1. Who We Are

BrAInstormX is a technology brand operated by Celtic Sophia Ltd, an Irish-registered company. We build AI-powered products and offer digital strategy services to businesses across Europe and beyond.

Celtic Sophia Limited is registered with the Data Protection Commissioner (DPC) under Registration Number REF:0045000176, as a data controller.

2. What This Policy Covers

This Privacy Policy explains:

• What personal data we collect
• Why we collect it
• How we use it
• How you can access, update, or delete your data
• How we keep your data secure

We comply with the General Data Protection Regulation (GDPR) and all applicable data protection laws.

3. What Data We Collect

We may collect and process the following types of personal data:

When you use our platform or services:

• Name
• Email address
• Company name
• Job title
• Responses to diagnostic forms or questionnaires
• Website usage data (e.g., page visits, IP address, browser type)
• Free-form input provided in optional text fields
• Business context information

When you contact us directly:

• Any personal information you choose to provide via email or contact form

We do not knowingly collect sensitive personal data (e.g., health or financial data) through our website. Our system is designed to detect and filter out sensitive personal information submitted through free-form fields.

4. How We Use Your Data

We process your data in order to:

• Provide you with requested AI tools, diagnostics, or services
• Respond to your inquiries
• Send you relevant updates or offers (if you opt in)
• Improve and personalize our platform and services
• Process business recommendations based on your inputs
• Comply with legal obligations

We only process your personal data when we have a valid legal basis to do so — including consent, contractual necessity, or legitimate interest.

4.1 Free-form Input Processing

For free-form text fields in our platform:

• We analyze inputs for relevance to business context only
• Personal identifiers unrelated to your business requirements are filtered out
• We extract only business-relevant information for processing recommendations
• Raw text inputs are temporarily logged for system improvement but automatically purged after 30 days

5. Who We Share It With

We do not sell your data to anyone. We may share your data with trusted processors, only when necessary:

• Email and CRM providers (e.g., Mailchimp, Supabase, Google Workspace)
• Analytics and monitoring tools (e.g., Plausible, PostHog, or similar)
• Cloud service platforms (e.g., Render, GitHub)

All vendors we use are GDPR-compliant and only process your data on our instructions.

6. International Transfers

We may transfer data outside the European Economic Area (EEA) where our service providers are based. In such cases, we ensure adequate protections are in place, such as Standard Contractual Clauses (SCCs).

7. Data Retention

We retain personal data only for as long as necessary:

• For lead/contact data: up to 24 months after your last interaction
• For form inputs: anonymized after processing unless otherwise requested
• For free-form text inputs: processed for relevant information, with raw data purged after 30 days

You may request deletion at any time (see Section 9).

8. Cookies and Tracking

We use minimal cookies or privacy-friendly analytics tools that do not use invasive tracking.

You will be notified of any use of cookies on first visit and can adjust preferences as required.

9. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Correct or update inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Data portability (request your data in a common format)
• Withdraw consent at any time

To exercise these rights, email: hello@brainstormx.io

10. Data Security

We take appropriate technical and organizational measures to protect your data, including:

• Encryption of all stored data
• Access controls with strict permission levels
• Data minimization practices
• Regular security audits
• Content moderation for free-form inputs
• Secure hosting via Render and trusted providers

10.1 Free-text Input Security

For free-form text fields:

• Inputs are processed locally first to filter out sensitive information
• Only business-relevant information is extracted and stored
• Content moderation systems flag inappropriate content before processing
• Regular audits of our text processing systems are conducted

11. Changes to This Policy

We may update this policy occasionally. Any changes will be reflected on this page and, where appropriate, notified via email.

Final Notes

This policy is valid for all interactions with BrAInstormX as a service or platform. It does not apply to third-party websites linked from our site.