Privacy Policy
Last updated: April 26, 2026
This Privacy Policy describes how CerebroChain LLC ("CerebroChain", "we", "us") collects, uses, and protects personal and operational data when you use the CerebroChain platform (the "Service"). It supplements the Terms of Service.
What we collect
The Service handles three categories of data:
- Account data — name, email, hashed password or SSO subject, role, MFA enrollment state, login timestamps.
- Operational data — your warehouse, inventory, shipment, and route records uploaded or generated through the Service. You retain ownership; we process it to operate the Service.
- Telemetry — request/response timing, error traces, and feature-usage events used to keep the Service reliable. We do not embed third-party advertising trackers.
How we use it
We use the data to (a) deliver the contracted Service, (b) authenticate users and authorize actions, (c) operate the Cerebrix AI capability against your tenant data when you use it, (d) process payments, (e) send transactional and operational notifications you have opted into, and (f) measure platform reliability and improve the Service.
Cerebrix and AI processing
Cerebrix processes the page context you have on screen when you open it — items, filters, the operational scope. Tool-call proposals are returned to your browser; mutations only fire after you approve. Your Cerebrix conversation history is retained per your account so you can search and resume threads, and is exportable. We do not use your tenant data to train shared AI models without explicit opt-in.
Marketplace bots
Bots in the marketplace operate against your tenant data only under the scopes you grant on activation. Vendor-published bots are sandboxed; their access is limited to the API surface you authorize and is recorded in the audit log.
Sharing
We share data only with:
- Sub-processors who provide infrastructure and operations services to us under written agreements with comparable protections.
- Other tenants — only when you explicitly initiate a transaction (e.g. accepting a marketplace earning).
- Authorities — when required by law, with notice to you where legally permissible.
Retention
Account data and operational data are retained for the lifetime of your subscription plus 90 days after termination, after which we delete or anonymize them unless legally required to keep them longer (e.g. financial records). You may request earlier deletion via the contact form.
Your rights
Depending on your jurisdiction you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Submit requests via [email protected] or the contact form. We respond within 30 days.
Security
We use TLS for data in transit, encryption at rest for sensitive fields, role-based access controls, MFA-protected administration, and regular security review. No system is perfectly secure; we notify affected users of any data breach as required by applicable law.
International transfers
Tenant data is stored in the region you select; cross-region transfers occur only when explicitly required by a feature you have enabled. Enterprise plans support per-region data residency.
Children
The Service is not directed at anyone under 18 and we do not knowingly collect personal data from children.
Changes to this Policy
We may update this Policy from time to time. Material changes take effect 30 days after notice via in-app announcement or email.
Contact
Privacy questions or requests: email [email protected] or use the contact form. CerebroChain LLC, Nevada, United States.