Privacy policy

Working draft. This page describes our intended privacy posture; the legally-binding version will be finalised with counsel before V1 general availability. Material differences will be flagged in a release note. For the operational detail behind these statements, see /security.

Last updated: June 2026

1. Who we are

NitroxBrain is operated by NitroxConsulting, a French company (SIRET on request). Our registered contact for data-protection matters is security@nitroxbrain.com. For general questions, contact@nitroxbrain.com.

2. What data we collect, and why

We collect only what is necessary to operate Brain on your behalf.

  • Account data: your email address, the integrations you have connected, your Stripe subscription status. Source: you, when you sign up.
  • OAuth tokens: encrypted credentials for the third-party services (Gmail, Drive, Slack, …) you connect. Source: the vendor’s OAuth flow.
  • Conversation data: the messages you send to Brain and the replies it returns. Source: your Slack / Google Chat workspace.
  • Vault content: the files, notes, and memory Brain creates while serving you. Source: derived from your conversations.
  • Operational logs: timestamps, error traces, deploy events. Source: our infrastructure. Message content is redacted from these logs.

We do not collect: location data, device fingerprints, advertising identifiers, or third-party tracking cookies. The website uses no analytics by default.

3. Where it lives

On our side (you can audit this):

  • Conversation memory, vault, and OAuth tokens: Google Cloud (europe-west1 — Belgium).
  • Subscription and routing metadata: PostgreSQL on AWS Lightsail (Paris).
  • Public website: AWS Lightsail (Paris), served via Caddy with Let’s Encrypt TLS.

On the third-party side (outside our control):

When Brain reads your Gmail, Drive, OneDrive, HubSpot, Trello, or Slack, it reads from the vendor’s own servers. Those services have their own data-residency rules and many — especially consumer-tier Gmail and personal Microsoft accounts — store data globally, often in the US. Brain only relays this data; we do not move or duplicate it. If EU-only residency for the third-party data matters to you, you must configure it on the third-party side (e.g. Google Workspace Enterprise Data Regions, Microsoft 365 Enterprise data residency commitments).

4. Who can access it

  • You — always, via chat and via vault export.
  • The third-party services you connect — under the OAuth grant you authorised; revocable from the vendor at any time.
  • The LLM providers Brain uses — Anthropic, Google, OpenAI, Mistral, each under no-training data-handling agreements. Conversations are sent to them as they happen; they retain no data per their published policy for the tier we use.
  • NitroxConsulting operators — only when you ask for support, or under court order. Operator access to your vault is logged with timestamp, actor, target, and reason; the log is available on request.

We do not sell or trade your data. Period.

5. Your rights (GDPR)

  • Access — ask via security@nitroxbrain.com; we ship a copy of your data within 30 days.
  • Rectification — tell Brain in chat, or open a ticket for hard-to-edit fields.
  • Erasure — cancel from Stripe, then ask us to delete. We confirm by email within 30 days.
  • Portability — vault export is plain Markdown + JSON in a tar.gz. Nothing is locked in.
  • Restriction / objection — write to us with the specific processing you wish to limit; we will respond within 30 days.
  • Complaint — you can lodge a complaint with the CNIL (French DPA) at any time.

6. Retention

  • Active subscription: data kept as long as you remain subscribed.
  • After cancellation: vault, OAuth tokens, conversation history, and routing rows are deleted within 30 days. We send a confirmation email.
  • Operational logs: 30 days, then automatic deletion.
  • Stripe transaction records: kept as long as required by French / EU tax law (typically 10 years), separately from your Brain data.

7. Security incidents

If a breach affects your data, we will notify you and the CNIL within 72 hours of confirmation, naming what was accessed, when, what we are doing about it, and what you can do.

8. Changes to this policy

Material changes are flagged in a release note. The current version is always at nitroxbrain.com/privacy. Past versions are kept in our public Git history.

9. Contact