Start freeSee where every dollar comes fromOne single system. Not 10 tools.Start freeSee where every dollar comes fromOne single system. Not 10 tools.Start freeSee where every dollar comes fromOne single system. Not 10 tools.Start freeSee where every dollar comes fromOne single system. Not 10 tools.
BRILU Revenue Intelligence System
L4Legal · AI Act

AI Act compliance policy.

Last updated: June 2026

BRILU AI (SC GEMSYA SRL) is committed to developing and using artificial intelligence responsibly, transparently and ethically, in line with EU Regulation 2024/1689 on artificial intelligence (the AI Act) and the international standard ISO 42001:2023 on AI management systems.

This policy describes how AI systems work in the BRILU platform, what that means for you as a user and what rights you have regarding the use of AI in your interactions with us.

We update this policy periodically to reflect changes in the platform and the legal framework. The current version is always available at brilu.ai/en/ai-policy.

1. BRILU AI's role under the AI Act

The AI Act defines several categories of actors in the AI ecosystem. BRILU AI acts in two capacities at the same time.

We act as a Provider when we develop and place on the market AI systems integrated into our platform — including BRILU Growth Intelligence LLM, AI Agents, SPR (Session Performance Rate), Lead Scoring and Churn Prediction. As a provider, we have extensive obligations on technical documentation, transparency towards users and post-market monitoring of the systems we make available.

We act as a Deployer when we use AI systems in our internal operations. As a deployer, we have obligations regarding AI Literacy for employees, human oversight of AI decisions and impact assessment of the systems we use.

2. AI systems used in the platform

2.1 Minimal-risk systems

AI Agents (Smart Chat Widget, Smart Chat Banner) are conversational assistants that interact with visitors of BRILU clients' sites. They run transparently — users are informed they are interacting with an AI system — and do not take autonomous decisions with significant impact. Revenue Attribution Engine and SPR are analysis and measurement systems classified as minimal-risk.

2.2 Limited-risk systems

BRILU Growth Intelligence LLM is the proprietary AI model that powers the generation of strategies, tactics and growth plans. It is classified as a General Purpose AI (GPAI) with limited risk under the AI Act.

Real-Time Predictive Lead Scoring calculates in real time the probability of conversion of a visitor based on behavior. Because it involves behavioral profiling of natural persons, it is classified as a limited-risk system.

Churn Prediction identifies clients at risk of churn. It is classified as a limited-risk system and subject to the same transparency and information obligations.

Sales Enablement Layer aggregates the conversational and behavioral context of a lead. Because it processes individual behavioral data, it is classified as a limited-risk system.

2.3 Note on use in high-risk contexts

No BRILU system is classified as high-risk in its standard use. However, if a client of the platform uses our Lead Scoring or AI Agents in contexts falling under high-risk categories of Annex III of the AI Act — for example recruitment, granting bank credit or access to essential services — the system automatically takes on that classification, and the client has additional compliance obligations.

3. Our principles for responsible AI

Transparency is fundamental: users are clearly informed when they are interacting with an AI system, not a human. Technical documentation of our systems is kept up to date and available on request.

Human oversight is a non-negotiable condition. No BRILU AI system makes final autonomous decisions with significant impact on users or our clients. Recommendations, strategies and tactics generated by AI are decision-support tools — the final decision always belongs to a human.

Fairness and non-discrimination are built into the development process. Our AI systems, in particular Lead Scoring and Churn Prediction, are designed, tested and monitored to avoid discriminatory outcomes based on gender, ethnicity, age, religion, nationality or any other protected ground.

Privacy by design means our systems are built to collect the minimum data necessary, protect it through encryption and avoid sharing it with third parties without a legal basis. The BRILU First-Party Data SDK collects behavioral data directly on the client's domain, without depending on third-party cookies.

Robustness and reliability are ensured through rigorous testing before launch and continuous monitoring in production.

4. Transparency and AI interaction

4.1 AI interaction notice

Any chat widget or conversational assistant powered by BRILU displays a clear notice that the user is interacting with an AI system, not a natural person. This obligation derives from Article 52 of the AI Act and is non-negotiable for all clients of our platform.

4.2 Lead Scoring and behavioral profiling

If you visit a site that uses the BRILU platform, your browsing behavior may be analyzed to compute a conversion probability score. This analysis is performed on behalf of the client operating that site — BRILU AI acts as a processor, not as a controller. To exercise your rights regarding this processing, contact the site operator directly.

4.3 AI-generated content

Strategies, tactics, growth plans and recommendations generated by the BRILU platform are produced by AI systems. They are advisory in nature and do not constitute professional legal, financial, medical or other specialized advice. You alone are responsible for the decisions you take based on AI-generated content.

5. Permitted and prohibited uses

The BRILU platform is designed for use in marketing, sales and business growth activities. Clients are prohibited from using the platform for purposes prohibited by Article 5 of the AI Act, including:

  • manipulating people's behavior through subliminal techniques or exploiting psychological vulnerabilities
  • social scoring systems producing unjustified negative consequences for individuals
  • real-time biometric identification in publicly accessible spaces
  • profiling of natural persons to predict criminal behavior
  • any other use expressly prohibited by the AI Act or applicable laws

Any use of the BRILU platform for prohibited purposes is the exclusive responsibility of the client and may result in immediate suspension of access to the services.

6. Your rights under the AI Act

You have the right to be informed when you are interacting with an AI system.

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. BRILU AI systems do not take such decisions autonomously — human intervention is always possible and encouraged.

You have the right to request an explanation of the logic of an AI system that affected you. Contact us at compliance@brilu.ai.

You have the right to contest a result produced by a BRILU AI system. Contact us at compliance@brilu.ai and we will investigate and respond within a maximum of 30 days.

For rights related to your personal data — access, rectification, erasure, portability — see our Privacy Policy available at brilu.ai/en/privacy.

7. Compliance and certification

BRILU AI is implementing ISO 42001:2023 — the AI Management System standard — the highest international standard for responsible AI governance. The certification process is underway.

AI Literacy for all BRILU employees working with or on AI systems is ensured in line with Article 4 of the AI Act, active since February 2025.

ANCOM — the National Authority for Management and Regulation in Communications — is the designated national authority for implementing and supervising the AI Act in Romania.

8. Reporting issues

If you identify inappropriate behavior of a BRILU AI system — incorrect or misleading answers, discriminatory outcomes, manipulative use or any other issue — please contact us immediately.

  • Email: compliance@brilu.ai
  • Subject: [AI Report] followed by a detailed description of the issue
  • Response times: confirmation within 48 hours, full investigation within 30 days

9. Changes to the policy

We update this policy periodically to reflect changes in the BRILU platform, the launch of new AI systems and changes in the applicable legal framework. We will notify you by email at least 30 days before material changes take effect.

10. Contact

  • AI compliance email: compliance@brilu.ai
  • Privacy email: privacy@brilu.ai
  • Address: GEMSYA SRL, Mircea Eliade 18, Bucharest, Romania
  • National AI authority: ANCOM — www.ancom.ro

BRILU AI SRL | compliance@brilu.ai | brilu.ai/en/ai-policy