Privacy Policy

ContentBrain (the "Service") is operated by Automations Corp. This Privacy Policy explains what personal data we process, why, and how. Effective: 2026-05-20.

Data we process

  • Account: email, name, hashed password, login metadata (better-auth tables: user, session, account, verification).
  • Workspace content: brand voice, audience definition, generated content drafts, scores. Stored in tenant-isolated rows (Postgres RLS) + per-tenant FalkorDB graphs +tenant_id-filtered Qdrant payloads.
  • Audit logs: immutable append-only record of actions performed by users.
  • LLM trace data: prompts and completions are sent to Langfuse for observability. Aggregate-only by default; raw content can be redacted on request.

Lawful basis

Performance of contract (Art. 6(1)(b) GDPR) for the operation of the Service; legitimate interests (Art. 6(1)(f)) for fraud prevention, security monitoring, and product improvement.

Data residency

Primary infrastructure: EU. Sub-processors (OpenRouter, DataForSEO, Flux.2, Deepgram, Stripe, social platforms) operate per their own data processing terms.

Your rights

  • Access, rectification, erasure, portability (GDPR Articles 15–20)
  • Object to processing (Art. 21)
  • Lodge a complaint with your supervisory authority

Contact

Privacy questions: privacy@contentbrain.cloud.