Privacy Policy

Effective Date: April 21, 2025, Last Updated: April 21, 2025

Scope and Purpose

This Privacy Policy applies to the processing of Personal Data of individuals using the services offered by Brello AI (“Brello”, “we”, “our” or “us”). The policy outlines our approach to handling Personal Data, and aims to provide clarity to users ("you") regarding:

  • Categories of Personal Data we collect and the means of collection
  • Purposes for which such data is processed
  • Legal basis for processing under applicable laws
  • Disclosure and transfer mechanisms
  • Your rights as a data subject
  • Contact information for grievance redressal or exercising your rights

This Policy is updated periodically to reflect our data processing activities and compliance obligations.

Definitions

The following terms used in this Privacy Policy shall have the meaning assigned under applicable laws or, in their absence, the meaning set forth below:

  • Personal Data: Information that identifies, relates to, describes, or can be linked to an individual directly or indirectly.
  • Data Principal: A natural person to whom the personal data relates.
  • Data Fiduciary: The entity that determines the purpose and means of processing Personal Data.
  • Data Processor: Any individual or entity that processes Personal Data on behalf of the Data Fiduciary.
  • Processing: Any operation performed on Personal Data, including collection, use, storage, disclosure, and deletion.
  • Consent: Freely given, specific, informed, and unambiguous indication of the Data Principal’s agreement to process personal data.
  • Anonymized Data: Data that cannot be used to identify a person, even indirectly.
  • Pseudonymized Data: Data that cannot be attributed to a specific individual without additional information, kept separately.
  • Cookies: Small text files placed on your device by websites to track and personalize your experience.

Data Fiduciary Details

This Privacy Policy is issued by Brello AI, a product operated by Stuvio Digital Private Limited, having its registered office at:

Stuvio Digital Private Limited, having its registered office at:
P2051/52, Akshar Business Park, Sector 25, Vashi,
Navi Mumbai, Maharashtra 400703

Data Protection Officer

If you have questions or wish to exercise your rights under applicable privacy laws, you may contact our Data Protection Officer (DPO) at:

privacy@brello.ai

We will acknowledge and resolve valid queries within 10 calendar days from the date of receipt.

types of personal data and methods of collection

1. Data Collected During Registration
We collect the following details at sign-up:

  • Full name
  • Email address
  • Profile picture (if logging in via Google OAuth)
  • Authentication metadata (OAuth tokens, timestamps)

This data is collected to create your user profile and provide access to our services.

2. Information You Actively Provide

  • Research inputs, voice/text prompts, uploaded documents, and notes
  • Customer support interactions
  • Feedback, surveys, forms, and communications via email or chat

3. Information Collected Automatically
When you use our platform, we collect:

  • Device and Network Data: IP address, browser type, operating system, device ID, screen resolution, language preferences
  • Usage Data: Feature usage, clicks, scrolls, time spent, navigation patterns
  • Cookies and Similar Technologies: Session cookies, functional cookies, and performance cookies (details available in our Cookie Policy)

4. Third-Party Sources
We may receive Personal Data through::

  • Google OAuth for login
  • API integrations with services such as OpenAI, Perplexity, or Gemini
  • Analytics partners (with consent)

All externally sourced data is processed according to this Policy and for legitimate purposes only.

Purpose and Legal Basis for Processing Personal Data

We process your Personal Data for the following purposes, under lawful bases including consent, legitimate interest, contractual necessity, and legal compliance:

1. To Provide Services

  • Enable research queries and generate outputs via AI
  • Provide user dashboard, note storage, and version history
  • Authenticate and maintain secure sessions

2. To Communicate With You

  • Send system updates, research notifications, support responses
  • Collect and act on your feedback
  • Inform you of changes in services or policies

3. To Improve Platform Features

  • Monitor product performance, debug issues, run A/B tests
  • Improve AI accuracy using anonymized or aggregated usage logs
  • Train internal models (only using opt-in data)

4. To Detect and Prevent Fraud and Abuse

  • Identify unusual activity, enforce terms of service
  • Prevent spam, scraping, or unauthorized access

5. To Comply With Legal Obligations

  • Respond to government or court orders
  • Maintain audit logs and billing records

6. Marketing and Analytics (with Consent)

  • Track online behavior using cookies
  • Send personalized email campaigns and suggestions
  • Build pseudonymized behavioral segments for targeted communication

You may withdraw consent or object to non-essential processing at any time by emailing privacy@brello.ai or updating your cookie preferences.

How Information Is Processed

Data is processed using both manual and automated tools, depending on the use case:

  • Real-time queries are routed to AI APIs for inference
  • Logs are stored securely in encrypted formats
  • User-submitted data is stored in Supabase and hosted on Vercel infrastructure
  • Feedback and diagnostic data are analyzed to improve services

We implement RBAC (Role-Based Access Control) to limit internal access and use API segregation for isolating credentials across service layers.

Sharing & Disclosure of Personal Data

We do not sell your personal data. We may share your data with:

1. Subprocessors and Service Providers
To enable features such as:

  • AI query processing (OpenAI, Perplexity, Grok)
  • Hosting (Vercel)
  • Authentication (Google OAuth)
  • Database (Supabase)
  • Email communication (e.g., Mailgun or Postmark)

2. Affiliates

Our group companies or subsidiaries may access Personal Data for shared operational support, always under strict contractual safeguards.

3. Legal or Government Authorities

If required by applicable law, or to enforce our terms, detect fraud, or protect rights, safety, or property.

We maintain contracts with all subprocessors ensuring GDPR-compliant safeguards and Standard Contractual Clauses (SCCs) where applicable.

International Data Transfers

We may transfer and store your Personal Data outside your country of residence (e.g., to data centers in the US, EU). In such cases, we ensure:

  • Adequate protection under SCCs or other lawful frameworks
  • Explicit consent for sensitive personal data transfers
  • Encryption and restricted access

Data Retention

Type of Data

Retention Period

Account Details

While the account is active

Query Logs

30–90 days (for debugging, then anonymized)

Payment/Bilpng Records

Up to 7 years (for tax and audit purposes)

Customer Support Interactions

Up to 2 years

Email Preferences & Consents

Until withdrawn or account deleted

You may request data deletion at any time via privacy@brello.ai.

Your Rights Under Applicable Law

Depending on your jurisdiction (e.g., India, EU, California), you may have the following right

  • Right to Access: Obtain a copy of your Personal Data in a readable format.
  • Right to Rectification: Correct or update incomplete or inaccurate information.
  • Right to Withdraw Consent: Revoke previously given permissions (e.g., tracking, marketing).
  • Right to Object or Restrict Processing: Object to processing based on legitimate interests or profiling.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your Personal Data from our systems.
  • Right to Data Portability: Request structured export or transmission of your Personal Data to another provider.

To exercise your rights, contact privacy@brello.ai.. Identity verification may be required. We will respond within 10 working days.

Lodge a Complaint

If you believe your data has been mishandled, or if your rights are not being respected, you may:

  • 1. Contact our DPO at privacy@brello.ai. for resolution.
  • 2. If unresolved, escalate to the relevant supervisory authority in your jurisdiction.

Children's Privacy

Our services are not intended for individuals under 13 years of age (or local age of digital consent).

We do not knowingly collect data from minors. If you believe a minor has submitted information, please contact us for prompt deletion.

Updates to This Policy

This Privacy Policy may be revised periodically.

We will notify you of material changes via email or platform notifications. The most recent version will always be available at:

privacy@brello.ai.

Contact Details

Brello AIStuvio Digital Private Limited

Email: privacy@brello.ai.

P2051/52, Akshar Business Park, Sector 25, Vashi, Navi Mumbai, Maharashtra 400703