Brainam (“Brainam”, “we”, “us” or “our”) is a product operated by Taku Ventures Private Limited, an Indian company (CIN: U79110DL2024PTC431506, GSTIN: 07AALCT0078R1ZL). We help businesses build, train, and deploy AI agents that automate customer support, sales outreach, research, and operational workflows.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have under the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and its rules, the EU/UK GDPR, and the CCPA/CPRA. By using Brainam you agree to the practices described below. If you do not agree, please do not use our services.
Brainam is operated by Taku Ventures Private Limited (“the Company”, “Brainam”, “we”, “us”, “our”), an Indian company. We are committed to protecting your privacy. “User”, “you” or “your” refers to any individual who accesses or uses our website or services, including any features, tools, or functionality made available through them.
This Privacy Policy applies to all users and explains why, how, and when we process personal data to offer and provide our website and services. It also describes the choices available to you regarding the processing of your personal data.
This Privacy Policy is part of, and incorporated into, our Terms & Conditions. Capitalised terms not defined here have the meaning given in our Terms & Conditions. This Privacy Policy does not apply where separate privacy terms are provided.
Our website and services may contain links to third-party websites and may integrate third-party functionality, such as social media plug-ins, tools or APIs, to enhance your experience. We do not control these third parties or how they process your personal data, and their privacy practices may differ from ours. Any personal data you provide or that is processed through such third-party websites or functionality is governed solely by the respective third party’s privacy policy and terms.
We may update this Privacy Policy from time to time to reflect legal changes or enhancements to our website or services. The latest version is always available on our website. The “last updated” date indicates when changes have been made. Material changes will be notified by email and in-product banner at least 30 days before they take effect.
We may process the following categories of personal data that you provide directly, that are generated through your use of our website or services, or that we receive from third-party services or publicly available sources:
The table below summarises our data processing activities, the categories of data involved, and the legal basis under GDPR. Where the DPDP Act applies, processing is based on your consent or as permitted under Section 7 of the Act for legitimate uses.
| Purpose | Personal data | Legal basis (GDPR) |
|---|---|---|
| Account creation & service delivery — create & maintain your account, run your AI agents, deliver outputs. | Contact, account & usage, training content, integration data. | Performance of a contract (Art. 6(1)(b)). |
| Agent training & inference — storing prompts, knowledge files, conversation history so your agents perform as configured. | Training content, account & usage data. | Performance of a contract (Art. 6(1)(b)). |
| Payment processing — chip top-ups, BYOK subscriptions, refunds, invoicing, tax compliance. | Contact, billing address, payment details (via Razorpay). | Performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)). |
| Product analytics & improvement — aggregated, de-identified usage to fix bugs and improve features. | Traffic & device, account & usage data. | Legitimate interest (Art. 6(1)(f)). |
| Support & communications — responding to enquiries, support requests, dispute resolution. | Contact, communication, account & usage data. | Performance of a contract; legitimate interest. |
| Newsletter & marketing — product updates, event invites, promotional emails. | Contact, marketing data. | Consent (Art. 6(1)(a)); legitimate interest. |
| Security, compliance & legal — IT security, fraud prevention, statutory retention, cooperation with authorities. | All categories, as relevant. | Legal obligation (Art. 6(1)(c)); legitimate interest. |
We use Razorpay Software Private Limited as our payment service provider for processing online payments, invoicing, and, where applicable, GST and tax handling. Payment card details are never stored on Brainam servers — they are handled directly by Razorpay, which is PCI-DSS Level 1 compliant.
Information processed for payments includes name, email address, billing address, payment information (e.g. card or UPI details), IP address, transaction data and, where applicable, company-related information. The processing is carried out for the purpose of payment processing, fraud prevention, invoicing and tax compliance.
The payment service provider may act as an independent controller within the meaning of Art. 4(7) GDPR, in particular where it processes payment data in its own name as a so-called “merchant of record.”
Personal data will only be disclosed to third parties if this is necessary for contract processing, required by law, or carried out within the framework of commissioned data processing. Data relevant under commercial and tax law is generally stored for the duration of the applicable statutory retention periods (8 years under Indian law).
Our website provides multiple ways to contact us quickly, including our email addresses and contact form. If you contact us by email or via our contact form, the personal data you provide will be stored automatically. Additional data processed during the contact process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6(1)(b) GDPR. We use the personal data you provide exclusively for the purpose of processing your specific enquiry. The data provided will always be treated confidentially.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was processed — typically when the conversation has ended and the matter has been conclusively clarified.
Every time you visit our website, we automatically store access data in server log files. This includes the date and time of the visit, the amount of data transferred, the name of the requested file, the browser used and its version, the operating system used, the IP address and the referrer URL. The temporary storage of the IP address is necessary to enable the website to be delivered to your device.
This data is evaluated exclusively to ensure permanent and trouble-free operation of the website, to improve its content, to transmit to law enforcement authorities in the event of a cyber-attack, and to ensure the security of our information technology systems — which constitute our legitimate interest in this processing (Art. 6(1)(f) GDPR).
Our website uses a content delivery network (CDN) and security service provider for load balancing, protection against denial-of-service (DDoS) attacks, bot detection and safeguarding the integrity and confidentiality of our IT systems. Incoming requests are routed via the provider’s globally distributed edge servers, and access data may be processed by the provider before being forwarded to our servers.
When you visit our website, we process data for marketing, statistics, optimisation and IT security, in some cases with the support of service providers. We ask for your consent for this processing through our cookie banner. Detailed information about the cookies and services used can be found via the “Cookie Settings” button at the bottom of the page.
Brainam’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
We only request the scopes required to power the integration you enable:
gmail.readonly, gmail.send, gmail.modify — for email-handling agents.calendar.readonly, calendar.events — for scheduling agents.drive.readonly, drive.file — for document-handling agents.userinfo.email, userinfo.profile — for sign-in only.You can revoke any of these permissions at any time at myaccount.google.com/permissions.
When you connect a Meta product to Brainam, we comply with the Meta Platform Terms, Meta Developer Policies, and the WhatsApp Business Solution Terms.
We use this data solely to operate the AI agent you have configured — for example, to reply to a customer message, log a conversation, or trigger a workflow.
Under Meta Platform Terms, you have the right to request deletion of data we have obtained via Meta integrations. To request deletion of your Meta-sourced data:
1. Email grievance@brainam.ai with the subject “Meta Data Deletion Request” and include the Facebook Page ID, Instagram username, or WhatsApp Business Account ID associated with your Brainam account; or
2. Visit brainam.ai/data-deletion, fill in the form, and select “Meta-sourced data only.”
We will confirm receipt within 48 hours and complete deletion within 30 days, after which we will email you a confirmation reference number.
We may share personal data with carefully selected service providers that support our business operations. Where such service providers process personal data on our behalf, we conclude data processing agreements pursuant to Article 28 GDPR, ensuring that personal data is processed solely in accordance with our instructions and in compliance with applicable data protection standards.
| Sub-processor | Purpose | Data category | Region |
|---|---|---|---|
| Anthropic (Claude) | LLM inference for agents | Prompts & relevant context | USA |
| OpenAI | LLM inference, embeddings | Prompts & relevant context | USA |
| Google (Gemini API) | LLM inference, multimodal | Prompts & relevant context | USA / EU |
| Razorpay | Payment processing | Billing & payment data | India |
| MongoDB Atlas | Primary database hosting | All stored data (encrypted) | Singapore / India |
| Render | Application hosting | Application traffic | Singapore |
| Cloudflare | CDN, DDoS protection, edge security | Traffic & device data | Global |
| Resend / SES | Transactional email delivery | Contact data | USA |
| PostHog | Product analytics | Pseudonymised usage data | EU |
| Sentry | Error and crash reporting | Diagnostic data | USA |
We update this list as our infrastructure changes. The current list is always available on this page. Enterprise customers can subscribe to advance notification of changes by writing to grievance@brainam.ai.
We may disclose personal data where required by law or where such disclosure is necessary to comply with legal obligations or lawful requests by public authorities, courts, or law enforcement agencies, to enforce our commercial contracts, to investigate potential violations, to prevent or address fraud, security, or technical issues, or to protect our rights, property, users, or the public.
Some of the recipients listed above are located outside India, the European Union (EU) or the European Economic Area (EEA), in particular in the United States. Where personal data is transferred to third countries, such transfers are carried out only where permitted under Articles 44 et seq. GDPR and are subject to appropriate safeguards. These include adequacy decisions such as the EU–U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs) approved by the European Commission, and additional technical and organisational measures such as encryption and access controls.
We do not sell your personal information. We do not rent it. We do not share it for cross-context behavioural advertising.
Our website may use so-called cookies (small text files stored in your browser or on your device) and similar tracking technologies such as pixels or scripts. Cookies contain information about the current or last visit to our website. If cookies do not contain an exact expiration date they are stored only temporarily and are automatically deleted when you close your browser. Cookies with an expiration date will remain stored until the specified date or until you delete them manually.
We may use three types of cookies:
You can update or withdraw your cookie preferences at any time via the “Cookie Settings” button. You can further configure, block, and delete cookies in your browser settings. If you delete all cookies, some functions of our website or services may not display correctly.
We do not make decisions about you that are based solely on automated processing (including profiling) and that produce legal effects concerning you or similarly significantly affect you, within the meaning of Article 22 GDPR. If we were to introduce such automated decision-making in exceptional cases in the future, we will inform you in advance where required by law and ensure appropriate safeguards are in place — including your right to obtain human intervention, to express your point of view and to contest the decision.
Brainam itself is an AI-powered platform: the agents you configure may make automated decisions on your behalf (for example, replying to a customer message). These decisions are made within the scope and rules you define, and you remain accountable for the outputs of agents in your workspace.
This section is critical. Please read it carefully.
Brainam does not use your training content, conversations, prompts, or uploaded files to train, fine-tune, or otherwise improve any general-purpose foundation model (such as Claude, GPT, Gemini, or any open-source model).
The training content you upload is used exclusively to power your own AI agents in your own Brainam workspace. It is logically isolated from every other customer’s data.
When your agent runs, prompts and necessary context are sent to one or more AI providers for inference. We work with Anthropic, OpenAI and Google. We rely on these providers’ API terms, which state that data sent through their APIs is not used to train their models (Anthropic: zero-retention API; OpenAI: API data not used for training; Google: Gemini API data not used for training).
We may use aggregated, de-identified signals (such as “X% of agents fail at step Y”) to improve Brainam’s own routing, retries, and chip-billing logic. We do not read individual prompts or outputs for this purpose, and no customer content leaves your workspace in identifiable form.
We store your personal information for no longer than necessary for the purposes for which it was processed, including to satisfy any legal or reporting requirements, and in accordance with our legal obligations and legitimate business interests.
| Data type | Retention period |
|---|---|
| Account data | Until you delete the account, plus 90 days for backup expiry. |
| Training content & knowledge files | Until you delete them or close the account. |
| Conversation logs | 12 months by default; configurable per agent. |
| Billing & tax records | 8 years (Indian statutory requirement). |
| Security & access logs | 12 months. |
| Marketing preferences | Until you opt out. |
| De-identified aggregate data | Indefinite. |
To delete your Brainam account and all associated data:
Deletion is completed within 30 days, except for records we are legally required to retain (e.g. tax invoices for 8 years).
As a Data Principal you have the right to:
You have the right to know, delete, correct, and opt out of any “sale” or “sharing” of personal information — though Brainam does not sell or share personal information for cross-context behavioural advertising.
Email grievance@brainam.ai or use the in-product Privacy & Data page. We will respond within 30 days (or earlier where law requires).
Brainam is intended for business use by adults (18+). We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal information, please contact grievance@brainam.ai and we will delete it.
We protect your data with:
No system is ever 100% secure. If we become aware of a personal data breach that is likely to affect you, we will notify you and the relevant authority within the timelines required by law (within 72 hours under DPDP and GDPR). For more detail see our Security page.
We may update this Privacy Policy from time to time. Material changes will be notified by email and in-product banner at least 30 days before they take effect. The latest version is always available at brainam.ai/privacy, with the “Effective Date” and “Version” updated at the top.
In accordance with the DPDP Act, 2023 and the Information Technology (Intermediary Guidelines) Rules, 2021, the following officer has been appointed to address your concerns:
If you are not satisfied with our response, you may approach the Data Protection Board of India under the DPDP Act, 2023.