Skip links
Beta version
Login
Join
Beta version
Login
Schedule a demo
Join

Legal & Compliance Framework

This document outlines BRILU’s compliance with relevant European regulations, including GDPR, AI Act, Digital Services Act (DSA), and other key legal frameworks governing AI-powered services.

1. GDPR Compliance Statement

1.1 Overview

BRILU is committed to full compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), ensuring user data protection, transparency, and legal processing of personal information.

1.2 Key GDPR Principles Followed by BRILU

  • Lawfulness, Fairness, and Transparency – Users are informed of data collection and processing activities.
  • Purpose Limitation – Data is collected only for specific, legitimate purposes.
  • Data Minimization – Only necessary data is processed.
  • Accuracy – Data is kept accurate and up to date.
  • Storage Limitation – Personal data is retained only as long as necessary.
  • Integrity and Confidentiality – Security measures are applied to protect data.

1.3 Data Subject Rights

BRILU ensures that individuals can exercise their rights under GDPR, including:

  • Right to Access – Users can request access to their personal data.
  • Right to Rectification – Users can correct inaccurate data.
  • Right to Erasure (Right to be Forgotten) – Users can request deletion of their data.
  • Right to Data Portability – Users can request data transfer in a structured format.
  • Right to Object – Users can object to data processing.
  • Right to Restriction of Processing – Users can request limitations on how their data is used.

1.4 Data Protection Impact Assessments (DPIA)

BRILU conducts DPIAs for high-risk processing activities to assess and mitigate risks.

1.5 Data Retention Policy

BRILU only retains personal data for as long as necessary for its intended purpose, after which it is securely deleted or anonymized.

2. Data Processing Agreement (DPA)

2.1 Overview

BRILU acts as a data processor when processing data on behalf of clients. To ensure compliance, BRILU signs a Data Processing Agreement (DPA) with clients acting as data controllers.

2.2 Responsibilities of Data Controller vs. Data Processor

  • Data Controller (Client): Determines the purposes and means of personal data processing.
  • Data Processor (BRILU): Processes data only on behalf of and as instructed by the controller.

2.3 Standard Contractual Clauses (SCCs) for International Data Transfers

For data transfers outside the EU/EEA, BRILU implements SCCs to ensure compliance with GDPR standards.

3. Digital Services Act (DSA) Compliance

3.1 Overview

The Digital Services Act (EU 2022/2065) regulates online platforms like BRILU to ensure transparency and user rights protection.

3.2 Transparency in AI-Generated Content

BRILU provides clear information when AI-generated responses are used, ensuring users understand they are interacting with an AI assistant.

3.3 AI-Driven Decision-Making Disclosure

If AI is used for automated decision-making (e.g., lead scoring, chatbot responses), BRILU provides transparency about the logic behind these processes.

3.4 Reporting Mechanisms for Users

BRILU provides a user-friendly mechanism for:

  • Reporting AI-generated misinformation.
  • Requesting human review for AI-driven decisions.

4. AI Liability Directive (EU Proposal 2024) Compliance

4.1 Overview

BRILU aligns with the proposed EU AI Liability Directive, ensuring accountability for AI-driven decisions and actions.

4.2 Measures for Responsible AI Development

  • AI bias detection and mitigation.
  • AI decision audit trails for accountability.
  • Continuous AI model improvement through ethical AI principles.

4.3 Explainability & User Control

  • Users can request explanations of AI-driven recommendations.
  • Users can adjust AI interaction settings for personalization.

5. E-Privacy Directive & Cookies Policy

5.1 Overview

BRILU complies with the EU E-Privacy Directive (2002/58/EC) and upcoming E-Privacy Regulation to ensure lawful cookie and tracking data collection.

5.2 Cookies & Tracking Mechanisms

BRILU’s website and platform use cookies for:

  • Essential functionality (required for service operation).
  • Analytics and user behavior tracking (optional, requiring consent).
  • Personalized marketing (optional, requiring explicit opt-in).

5.3 User Consent Mechanism

Users must opt-in to non-essential cookies. BRILU provides:

  • Clear cookie banners with granular choices.
  • The ability to withdraw consent at any time.

5.4 Data Storage & Access

BRILU stores user tracking data securely and does not share it with unauthorized third parties.

6. AI Compliance & Ethical AI Development

6.1 AI Act Compliance

BRILU proactively adheres to the EU AI Act by ensuring:

  • AI explainability and transparency.
  • AI bias monitoring and mitigation.
  • Fair and non-discriminatory AI decision-making.

6.2 Ethical AI Principles

  • AI must act in the best interest of users.
  • AI must be explainable and non-manipulative.
  • AI decision-making must have human oversight where necessary.

7. Legal Compliance in Conversation Style & User Interactions

7.1 GDPR & Legal Disclaimers in Conversations

  • AI-generated responses indicate that they are from an AI assistant.
  • Users are informed about how their data is used.

7.2 Age Verification & Sensitive Content Control

  • Age-restricted content is only accessible to verified users.
  • AI detects and filters inappropriate language or harmful content.

8. Security & Data Protection Measures

8.1 Data Encryption & Access Control

  • End-to-End Encryption: All user interactions are encrypted.
  • Multi-Factor Authentication (MFA): Required for administrative access.
  • Role-Based Access Control (RBAC): Limits access to sensitive data.

8.2 Security Audits & Compliance Monitoring

  • Regular security audits ensure compliance with GDPR and cybersecurity best practices.
  • Incident response plans are in place to handle security breaches.

9. Contact & Data Protection Officer (DPO) Information

For Data Protection Inquiries:
Email: [email protected]

BRILU is committed to ensuring compliance with all relevant EU regulations, providing secure, transparent, and ethically responsible AI-powered services.

For more details or legal inquiries, please contact our Legal & Compliance Team.