PoliciesPrivacy

Last updated: April 1, 2026

Privacy Policy

How Brazen.AI collects, uses, shares, and protects personal data — and your rights as a data subject.

On this page

This Privacy Policy explains how Brazen AI, Corp. (“Brazen.AI”, “we”, “us”) collects, uses, shares, and protects personal data when you visit brazen.ai (the “Site”) or use the Brazen.AI agentic marketing platform (the “Service”), and the rights you have over your personal data.

This page is a working draft. Bracketed values are pending review by outside counsel.

Who we are

Brazen.AI is operated by Brazen AI, Corp., a Delaware corporation with its registered office at Corporation Service Company, 251 Little Falls Drive, Wilmington, DE 19808. For privacy questions, contact us at privacy@brazen.ai.

We have appointed a Data Protection Officer reachable at privacy@brazen.ai.

Scope

This policy covers personal data we collect through the Site and through the Service when you sign up for or use it directly. It does not cover personal data that our customers process through the Service on behalf of their own end-users; for that data, our customer is the controller and Brazen.AI is the processor under our Data Processing Addendum (see DPA).

What we collect

We collect personal data in the following categories:

  • Visitor data: IP address, device and browser type, pages viewed, referrer, cookie identifiers, advertising identifiers, and Global Privacy Control signal.
  • Lead and prospect data: name, business email, company, role, country, demo-request content, and notes from our conversations.
  • Account data: name, business email, billing details (handled by our payment processor), authentication identifiers, and support tickets.
  • Usage data: product telemetry, audit logs, and aggregated metrics describing how the Service is used.
  • Sensitive personal information: we do not intentionally collect sensitive personal information as defined by the CCPA/CPRA.

How we use your data

We use personal data only for the purposes listed below, each tied to a lawful basis under the GDPR:

PurposeLawful basis (GDPR Art. 6)
Provide, secure, and improve the ServiceContract (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f))
Respond to demo requests and sales inquiriesLegitimate interest; consent where required
Marketing communicationsConsent (EEA/UK); legitimate interest with opt-out (US)
Site analytics and advertising measurementConsent (EEA/UK); legitimate interest with opt-out (US)
Fraud prevention, security, and legal complianceLegal obligation and legitimate interest
Product evaluation and internal model quality testingLegitimate interest, with opt-out

Cookies and similar technologies

We use cookies and similar technologies to operate the Site, remember preferences, measure how the Site is used, and (with consent where required) measure advertising performance. You can manage your choices any time from the cookie banner or via the “Cookie settings” link in the footer. For details, see our Cookie Policy.

Sharing and subprocessors

We share personal data only with categories of recipients listed below, and only as necessary to deliver and improve the Service:

  • Cloud infrastructure and hosting providers
  • Payment processor (for paid customers)
  • Email and customer-communications providers
  • Analytics and product-telemetry providers
  • Advertising and measurement partners (with consent where required)
  • Foundation-model and AI infrastructure providers
  • Customer relationship and support tools
  • Professional advisors, auditors, and authorities where legally required

A complete and current list of our processors is published at /subprocessors.

International transfers

Brazen.AI is established in the United States. Where personal data is transferred from the EEA, the UK, or Switzerland to the United States or to other jurisdictions that have not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss FDPIC addendum, supplemented by appropriate technical and organizational measures.

Data retention

We retain personal data for the period required to fulfill the purposes listed in this policy or as required by law. Default retention periods are:

  • Marketing leads: 24 months after last meaningful engagement.
  • Account data: life of the customer relationship plus 30 days for deletion; 7 years for invoicing where required by tax law.
  • Site analytics: 14 months.
  • Security and audit logs: 12 months.

Your rights

Depending on where you live, you may have the following rights with respect to your personal data:

  • EEA / UK (GDPR / UK GDPR): access, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent, and the right to lodge a complaint with your supervisory authority.
  • California (CCPA/CPRA): right to know, right to delete, right to correct, right to opt out of sale and sharing, right to limit use of sensitive personal information, and right to non-discrimination. To exercise the opt-out right, see Do Not Sell or Share My Personal Information. We honor Global Privacy Control signals as a valid opt-out.
  • Other US states (VA, CO, CT, UT, TX, OR, MT): equivalent rights to know, correct, delete, opt out of targeted advertising and certain profiling, and appeal a denial.

How to exercise your rights

To exercise any right, email privacy@brazen.ai with the subject line “Privacy Request” and the type of request. We respond to GDPR requests within 30 days and to CCPA requests within 45 days, with up to one extension as permitted by law. We may need to verify your identity before acting on a request.

Children's privacy

The Site and the Service are not directed to anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@brazen.ai and we will delete it promptly.

Automated decision-making and AI

Brazen.AI's product makes automated decisions in the course of running marketing campaigns — for example, generating creative, selecting audiences, and optimizing bids. None of those decisions produce legal or similarly significant effects on individual end-users. Customers retain human-in-the-loop approval for consequential actions through the Decision Inbox. For more on how we use AI, what we do (and never do) with your data, and how to request human review, see AI Disclosures.

Security

We protect personal data using TLS 1.2+ for data in transit, encryption at rest, role-based access control, MFA on administrative access, and continuous monitoring. For details and our certifications roadmap, see Security Overview.

Changes to this policy

We update this policy from time to time. Material changes will be signaled by updating the “Last updated” date at the top of the page and, where appropriate, by an in-product or email notification.

Contact

Privacy team: privacy@brazen.ai
Postal: Corporation Service Company, 251 Little Falls Drive, Wilmington, DE 19808
DPO: privacy@brazen.ai