← Home

Privacy Policy

Beta · effective 10 June 2026

This Privacy Policy explains how [Operator legal name / business registration] (“we”, “us”) collects, uses, and protects your personal data when you use Brain (“the Service”). It is issued in accordance with the Personal Data Protection Act 2010 (Act 709) of Malaysia (“PDPA”). By using the Service you consent to the processing of your personal data as described here.

1. Personal data we collect

  • Account data: your username, a securely hashed password (scrypt — we never store the plaintext), and basic profile fields.
  • Content you store (“memories”): names, descriptions, bodies, and version history that you and your connected clients create. This may contain personal data you choose to include — you control what you store.
  • Activity metadata: device/client labels, token name, timestamps and version numbers for each change (for audit history and administration).

2. Purposes (Notice & Choice)

We process your personal data to: create and authenticate your account; provide the memory-storage service to your AI clients; maintain audit history and security; operate, support, and improve the Service. We will not use it for materially different purposes without notifying you.

3. Disclosure

We do not sell, rent, or share your personal data with third parties for their own purposes. Data may be disclosed only to: collaborators you explicitly grant access to (per-project, at the permission you set); and where required by law or to protect the Service. We do not use your data for advertising.

4. Security

We take reasonable steps to protect your data: passwords are hashed (scrypt), data is partitioned per account, access is token- and grant-controlled, and the service runs behind TLS. No system is perfectly secure, and this is beta software (see §8).

5. Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. On deletion request, your account and entire data partition (everything under user:<you>:*) are removed; off-server backups may retain copies for a short period before rotating out.

6. Your rights

Under the PDPA you may, in respect of your personal data:

  • request access to it;
  • request correction of inaccurate or incomplete data;
  • withdraw your consent to processing (which may mean we can no longer provide the Service);
  • limit its processing.

To make a data access, correction, or deletion request, contact us at [privacy contact email]. We may need to verify your identity before acting on a request.

7. Storage & cross-border transfer

Your data is stored on a private server operated for the Service. If data is stored or processed outside Malaysia, we take reasonable steps to ensure a comparable level of protection consistent with the PDPA.

8. Beta caveat

Brain is early beta software. Data may be lost during maintenance or incidents — please keep your own copy of anything you can’t afford to lose.

9. Changes & contact

We may update this Policy; material changes are reflected by the effective date above. Questions or requests: [privacy contact email]. See also our Terms of Service.

A Bahasa Malaysia version of this notice will be made available, as contemplated by section 7(3) of the PDPA.