Effective date: April 18, 2026
This Privacy Policy explains how GetBro.ai ("the Service") collects, uses, and protects your personal information. The Service is operated by an individual ("the Operator").
The data controller responsible for your personal data is an individual residing in Limassol, Cyprus, operating the GetBro.ai service ("the Operator"). For data protection inquiries, use the contact form in your dashboard or email support@getbro.ai.
We collect personal data from the following sources:
When you sign in via Google, GitHub, or Apple, we receive your email address and authentication identifier. We do not receive or store your password from these providers.
Your messages to the AI ("Inputs") and the AI's responses ("Outputs") are processed for real-time inference. Logging of Inputs and Outputs is limited, event-triggered, and used only for abuse prevention or legal compliance. Logs are not used for training and are automatically deleted within 90 days, unless a longer period is required by an ongoing investigation or legal proceeding. Logged data is stored securely and access is restricted to authorized personnel only. Your Inputs may contain personal data — you are solely responsible for the information you choose to include in your messages.
When your requests are routed to third-party AI providers (such as OpenAI, Anthropic, or Google), those providers may process and temporarily store your Inputs in accordance with their own data retention policies. We do not control, and are not responsible for, how third-party AI providers handle your Inputs or Outputs, including whether they use them for model training. To understand how your data is used by each provider, review their respective privacy policies. When you use self-hosted open-source models, your messages are processed entirely on the Operator's infrastructure and are not shared with third parties.
We log AI inference requests (model used, token counts, timestamps) for billing and service monitoring. These logs do not contain the content of your messages.
If you upload files through the dashboard, they are stored on AWS infrastructure with encryption at rest. Files are accessible only to you and to the AI models during inference when you explicitly reference them.
Payments are processed by third-party payment providers (including Stripe and others). We do not store your credit card number, CVC, or full card details. Payment providers share with us a payment token, card brand, last four digits, and transaction status for billing records.
When you connect a messenger (e.g., Telegram), we store your channel identifier and per-channel settings (language preference, AI model selection, personality). We do not access your messenger contacts or message history outside of direct conversations with the GetBro.ai bot.
We use analytics tracking tools to understand how the Service is used and to improve its performance, reliability, and user experience. We may use session replay technology to observe how users interact with the Service (such as clicks, scrolls, and page navigation) for debugging and usability improvements. Session replay tools are configured to exclude password fields and payment form data.
We may use cookies (including third-party cookies) for analytics, advertising, and behavioral profiling purposes to deliver relevant content and measure the effectiveness of campaigns. We may also use your contact information for marketing communications, such as product updates and promotional offers. You may opt out of marketing emails at any time using the unsubscribe link in each message or by contacting us via the contact form .
We process your personal data under the following legal bases:
We share your information only with the following categories of service providers:
We do not sell, rent, or trade your personal information to third parties. We may disclose information if required by law or to protect the safety of users or the public.
Your data is stored on AWS infrastructure. Files are encrypted at rest. Communication between your browser and our servers is encrypted via TLS. While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure.
| Data type | Retention period |
|---|---|
| Active account data (profile, files, settings) | Retained for the lifetime of your account |
| Deleted account data | Permanently removed within 30 days of account deletion, except where retention is required by applicable law (e.g., billing records) |
| All logs (usage, inference, Input/Output) | Maximum 90 days, then automatically deleted — unless subject to a legal hold (ongoing investigation, court order, or legal obligation) |
You have the right to:
To exercise these rights, use the contact form in your dashboard or email support@getbro.ai. We will respond within 30 days. If you are unsatisfied with our response, you may appeal by contacting us again with "APPEAL" in the subject line — we will review your request with a different person within 30 days.
EU/EEA residents: You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully. A list of EU data protection authorities is available at edpb.europa.eu.
The Service uses browser storage and cookies for the following purposes:
theme key) to remember your light/dark mode choice. Non-essential cookies (analytics, advertising) are only placed after you provide consent via the cookie consent banner, where required by applicable law (ePrivacy Directive Art. 5(3)). You can manage your cookie preferences through the cookie consent banner or your browser settings. Disabling non-essential cookies may affect certain features of the Service.
The Service uses Google reCAPTCHA to protect against automated abuse. This processing is based on our legitimate interest in preventing bot attacks and protecting the security of user accounts (GDPR Art. 6(1)(f); ePrivacy Directive Art. 5(3) — strictly necessary for security). reCAPTCHA may collect hardware and software information (such as device data and application data) and send it to Google for analysis. Your use of reCAPTCHA is subject to Google's Terms of Service and Privacy Policy.
GetBro.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
When you sign in with Google, we access your email address and basic profile information (such as name and profile picture). We use this data solely to create and authenticate your account.
You may optionally connect Google services — such as Google Calendar or Gmail — through in-app integrations. Each integration requires your explicit consent via a separate Google OAuth authorization screen. We only request the scopes necessary for the specific integration you choose to enable, and we do not access any Google data until you authorize it.
Data from Google services is accessed only when you explicitly trigger a feature that requires it, and is used solely to provide the functionality you requested (e.g., reading your calendar to answer a scheduling question, or summarizing an email thread at your request). This data is processed in real time and is not stored beyond the duration necessary to fulfill your request. You can revoke access to any connected Google service at any time through your Google Account permissions.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. For all Google user data — whether obtained through sign-in or optional integrations:
The Service is not directed at children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child without verifiable parental consent, we will delete that data within 72 hours. If you believe a child has provided us with personal data, please use the contact form or email support@getbro.ai and we will promptly investigate and delete it.
Your data may be processed in countries other than your own. Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses or other legally approved transfer mechanisms provided by our infrastructure and service providers (such as AWS and Stripe) to ensure adequate protection of your personal data.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
We do not sell your personal information for monetary consideration. We may share personal information with third-party advertising partners for behavioral advertising purposes, which may constitute "sharing" under the CPRA. You have the right to opt out of such sharing by contacting us or adjusting your cookie preferences. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service.
To exercise these rights, use the contact form or email support@getbro.ai. We will verify your identity before processing your request and respond within 45 days.
We may update this Privacy Policy from time to time. Material changes will be communicated via the email address associated with your account at least 14 days before taking effect. The "Effective date" at the top of this page indicates when the policy was last revised.
For privacy-related questions or requests, use the contact form in your dashboard or email support@getbro.ai.