Privacy Policy

1. Introduction

2nd Brain Partners LLC, doing business as 2nd Brain Labs ("we," "our," or "us"), operates the website at 2ndbrainlabs.ai and provides enterprise AI software products and services, including Synapse, Scout, Pulse, and Audera (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our products, or engage with our services. By accessing or using any part of our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

When you interact with our Services, you may voluntarily provide us with:

• Account and Contact Information: Name, email address, phone number, job title, company name, and mailing address when you create an account, request a demo, or contact us.
• Payment Information: Billing address and payment details processed through our third-party payment processors. We do not store full credit card numbers on our servers.
• Communications: Content of emails, support tickets, form submissions, and any other correspondence you send to us.
• Product Usage Data: Configuration inputs, API endpoints, codebase metadata, and other technical parameters you provide when using our products such as Synapse, Scout, Pulse, or Audera.

2.2 Information Collected Automatically

When you visit our website or use our Services, we automatically collect:

• Log Data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on each page.
• Device Information: Device type, unique device identifiers, screen resolution, and language preferences.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect usage data. See Section 7 (Cookies and Tracking) for details.

2.3 Information from Third Parties

We may receive information about you from third-party sources including CRM platforms, marketing partners, public databases, and business intelligence providers, which we combine with information we already hold to improve our Services and communications.

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve our website and product offerings.
• Account Management: To manage your account, authenticate users, and provide customer support.
• Communication: To respond to inquiries, send transactional emails, service updates, and (with your consent where required) marketing communications.
• Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve user experience across our products.
• Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and abuse.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. AI-Specific Data Handling

Given the nature of our enterprise AI products, this section addresses how we handle data in AI-related contexts.

4.1 Customer Code and API Data

Products such as Synapse may process your codebase files, API specifications, and endpoint metadata to generate MCP servers and related outputs. We want to be clear about how this data is handled:

• We do not use your proprietary code, API data, or generated outputs to train our own AI models.
• Codebase analysis performed by the Synapse CLI runs on secure servers (our servers are running in Google Cloud Platform) and streams the generated code to your system. We do not retain any generated code on our servers.
• API specifications submitted through Synapse UI are processed on our secure servers and are not shared with third parties beyond what is required for service delivery.

4.2 AI Model Inputs and Outputs

When our products interact with third-party AI models (e.g., via MCP-compatible tools), any data routed through those models is subject to the respective third-party's privacy and data handling policies. We encourage you to review those policies independently.

5. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of recipients:

5.1 Service Providers

We engage trusted third-party companies to perform services on our behalf, including:

• Cloud Infrastructure: Hosting and data storage providers.
• Analytics: Google Analytics for website traffic analysis.
• CRM and Marketing: HubSpot for contact management, lead tracking, and marketing automation.
• Payment Processing: Third-party processors that handle billing on our behalf.

These providers are contractually obligated to use your information only to perform services for us and in accordance with this Privacy Policy.

5.2 Legal and Compliance Disclosures

We may disclose your information if required to do so by law, or in good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the safety of our users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account Data: Retained for the duration of your active account plus 12 months after account closure.
• Log and Analytics Data: Retained for up to 24 months from the date of account closure.
• Marketing Data: Retained until you unsubscribe or request deletion, whichever comes first.
• Product Usage Data: Codebase metadata and API specifications processed during service use are purged within 30 days of processing completion, unless you explicitly request longer retention.

When data is no longer needed, we securely delete or anonymize it in accordance with industry-standard practices.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts. Below is a summary of the categories of cookies we use:

• Strictly Necessary: Required for core website functionality such as security, session management, and accessibility. These cannot be disabled.
• Analytics: Google Analytics cookies that help us understand how visitors interact with our website, including pages visited and time on site.
• Marketing / Advertising: Cookies placed by HubSpot and marketing pixel providers to track campaign effectiveness, deliver targeted content, and measure conversions.
• Functional: Remember your preferences such as language, region, and display settings to provide a personalized experience.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

8. Data Security

We implement commercially reasonable technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL).
• Access controls and role-based permissions for internal systems.
• Regular security assessments and vulnerability monitoring.
• Employee security awareness training.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

9.1 General Rights

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal and contractual obligations.
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing email or contacting us directly.

9.2 For California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• The right to know what personal information we collect, use, and disclose.
• The right to request deletion of your personal information.
• The right to opt out of the sale or sharing of personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.
• The right to limit the use of sensitive personal information.

10. Third-Party Links and Services

Our website and products may contain links to third-party websites, integrations, or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services. We recommend reviewing the privacy policy of every third-party service you interact with.

11. Children's Privacy

Our Services are designed for business use and are not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take prompt steps to delete that information. If you believe a child has provided us with personal information, please contact us at product@2ndbrainlabs.ai.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those of your jurisdiction. When we transfer personal data internationally, we implement appropriate safeguards to ensure your data receives an adequate level of protection.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The "Last Updated" date at the top of this policy indicates when the most recent revision was made. For material changes, we will provide notice through our website or via email prior to the changes taking effect. Continued use of our Services after the updated policy is posted constitutes your acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company: 2nd Brain Partners LLC d/b/a 2nd Brain Labs
• Email: product@2ndbrainlabs.ai
• Website: www.2ndbrainlabs.ai
• Subject Line: Privacy Policy Inquiry

We aim to respond to all privacy-related inquiries within 30 days of receipt.