Privacy Policy

Last updated: April 12, 2026

BrixoAI UG (haftungsbeschränkt) (“BrixoAI”, “we”, “us”, or “our”) is a technology and creative studio registered in Berlin, Germany. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website www.brixo-ai.com or use our client portal and services (collectively, the “Services”). Please read this policy carefully. If you disagree with its terms, please discontinue use of our Services.

1. Information We Collect

1.1 Information you provide directly

  • Contact form — name, email address, subject, and message content when you reach out via our website.
  • Client portal registration — email address and password when you create an account.
  • Project onboarding — business details, goals, and any files you upload through the portal.

1.2 Information collected automatically

  • Usage data — pages visited, time spent, click events, referral URL, and browser/device type, collected via Vercel Analytics (privacy-friendly, no cookies).
  • Log data — IP address and server access logs retained for up to 30 days for security and debugging purposes.

1.3 AI chatbot interactions

Messages you send to the BrixoAI assistant are processed in real time by our backend and routed to third-party LLM providers (such as OpenAI or Groq). These messages are not stored on our servers beyond the duration of your session unless you explicitly save an artifact.

2. How We Use Your Information

  • To provide, operate, and improve our Services.
  • To respond to your enquiries and fulfil project deliverables.
  • To manage your client portal account and project dashboard.
  • To send transactional emails related to your account or project.
  • To detect and prevent fraud, spam, and other security threats.
  • To comply with legal obligations under applicable German and EU law.

We do not sell your personal data to third parties, and we do not use your data for automated profiling or purely automated decision-making that produces legal effects.

3. Legal Basis for Processing (GDPR)

As a company established in Germany, we process personal data in accordance with the EU General Data Protection Regulation (GDPR). Our legal bases are:

  • Contract performance (Art. 6(1)(b) GDPR) — processing necessary to deliver the services you requested.
  • Legitimate interests (Art. 6(1)(f) GDPR) — website security, fraud prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c) GDPR) — retention of business and financial records.
  • Consent (Art. 6(1)(a) GDPR) — where we explicitly ask for your consent (e.g. marketing communications).

4. Data Sharing & Third-Party Services

We use the following sub-processors:

  • Supabase — database and authentication (EU data region).
  • Vercel — website hosting and edge functions.
  • OpenAI / Groq / Anthropic — LLM inference for the AI chatbot. Your messages are transmitted subject to their respective privacy policies.
  • Cloudflare Turnstile — bot protection on forms (no user tracking cookies).

All sub-processors are contractually bound to process data only as instructed and to implement appropriate technical and organisational security measures.

5. Data Retention

  • Account data — retained for the duration of your account plus 3 years after closure, unless you request earlier deletion.
  • Contact form submissions — retained for up to 2 years.
  • Server logs — up to 30 days.
  • Financial/invoicing records — 10 years as required by German commercial law (§ 257 HGB).

6. Your Rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Request erasure (“right to be forgotten”) where no overriding legal basis exists.
  • Restrict or object to certain processing activities.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time without affecting prior processing.
  • Lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

To exercise any of these rights, email us at privacy@brixo-ai.com. We will respond within 30 days.

7. Security

We implement industry-standard measures including HTTPS/TLS encryption in transit, bcrypt password hashing, row-level security in Supabase, and regular access reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Cookies

Our website does not use tracking or advertising cookies. We use a single session cookie strictly necessary for authentication in the client portal. Vercel Analytics operates without cookies. Cloudflare Turnstile may set a transient functional cookie for bot verification.

9. Children's Privacy

Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top and, for material changes, notify registered users by email. Continued use of our Services after changes are posted constitutes acceptance of the updated policy.

11. Contact

BrixoAI UG (haftungsbeschränkt)
Berlin, Germany
Email: privacy@brixo-ai.com
Website: www.brixo-ai.com

Terms of Service →← Back to Home
Ask BrixoAI