Privacy Policy

Last updated: 24 March 2026

Brain Buddy AI Pty Ltd (ABN 81 673 063 155) ("Brain Buddy AI", "we", "us", "our") operates the Brain Buddy AI Studio platform at studio.brainbuddy.ai and related services. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

1.1 Account Information

When you create an account or are invited to the platform, we collect:

  • Full name and email address
  • Password (hashed, never stored in plain text)
  • Organisation name and business details
  • Billing information (processed securely by Stripe; we do not store credit card numbers)

1.2 Chatbot Visitor Data

When visitors interact with chatbots deployed through our platform, we may collect:

  • Messages sent to and received from the AI chatbot
  • Name, email address, and phone number (if voluntarily provided by the visitor)
  • Session identifiers and browser metadata
  • IP address (for security and analytics purposes)
  • Messaging channel identifiers (WhatsApp, Messenger, Instagram)

1.3 Usage Data

We automatically collect:

  • Message counts and token usage per chatbot
  • Feature usage patterns within the dashboard
  • Analytics data (conversations, leads, bookings)

1.4 Third-Party Integrations

When you connect third-party services, we may receive:

  • Google account information (for Google Sheets integration)
  • Facebook Page, Instagram, and WhatsApp Business account information (for messaging channels)
  • Stripe subscription and billing status

2. How We Use Your Information

We use personal information to:

  • Provide, maintain, and improve the Brain Buddy AI platform
  • Process AI chatbot conversations on behalf of our customers
  • Send service-related notifications (billing, usage alerts, system updates)
  • Generate analytics and usage reports
  • Power the Self-Learning Engine to improve chatbot performance
  • Process payments and manage subscriptions
  • Prevent fraud, abuse, and enforce our terms
  • Comply with legal obligations

3. AI-Processed Data

Chatbot conversations are processed by Anthropic's Claude AI models. Messages are sent to Anthropic's API for the purpose of generating responses. We do not use chatbot conversation data to train our own AI models or sell data to third parties. Anthropic's data handling is governed by their own privacy policy and terms of service.

The Self-Learning Engine analyses conversation patterns to improve chatbot instructions. This analysis is performed per-chatbot and the results are only used to improve that specific chatbot's performance for the customer who owns it.

4. Data Sharing and Disclosure

We may share personal information with:

  • Service providers: Anthropic (AI processing), Stripe (payments), Supabase (database hosting), Vercel (application hosting), Resend (email delivery)
  • Our customers: Chatbot visitors' data is accessible to the organisation that deployed the chatbot
  • Connected integrations: Google Sheets, Meta (Facebook/Instagram/WhatsApp) when authorised by the customer
  • Legal requirements: When required by law, regulation, or legal process

We do not sell personal information to third parties.

5. Data Storage and Security

Data is stored on servers managed by Supabase (hosted on AWS in the Sydney region where available). We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-level security (RLS) for database access control
  • Role-based access controls within the platform
  • HMAC-SHA256 signed webhook payloads
  • Hashed passwords (never stored in plain text)

6. Data Retention

  • Account data: Retained while your account is active and for 30 days after deletion
  • Conversation data: Retained for 12 months from creation, then automatically deleted
  • Usage logs: Retained for 24 months for billing and analytics purposes
  • Billing records: Retained as required by Australian tax law (generally 5 years)

7. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information (subject to legal obligations)
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

If you are located in the EU/EEA, you may also have rights under the GDPR including the right to data portability and the right to restrict processing.

8. Cookies

Our platform uses essential cookies for authentication and session management. The chat widget uses localStorage to persist session state for returning visitors. We do not use third-party tracking cookies on the chat widget.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

10. International Data Transfers

Some of our service providers (Anthropic, Vercel, Stripe) may process data in the United States. Where data is transferred outside Australia, we ensure appropriate safeguards are in place consistent with the APPs.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related enquiries, complaints, or access requests, contact us at:

  • Email: privacy@brainbuddy.ai
  • Brain Buddy AI Pty Ltd, Australia