Voice transcriptions
• Logs and metrics required to run and debug the service (error logs, processing timestamps, token usage counters)

2.4 Technical data

When you use the website or mobile app, we and our hosting providers log standard technical data: IP address, browser/app version, approximate location (country level, inferred from IP), request timestamps, and crash reports. This data is retained for operational purposes — security monitoring, abuse prevention, debugging — and is not sold or used for advertising.

2.5 Payment data

If you subscribe or purchase AI processing, Stripe (our payment processor) handles your card details directly. We never see or store your card number. We retain the purchase record (what you bought, when, for how much) for seven years to meet Swedish accounting law requirements, even after account deletion.

3. Where your data lives

Data	Where it's stored	Location
Photos, videos, documents (originals)	Your personal CloudMe account — our preferred partner for user-owned cloud storage. If CloudMe isn't the right fit, we can alternatively host your files on Hetzner hardware.	Sweden 🇸🇪 (CloudMe) — or Germany 🇩🇪 (Hetzner alternative)
Account data, diary text, metadata	MySQL database on our Oderland hosting account	Sweden 🇸🇪
Thumbnails and processing artifacts	Hetzner Object Storage (S3-compatible)	Germany 🇩🇪 (Nuremberg)
Temporary import files (social-media exports)	Hetzner Object Storage, deleted after successful import	Germany 🇩🇪
Email (newsletters, notifications)	Our self-hosted Otto email platform on Oderland	Sweden 🇸🇪

All primary storage is inside the European Union, covered by EU data protection law. No personal data is transferred to the United States or other jurisdictions as part of normal operation.

4. Third parties we use (sub-processors)

We use the following companies to deliver specific parts of the service. Each receives the minimum data they need to perform their function; none are allowed to use your data for their own purposes beyond providing the contracted service.

Service	Purpose	Data transmitted	Location
Anthropic (Claude API)	AI description of photos, diary narrative generation, voice transcription fallback, classification of captures	The specific photo / text we're asking about, sent via encrypted HTTPS. Anthropic's terms prohibit training their models on API customer data.	USA (unavoidable for Claude)
Amazon Web Services — Rekognition	Face detection and clustering in photos	Photo bytes only, sent to the EU Frankfurt region. Faces are stored in our private collection; AWS's terms prohibit use for their own training.	Germany (AWS Frankfurt)
Stripe	Payment processing for subscriptions and one-off purchases	Card details (handled directly by Stripe — we never see them), customer name, email, billing country	Ireland / USA
Hetzner Online GmbH	Object storage for thumbnails; VPS hosting for worker and cloud storage; Storage Box for user files	All data you upload	Germany 🇩🇪
Oderland Webbhotell AB	Web hosting, database, email delivery	Account data, diary text, application code	Sweden 🇸🇪
Apple / Google	Push notification delivery to mobile apps (APNs / FCM); optional Sign-in-with-Apple / Google identity tokens	Push token + notification body	Global
OpenStreetMap (Nominatim)	Reverse geocoding — turning photo GPS coordinates into place names	GPS coordinates only, no user identifier	EU
Otto (self-hosted)	Transactional email (account notifications, digests)	Email address, notification body	Sweden 🇸🇪 (runs on our own server)
PostHog (EU cloud)	Product analytics — anonymous and identified events to understand how features are used, where users get stuck, and which onboarding paths convert. Includes web analytics, click heatmaps, and uncaught error reporting. No advertising, no cross-site tracking, no profile sold or shared.	Anonymous events (page views, button clicks) for visitors. Once you sign in, events are linked to a stable internal user ID so we can analyze your journey across sessions. Email is attached to your PostHog profile; raw diary content and photos are never sent.	Germany 🇩🇪 (Frankfurt)

If you want the current list of sub-processors, reach us via the support chat at braincopy.ai.

5. Why we process your data (legal basis under GDPR)

• Performance of a contract (Article 6(1)(b)) — storing, organizing, and preserving the content you upload. Without processing it, we can't provide the service you're asking for.
• Legitimate interest (Article 6(1)(f)) — security monitoring, abuse prevention, debugging, product analytics at aggregate level.
• Consent (Article 6(1)(a)) — AI processing of your photos and text (face detection, image description, diary enrichment, OCR, voice transcription). You opt in explicitly per step, and you can decline or stop at any time.
• Legal obligation (Article 6(1)(c)) — retention of payment records for Swedish accounting law (seven years).

6. Retention

We retain your data for as long as you have an account with us, plus short grace periods for account recovery. Specific retention rules:

• Active account: all your content is kept indefinitely until you delete it.
• Account deletion: when you request deletion, we wait seven days (during which you can cancel), then cascade-delete everything. Your email is anonymized in our records; identifiers are wiped. Your photos, diary entries, captures, people, projects, AI results, and all derived data are removed from our servers and from all third-party sub-processors within the following hour.
• Payment records: retained for seven years after the last transaction, to meet Swedish accounting law. These records are linked to an anonymized user ID, not your email or name.
• Temporary files: import ZIPs and processing intermediates are deleted automatically after the associated job succeeds (typically within hours). Failed imports are retained up to 30 days so we can help you recover.
• Logs: technical logs are retained for 14 days and then rotated out.
• Legacy planning: if you configure digital legacy recipients, your account state is retained under conditions you define (inactivity detection, manual trigger, verification by a named contact). This overrides the normal deletion flow only if you have explicitly set it up.

7. Your rights under GDPR

You have the right to:

1. Access your data — we provide a full export in machine-readable format.
2. Correct inaccuracies — you can edit most data directly in the app; for anything you can't, contact us via the support chat at braincopy.ai.
3. Delete your data — initiate from Settings, or contact us via the support chat; we process within seven days (plus the grace period).
4. Restrict processing — pause AI processing or specific features at any time.
5. Data portability — receive your data in JSON / standard file formats to move to another service.
6. Object to processing based on legitimate interest.
7. Withdraw consent for AI processing at any time (future processing stops; already-generated results can be deleted on request).
8. Lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY — imy.se) or your local supervisory authority.

To exercise any of these rights, open the support chat at braincopy.ai and tell us what you need. Your message routes directly to the team responsible for privacy requests; we respond within 30 days.

8. Security

• All traffic between your device and our servers is encrypted in transit (TLS 1.2+).
• Database credentials and API keys are stored outside the web-accessible directories.
• Passwords are stored as bcrypt hashes, never in plaintext.
• Sessions are signed JWT tokens with rotation on refresh.
• Third-party API keys (Anthropic, AWS, Stripe) are scoped to the minimum required permissions.
• We monitor for suspicious activity and apply security patches promptly.
• In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33.

9. Children's data

BrainCopy is not intended for users under the age of 16. We don't knowingly collect data from children. If you believe a child has created an account, contact us via the support chat at braincopy.ai and we'll remove it promptly.

Parents who import a child's content into their own BrainCopy account (e.g. photos of their children in the family archive) are responsible for that content. The child's content in that case is not the child's data — it's the parent's — and is processed under the parent's consent.

10. Cookies and analytics

Login cookie: the application (app.braincopy.ai) uses a single session cookie to keep you logged in. There are no advertising cookies. No data is sold to third parties.

Product analytics (PostHog): we use PostHog to understand how the product is used so we can fix what's confusing and improve what works. PostHog stores a small first-party identifier (cookie or local storage entry, depending on your browser) so it can recognize you across pages of the same visit. The data is hosted in the EU (Frankfurt, Germany) and is processed under our Data Processing Agreement with PostHog. We don't enable session replay, advertising integrations, or cross-site tracking. We track events like "page viewed", "button clicked", and "onboarding step completed" — never the content of your diary, photos, or messages.

Your control: you can opt out of analytics at any time by enabling the "Do Not Track" setting in your browser, or by blocking eu.i.posthog.com in any privacy extension. PostHog respects DNT signals where present. We rely on Article 6(1)(f) (legitimate interest in product improvement) as the legal basis; if you object, contact us via the support chat and we'll exclude your account from collection.

11. Marketing communications

We send you operational email (account notifications, daily digests if you've enabled them, lifecycle reminders) under the legitimate interest basis. You can unsubscribe from any non-critical email via the footer link; account-critical notifications (e.g. security, payment) cannot be disabled while you have an account.

12. Changes to this policy

If we change this policy in a way that materially affects your rights, we'll notify you by email at least 30 days before the change takes effect. Minor clarifications and formatting updates are applied directly and tracked by the "Last updated" date at the top.

13. Related documents

The legal terms governing your use of BrainCopy live in our Terms of Service, including liability limits, refund rules, the Legacy-feature carve-outs, and choice of law.

14. Contact

Data Controller: Cnvert Sweden AB, Gothenburg, Sweden (org. nr. 559158-5710).

Contact: support chat at braincopy.ai. Messages reach the team responsible for privacy directly, with escalation to the company's responsible person when needed.

We don't have a formally appointed Data Protection Officer (not required under GDPR at our current size), but privacy requests are tracked and answered within the 30-day SLA.