Privacy Policy
Last Updated: 7.02.25
1. Introduction
This Privacy Policy explains how BRILU collects, processes, stores, and protects your data in compliance with GDPR (Regulation (EU) 2016/679), the Digital Services Act, and the ePrivacy Directive.
By using BRILU, you agree to the terms of this Privacy Policy.
2. What Data Do We Collect?
BRILU collects only necessary data, including:
Personal Data (GDPR Compliant):
- Name, email, phone (only when provided by users).
- Customer interactions with AI (chat history, sentiment analysis).
Technical Data:
- IP address, device type, and browser information (for security purposes).
- Session data (timestamps, engagement rates).
Sensitive Data (Health, financial, or biometric data) is NOT stored.
3. How Do We Use Your Data?
BRILU processes user data strictly for the following purposes:
- To improve AI-generated responses & recommendations.
- To optimize customer service and sales automation.
- To provide analytics and business intelligence insights.
- To ensure security, fraud prevention, and compliance with EU laws.
4. Legal Basis for Processing Data (GDPR Article 6)
BRILU processes data based on:
- User consent (for marketing and cookies).
- Legitimate interest (to improve AI interactions).
- Contractual necessity (for business clients using AI services).
5. Data Retention & User Rights (GDPR Articles 15-21)
- Right to Access: Users can request a copy of their data.
- Right to Rectification: Users can correct incorrect information.
- Right to Erasure (“Right to be Forgotten”): Users can request data deletion.
- Right to Object: Users can opt out of automated processing.
- Right to Data Portability: Users can export data in a structured format.
Data is retained only for as long as necessary to fulfill business purposes.
6. Data Security Measures
BRILU uses top-tier security protocols to protect user data:
- End-to-End Encryption (TLS 1.3, AES-256) for secure data transmission.
- Multi-Factor Authentication (MFA) to prevent unauthorized access.
- Role-Based Access Control (RBAC) ensures only authorized users can access data.
- Daily Backups & Disaster Recovery for business continuity.
7. Third-Party Integrations & Data Sharing
- BRILU does NOT sell personal data to third parties.
- We integrate with CRM/ERP systems, ensuring GDPR compliance.
- Data is shared only with trusted service providers (AWS, Microsoft Azure, etc.).
8. Cookies & Tracking
BRILU uses cookies only for essential website functionality and analytics.
- Users must provide consent for cookies related to tracking.
- Cookie settings can be managed via browser settings.
9. Data Transfers Outside the EU
- BRILU stores data within the EU (Microsoft Azure, AWS).
- If data is transferred outside the EU, we use Standard Contractual Clauses (SCCs) for GDPR compliance.
10. AI System Transparency & Human Oversight
In compliance with Article 13 of the EU AI Act, BRILU ensures users are fully informed about AI-driven interactions and decision-making processes.
User Rights Under the AI Act:
- Right to Know: Users are notified when engaging with an AI assistant.
- Right to Explanation: Users can request clarifications on AI-generated decisions.
- Right to Human Oversight: AI-generated responses are monitored to ensure ethical interactions.
AI Limitations: BRILU does not replace human decision-making in legal, medical, or financial matters.
11. AI Risk Management & Data Protection
BRILU follows EU AI Act risk classification guidelines to ensure responsible AI deployment:
Limited-Risk AI (Customer Engagement, CRM, FAQs, Chatbots):
- AI-generated responses are clearly labeled as machine-generated.
- No profiling or automated decision-making without human intervention.
High-Risk AI (Healthcare, HR, Financial Advice, Legal Support):
- Brilu AI does not make autonomous high-risk decisions (e.g., medical diagnosis, credit scoring).
- AI insights are meant to support human professionals, not replace them.
Data Protection & Compliance:
Brilu AI follows strict GDPR & AI Act guidelines:
- AI data processing is limited, anonymized, and securely stored.
- AI logs and records comply with EU data retention and audit standards.
- Users can opt-out of AI-based processing at any time.
Where Do We Apply the AI Act in Brilu’s System?
- Assistant Disclosure: Users must see a notice that they are interacting with AI (e.g., a chatbot label in conversations).
- Human Review Option: AI cannot make final decisions without human validation in high-risk applications (e.g., medical triage).
- Bias & Fairness Monitoring: AI is regularly tested to ensure fair and unbiased customer interactions.
- Logging & Accountability: AI responses and interactions are logged for compliance audits.
12. Contact Us
For GDPR requests or questions: [email protected]
For legal inquiries: [email protected]