Privacy Policy
ContentBrain (the "Service") is operated by Automations Corp. This Privacy Policy explains what personal data we process, why, and how. Effective: 2026-05-20.
Data we process
- Account: email, name, hashed password, login metadata (better-auth tables:
user,session,account,verification). - Workspace content: brand voice, audience definition, generated content drafts, scores. Stored in tenant-isolated rows (Postgres RLS) + per-tenant FalkorDB graphs +
tenant_id-filtered Qdrant payloads. - Audit logs: immutable append-only record of actions performed by users.
- LLM trace data: prompts and completions are sent to Langfuse for observability. Aggregate-only by default; raw content can be redacted on request.
Lawful basis
Performance of contract (Art. 6(1)(b) GDPR) for the operation of the Service; legitimate interests (Art. 6(1)(f)) for fraud prevention, security monitoring, and product improvement.
Data residency
Primary infrastructure: EU. Sub-processors (OpenRouter, DataForSEO, Flux.2, Deepgram, Stripe, social platforms) operate per their own data processing terms.
Your rights
- Access, rectification, erasure, portability (GDPR Articles 15–20)
- Object to processing (Art. 21)
- Lodge a complaint with your supervisory authority
Contact
Privacy questions: privacy@contentbrain.cloud.