Start freeSee where every dollar comes fromOne single system. Not 10 tools.Start freeSee where every dollar comes fromOne single system. Not 10 tools.Start freeSee where every dollar comes fromOne single system. Not 10 tools.Start freeSee where every dollar comes fromOne single system. Not 10 tools.
BRILU Revenue Intelligence System
L2Legal · GDPR

Privacy policy.

Last updated: July 2026

We consider the protection of personal data a fundamental commitment of BRILU AI (SC GEMSYA SRL). We dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data („GDPR"), and with any other legislation applicable in Romania and the European Union.

Transparency is a core principle of this legal framework. We prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us in connection with our products and services, including through the brilu.ai website or the BRILU platform.

We reserve the right to update this Privacy Policy periodically to reflect changes in how we process your data or changes in applicable legal requirements. For material changes we will notify you directly, e.g. by email, at least 30 days before they take effect. Please check this policy regularly — the current version is always available at brilu.ai/en/privacy.

Who we are and how to contact us

SC GEMSYA SRL is a Romanian legal entity, registered office in Bucharest, Mircea Eliade 18, sector 1, tax registration code: 47654397 (hereinafter „BRILU AI" or „we"). Under data protection law, we act as the controller when processing your personal data.

We are always available to answer questions about the processing of personal data. We encourage you to contact our Data Protection Officer (DPO) at dpo@brilu.ai or by post to our registered office, marked: For the attention of the Data Protection Officer.

You can also reach us at privacy@brilu.ai for any request related to exercising your GDPR rights.

What categories of personal data we process

Generally, we collect your personal data directly from you, so you control what information you share with us.

Data provided directly by you

When you visit brilu.ai and fill in a contact form, subscribe to the newsletter or request a demo, you provide data such as: email address, first and last name, company and job title. You can browse our site without providing personal data.

When you create a BRILU account, you provide: email address, first and last name, password (stored only in encrypted form — we do not have access to your password in plain text).

Through your account page in the platform, you can add further information such as: company, job title, phone number, notification preferences and account settings.

When you purchase a BRILU subscription, you provide billing information: name, billing address and tax code (where applicable). Card data is processed directly by our secure payment provider — BRILU AI does not store or have access to your full card details.

Data collected automatically

When you visit our site or use the BRILU platform, we automatically collect certain technical information such as: IP address (anonymized), browser type, operating system, pages visited, session duration and other information about how you interact with the site. This data is necessary for site operation, security and continuous improvement of our services.

When you use the BRILU platform, we collect data on how you interact with its features: reports generated, configurations made, features accessed and other usage data. This helps us understand how the product is used and improve it.

We use cookies and similar technologies on our site, in line with our Cookie Policy available at brilu.ai/en/cookies.

BRILU AI does not collect or process special categories of personal data within the meaning of Article 9 GDPR. BRILU AI does not knowingly process data of minors under 18. The BRILU platform is intended solely for users aged 18 or older.

Purposes and legal bases for processing

1. To provide the BRILU services

  • Creating and administering your account on the BRILU platform
  • Authenticating you and securing access to your account
  • Processing subscriptions and managing payments
  • Delivering platform features: AI strategy generation, reports, AI Agents, dashboards and other components of the service
  • Handling cancellations or any issues relating to your subscription
  • Providing technical support and customer assistance
  • Sending operational notifications related to your account, subscription and security

Processing for these purposes is necessary to perform the contract between BRILU AI and you. Some processing may also be required by applicable law, including tax and accounting law.

2. To improve our services

We collect and analyze aggregated and anonymized data about how users interact with the platform, to identify opportunities to improve existing features and develop new ones. We rely on our legitimate interest. If you wish to object, please contact privacy@brilu.ai.

3. For marketing

With your prior consent, we may send you marketing communications by email, including information about new BRILU platform features, offers, case studies, educational resources on the AI Act and compliance, webinars and other relevant commercial communications.

You can change your mind and withdraw consent at any time by:

  • Clicking the unsubscribe link in any marketing email we send
  • Changing notification preferences in your BRILU account settings
  • Contacting us at privacy@brilu.ai

4. To defend our legitimate interests

  • Protecting the site and platform against cyberattacks and unauthorized access
  • Preventing and detecting fraud attempts
  • Managing disputes or legal proceedings
  • Complying with legal obligations and court orders

5. For processing carried out by BRILU AI systems on behalf of our clients

The BRILU platform also acts as an intermediation platform between our clients (companies using the platform) and their end users. In this capacity, BRILU AI acts as a processor on behalf of the client — the data controller is our client, not BRILU AI.

Lead Scoring, AI Agents and Churn Prediction features process behavioral data of visitors to our clients' sites. If you have questions about the processing of your data on a BRILU client's site, please contact the operator of that site directly.

How long we keep your data

  • Account and platform usage data is kept during the active subscription and for up to 3 years after account closure, to resolve any disputes
  • Billing data is kept for 10 years, in line with Romanian tax and accounting obligations
  • Behavioral data collected via our First-Party SDK is kept for a maximum of 12 months from collection
  • Marketing communications are stopped upon withdrawal of consent; related contact data is kept only on the unsubscribe list, so we do not contact you again
  • Security logs are kept for a maximum of 12 months

Who we share your data with

  • Payment processing providers, to execute financial transactions
  • Email and communications providers, to deliver notifications and marketing communications
  • IT infrastructure and hosting providers, to operate the platform
  • Third-party AI model providers, to the extent necessary for platform features using external models — strictly under our instructions and based on data processing agreements
  • Analytics and statistics providers, to understand how the platform is used
  • Public authorities, where we have a legal obligation or it is necessary to defend a legitimate right

We do not sell your personal data to any third party.

Which countries we transfer your data to

As a rule, your data is stored and processed within the European Union and the European Economic Area (EEA). Where data is transferred outside the EU/EEA — for example when using AI service providers based in the United States — the transfer is carried out solely under appropriate transfer mechanisms such as the Standard Contractual Clauses adopted by the European Commission.

How we protect your data

Your data is transmitted using HTTPS/TLS encryption and stored on secure servers with encryption at rest. Internal access to your data is restricted on a least-privilege basis and protected with two-factor authentication. We use Cloudflare to protect our infrastructure from cyberattacks.

In case of a security incident that could affect your rights and freedoms, we will notify you within the legal 72-hour deadline from becoming aware of the incident.

Your rights (GDPR)

You can request access to your data, correction of errors, deletion of data or object to processing. You also have the right to lodge a complaint with the competent supervisory authority or take judicial action. To exercise your rights, contact us at privacy@brilu.ai.

Right of access

You can ask us to confirm whether we process your personal data, to provide a copy of it and to inform you about: the data we hold, what we use it for, who we share it with, whether we transfer it outside the EU and how we protect it, how long we keep it and what other rights you have.

Right to rectification

You can ask us to rectify or complete your inaccurate or incomplete data. You can correct part of your profile data directly in the BRILU platform.

Right to erasure

You can ask us to erase your personal data, in the cases provided by GDPR. Billing data is kept for 10 years under tax obligations, even if you ask to close the account.

Right to restrict processing

You can ask us to restrict processing of your data in the cases provided by GDPR.

Right to data portability

You can ask us to provide the data you supplied directly to us, in a structured, commonly used and machine-readable format.

Right to object

You can object at any time, on grounds relating to your particular situation, to processing based on our legitimate interest. You can also object at any time to processing for direct marketing purposes, without giving any reason.

Rights regarding automated decisions

You can ask not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. BRILU AI systems do not make final autonomous decisions — all recommendations and analyses are tools to assist human decision-making.

Right to lodge a complaint

National Supervisory Authority for Personal Data Processing (ANSPDCP) — B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest. Phone: +40.318.059.211 / +40.318.059.212. Email: anspdcp@dataprotection.ro. Website: www.dataprotection.ro

Without prejudice to your right to contact the supervisory authority at any time, please contact us first at privacy@brilu.ai.

SC GEMSYA SRL | privacy@brilu.ai | dpo@brilu.ai | brilu.ai/en/privacy