The Future of AI is Personal
Privacy Policy
Last updated: April 10, 2026
This Privacy Policy explains how BrainDrive LLC (“BrainDrive,” “we,” “us,” or “our”) collects, uses, stores, and protects your information when you use BrainDrive services, including BrainDrive Concierge (managed hosting at my.braindrive.ai), BrainDrive Models (pay-as-you-go AI credits for self-hosted users), and the BrainDrive Community (community.braindrive.ai).
If you use BrainDrive as a self-hosted application on your own hardware without any BrainDrive paid service, BrainDrive LLC has no access to your data. Your Library, chat history, and settings are stored on your device. However, if you configure third-party AI model providers (such as OpenRouter, Anthropic, or others), your prompts and relevant context are sent to those providers per their own privacy policies — that is between you and the provider you choose.
If you use BrainDrive Models (our pay-as-you-go AI credit service), we collect limited information as described in the “BrainDrive Models Users” section below. Your Library content and chat history remain on your device. AI requests are processed on BrainDrive’s infrastructure — either by a model we host directly or by forwarding to a third-party provider.
1. Our Privacy Principles
BrainDrive is built on the belief that you own your data. These principles guide every decision we make about your information:
- Your data belongs to you. We do not sell, share, license, or monetize your content.
- We respect your privacy. We do not routinely access, read, or monitor your Library or chat history.
- You can leave anytime. Full data export is always available — your data is never held hostage.
- We are transparent. This policy tells you exactly what we collect, why, and who else touches it.
2. Concierge Users — What We Collect
Information You Provide
| Data | Purpose | Stored Where |
|---|---|---|
| Email address | Account identification, service communications, password resets | BrainDrive database |
| Password | Account authentication (stored as a salted hash — we never store your actual password) | BrainDrive database |
| Payment information | Subscription billing | Processed and stored by Stripe. BrainDrive never sees or stores your credit card number. We store only your subscription ID, status, and billing period dates. |
| Library content | Your documents, notes, folders, and files — the core of the service | Your isolated container on BrainDrive infrastructure |
| Chat history | Your AI conversations | Your isolated container |
| Settings and preferences | Service configuration | Your isolated container |
Information Collected Automatically
| Data | Purpose | Retention |
|---|---|---|
| IP address | Security (login monitoring, abuse prevention) | Retained in audit logs for 90 days (anonymized, no user content) |
| Usage metadata | Service operation and performance (e.g., login timestamps, feature usage counts) | Aggregated, no user content |
3. BrainDrive Models Users — What We Collect
If you purchase BrainDrive Models credits to use AI models through your self-hosted BrainDrive, the following applies. This is a lighter data footprint than Concierge because your BrainDrive instance — including your Library, chat history, and settings — remains on your own hardware.
Information You Provide
| Data | Purpose | Stored Where |
|---|---|---|
| Email address | Key delivery, purchase receipts, account identification | Credits service database |
| Payment information | Credit purchases | Processed and stored by Stripe. BrainDrive never sees or stores your credit card number. We store your email, purchase amounts, and transaction IDs. |
Information Collected Automatically
| Data | Purpose | Stored Where |
|---|---|---|
| API key hash | Authenticate your requests | Credits service database (we store a hash of your key, not the key itself) |
| Usage metadata | Credit tracking, rate limiting, abuse prevention (token counts and costs — not prompt content) | Credits service database |
| IP address | Rate limiting | Retained for 24 hours only |
What We Do NOT Collect from BrainDrive Models Users
- Your prompts and AI conversations — When you send a request through BrainDrive Models, your prompt is processed on BrainDrive’s infrastructure. BrainDrive and our LiteLLM proxy do not log, store, or retain the content of your prompts or AI responses. If a third-party AI model is used, your prompt is forwarded to that provider to generate a response — the provider necessarily processes your prompt content under their own API terms, but we select providers whose terms prohibit training on customer data. If a BrainDrive-hosted model is used, your prompt is processed entirely on our infrastructure and is not shared with any third party.
- Your Library content — Your documents, notes, and files stay on your device. We have no access to them.
- Your chat history — Stored on your device, not on our servers.
- Your BrainDrive settings or preferences — Stored on your device.
How AI Requests Are Processed
When you make an AI request using BrainDrive Models:
- Your BrainDrive sends the request (including your prompt and relevant context) to our LiteLLM proxy.
- LiteLLM verifies your API key has sufficient credits.
- If a third-party model is used, LiteLLM forwards the request to that provider. If a BrainDrive-hosted model is used, the request is processed on our infrastructure without leaving it.
- The model returns the response, which LiteLLM passes back to your BrainDrive.
- LiteLLM records the token count and cost for credit tracking. It does not record the prompt or response content.
4. Community Forum Users
The BrainDrive Community is a public discussion forum hosted on Discourse at community.braindrive.ai. It is open to all BrainDrive users. Some sections may be restricted to BrainDrive Concierge subscribers.
Information You Provide
| Data | Purpose | Stored Where |
|---|---|---|
| Email address | Account registration, notifications | Discourse database (hosted on BrainDrive infrastructure) |
| Username and profile info | Public identity on the forum (username, avatar, bio) | Discourse database |
| Posts and replies | Community discussion | Discourse database |
Information Collected Automatically
| Data | Purpose | Retention |
|---|---|---|
| IP address | Security, spam prevention, rate limiting | Per Discourse defaults |
| Cookies | Session management, preferences, CSRF protection | Session and persistent (see Cookies section) |
| Read/visit tracking | Topic tracking, notification preferences, trust level calculation | Ongoing |
What You Should Know About the Community
- Your posts are public. Content you post on the forum is visible to anyone on the internet, including search engines. Do not post private or sensitive information in forum posts.
- Your profile is public. Your username, avatar, bio, and post history are visible to other users and the public.
- Moderation. BrainDrive administrators and moderators can read, edit, move, or delete posts to maintain community standards. Moderation actions are logged.
- Email notifications. Discourse sends email notifications based on your preferences (replies, mentions, topic updates). You can control these in your forum notification settings.
- Account deletion. You can request deletion of your forum account by contacting info@braindrive.ai. Posts you made may be anonymized rather than deleted to preserve discussion continuity, consistent with standard forum practice.
5. What We Do NOT Collect
- We do not use cookies or tracking scripts to monitor your behavior on our website. Our website analytics use Plausible Analytics, which collects no personal data and uses no cookies.
- We do not build user profiles for advertising.
- We do not collect biometric data.
- We do not collect information from third-party sources about you.
6. How We Use Your Information
We use your information only to:
- Operate the service — host your BrainDrive instance (Concierge), process AI requests (Models), store your Library (Concierge)
- Process payments — manage subscriptions (Concierge) and credit purchases (Models) through Stripe
- Send service communications — password resets, billing notices, API key delivery, security alerts, and important service announcements via Postmark
- Maintain security — detect and prevent unauthorized access, abuse, and security incidents
- Comply with legal obligations — respond to valid legal process
We do not use your information to:
- Sell or share your data with advertisers
- Train AI models on your content
- Build profiles for targeted advertising
- Send unsolicited marketing (unless you opt in)
7. How We Access Your Content
We do not routinely or proactively access, read, or monitor the content you store in your Library or your chat history. Your Second Brain is your private space.
For Concierge users, we may access your account or content only when necessary for:
- Technical support you request — and only the minimum data needed to resolve your issue
- Valid legal process — subpoenas, court orders, or law enforcement requests with proper legal authority
- Security incidents — investigating unauthorized access, active threats, or platform integrity issues
- DMCA takedown compliance — responding to valid copyright takedown notices (see our DMCA Policy)
- Preventing imminent harm — situations involving fraud or serious risk of harm
When we access your data for any of these reasons, we limit access to the minimum necessary and document the access internally.
For BrainDrive Models users, your Library content, chat history, and settings are on your own hardware — we do not have access to them. Your prompts pass through our infrastructure for AI processing but are not logged, stored, or read. We can only see usage metadata (token counts, costs, and API key status).
8. Third-Party Services
We use a limited number of third-party services to operate BrainDrive. Each service receives only the data it needs to perform its function.
| Service | What It Receives | Why | Privacy Details |
|---|---|---|---|
| AI model providers | AI prompts and context (Concierge and Models users) | Processes AI model requests | BrainDrive routes requests to AI models, which may be third-party providers or models hosted directly by BrainDrive. For third-party providers, we select those whose API terms prohibit training on customer data. For BrainDrive-hosted models, your prompts are not used to train models. |
| LiteLLM (on our infrastructure) | AI prompts in transit, token counts | Routes requests to AI models, enforces credit budgets | Runs on BrainDrive infrastructure (Hetzner). Open-source proxy. Prompt content is not logged or stored. |
| Stripe | Payment and billing information | Processes subscription payments and credit purchases | PCI DSS Level 1 compliant. BrainDrive never sees your card number. |
| Hetzner | All Concierge user data (infrastructure host) | Hosts the servers that run Concierge instances and the credits service | ISO 27001 certified. US datacenter (Ashburn, VA). German company. |
| Cloudflare | Network traffic at the edge | DDoS protection and TLS termination | Processes traffic in transit; does not store your Library content. |
| Postmark | Your email address | Sends transactional emails (password resets, billing notices, API key delivery) | US-based. SOC certified. Used only for service-critical transactional messages. |
| Plausible Analytics | None (no personal data) | Website visitor analytics | Cookie-free. Collects no personal data. EU-hosted. No tracking of individual users. |
| Discourse | Email, username, profile info, posts, IP address | Powers the BrainDrive Community forum | Open-source forum software. Hosted on BrainDrive infrastructure (Hetzner). Posts are public. |
What We Do NOT Do With Your Data
- We do not sell your personal information. Not now, not ever.
- We do not share your data with advertisers.
- We do not use your content to train AI models.
- We do not transfer your data to third parties except as described in the table above.
9. Cookies
BrainDrive Concierge uses only essential cookies necessary for the service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Keeps you logged in | Persistent, up to 7 days. Cleared on logout. |
| CSRF token | Prevents cross-site request forgery attacks | Session |
BrainDrive Models does not use cookies — it is an API service accessed via your self-hosted BrainDrive.
BrainDrive Community (community.braindrive.ai) uses Discourse, which sets session cookies, a CSRF token, and preference cookies (e.g., theme, notification settings). These are functional cookies required for the forum to operate.
We do not use advertising cookies, tracking cookies, or third-party cookies.
10. Data Retention
Concierge
| Scenario | What Happens | Timeline |
|---|---|---|
| Active subscription | Your data is retained as long as your subscription is active. | Ongoing |
| After cancellation | Your instance is suspended. Data is preserved with export available. | 30 days |
| After 30-day preservation | Active systems permanently deleted (containers, volumes, databases). | Immediate |
| Encrypted backups | Your data may persist in encrypted backups as they naturally rotate. Backups are encrypted (AES-256), access-restricted, and used only for disaster recovery. | Up to 90 days |
| Audit logs | Anonymized event logs (login timestamps, not content) retained for security. | 90 days |
BrainDrive Models
| Data | Retention |
|---|---|
| Email + purchase history | Retained as long as your API key is active, plus 90 days after revocation for financial records |
| API key hash | Retained as long as your key is active |
| Usage metadata (token counts, costs) | Retained for 12 months for billing and abuse prevention |
| Payment records | Retained per Stripe’s policies and applicable tax/financial regulations |
| Rate limiting logs (IP addresses) | 24 hours |
Community Forum
| Data | Retention |
|---|---|
| Account info (email, username, profile) | Retained as long as your forum account is active |
| Posts and replies | Retained indefinitely (public content). May be anonymized rather than deleted upon account deletion. |
| IP addresses | Per Discourse defaults (used for spam prevention and moderation) |
| Cookies and session data | Session-based or per user preference settings |
11. Data Export
You can export your complete data at any time via the in-app export feature. The export includes:
- Your full Library (documents, notes, folders, and files)
- Your database (pages, chat history, and settings)
- Delivered as a downloadable zip file
This applies to both Concierge users (export from the hosted instance) and self-hosted users (your data is already on your device).
We believe your data should be as easy to take with you as it is to create.
12. Deletion
Concierge Account Deletion
Cancel your subscription from the billing settings page. After the 30-day preservation period, your data is permanently deleted from active systems. Encrypted backups rotate out within 90 days. See our Terms of Service for the full cancellation process.
BrainDrive Models Account Deletion
Contact info@braindrive.ai with your registered email address. We will revoke your API key and delete your account data within 30 days. Financial transaction records may be retained as required by applicable tax and accounting laws. Your remaining credit balance will be forfeited upon deletion (credits are non-refundable per our Terms of Service).
Community Forum Account Deletion
Contact info@braindrive.ai with your forum username or registered email. We will delete your account within 30 days. Posts you made may be anonymized (attributed to a generic “deleted user”) rather than removed, to preserve discussion continuity. If you prefer full post deletion, let us know and we will accommodate where possible.
What Deletion Does NOT Affect
Your self-hosted BrainDrive installation and all data on it are unaffected by deleting your Concierge, Models, or Community account.
13. Your Rights
All Users
You have the right to:
- Access your personal information (via the in-app export or by contacting us)
- Correct inaccurate personal information (update your account settings or contact us)
- Delete your account and personal data (cancel your account or submit a deletion request)
- Export your data (via in-app export, available at any time)
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect, use, and disclose
- Right to delete your personal information
- Right to opt out of the sale of personal information — we do not sell your personal information, so this right is already satisfied
- Right to non-discrimination — we will not discriminate against you for exercising your privacy rights
Categories of personal information we collect:
- Concierge users: Identifiers (email, IP address), commercial information (subscription status), internet activity (usage metadata), and user-generated content (Library content, chat history).
- BrainDrive Models users: Identifiers (email, IP address), commercial information (purchase history, credit balance), and internet activity (API usage metadata — token counts and costs, not prompt content).
- Community forum users: Identifiers (email, IP address, username), internet activity (posts, read/visit tracking), and user-generated content (posts and replies — note: forum content is public).
Sensitive personal information. We collect account credentials (email and password hash) for authentication purposes only. We do not collect or process sensitive personal information (such as Social Security numbers, financial account numbers, precise geolocation, racial or ethnic origin, or health data) beyond what is strictly necessary for account security and service delivery.
We do not sell personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.
To exercise your CCPA rights, contact us at info@braindrive.ai. We will verify your identity before processing your request.
14. Data Security
We take the security of your data seriously. Our security measures include:
- Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
- Per-user container isolation (Concierge) — Each managed hosting user runs in their own isolated container, separate from other users.
- Encrypted backups — Backups are encrypted using AES-256 and stored with restricted access.
- Access controls — Internal access to user data is restricted to authorized personnel and logged.
- Authentication security — Passwords are salted and hashed. We never store plaintext passwords. API keys are stored as hashes.
- Rate limiting — All endpoints are rate-limited to prevent abuse.
No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you in accordance with applicable law (Delaware law requires notification within 60 days of discovery).
15. Children’s Privacy
BrainDrive services are restricted to users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a minor, we will take steps to delete that information promptly.
16. International Data
Our servers are located in the United States. If you are accessing BrainDrive services from outside the US, your data will be transferred to and processed in the United States. By using the service, you consent to this transfer. We implement appropriate safeguards to protect your data in accordance with applicable data protection laws.
If you are located in the European Economic Area, you have rights under the GDPR including: access, rectification, erasure (via account deletion), data portability (via export), restriction of processing, and the right to object. To exercise these rights, contact info@braindrive.ai. We will respond within 30 days.
17. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect and post the updated policy with a revised “Last Updated” date.
18. Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at:
Email: info@braindrive.ai
Website: braindrive.ai
This Privacy Policy applies to BrainDrive services operated by BrainDrive LLC, a Delaware limited liability company. Related policies: Terms of Service, Acceptable Use Policy, DMCA Policy, and Refund & Cancellation Policy.