Legal Documents

Privacy Policy

Effective date: 23 June 2026

This Privacy Policy ("Policy") explains how Cerebra AI collects, uses, and protects information when you use cerebra-ai.tech ("Service"). It is designed to comply with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and other applicable data-protection laws.

By using the Service and uploading data, you acknowledge that you have read this Policy and consent to the processing described herein. If you do not agree, please stop using the Service.

1. Data Controller

The controller responsible for your personal data is:

[COMPANY / SOLE PROPRIETOR NAME]
Registration No.: [REGISTRATION No.]
Registered address: [REGISTERED ADDRESS]
Data Protection contact: [CONTACT EMAIL]
Jurisdiction: [JURISDICTION]

For GDPR-related inquiries (including Data Subject Access Requests), contact us at the email above. We aim to respond within 30 calendar days.

2. What Data We Collect

The Service is built on a data-minimisation principle. We only collect what is genuinely needed to produce your report.

2.1 Business data you provide voluntarily

Important: we ask you to remove or anonymise personal data of third parties (names, phone numbers, national IDs, email addresses) from your files before uploading. The analysis works on financial figures and business metrics — individual personal data is not needed and should not be included.

2.2 Technical data collected automatically

2.3 What we do NOT collect

3. How We Process Your Files

Your files go through a controlled, automated pipeline — no human analyst reads them:

  1. Your file is received over an encrypted HTTPS connection and stored in temporary memory only for the duration of processing.
  2. Text is extracted and sent to AI language models via Anthropic's API, which operates under a no-training policy — your data is never used to train or improve AI models.
  3. The AI generates a structured Report in JSON, which is then rendered into a PDF.
  4. Source files are deleted immediately after your Report is ready for download.
  5. The generated Report is automatically deleted within 12 hours of creation, whether or not you download it.

4. Legal Basis for Processing (GDPR Art. 6)

5. International Transfers

The AI processing pipeline uses Anthropic's API infrastructure, which may be hosted outside the European Economic Area. Anthropic maintains appropriate data-protection safeguards (including Standard Contractual Clauses where applicable). Your files are transmitted only to the extent necessary to generate your Report and are not retained by the model provider.

No other international transfers of your data take place.

6. Sharing with Third Parties

We do not sell your data. We do not share it for marketing purposes. Data may be shared with:

7. Data Retention

8. Your Rights Under GDPR

If you are located in the EEA or the UK, you have the following rights regarding your personal data. To exercise any of them, contact us at [CONTACT EMAIL]:

Given that uploaded files and Reports are deleted within hours, erasure requests may already be automatically fulfilled by the time you submit them.

9. Cookies

The Service uses only technically necessary cookies (e.g., session token to retrieve your Report) and anonymous analytics counters. No advertising or tracking cookies are used. You may disable cookies in your browser settings; this may affect your ability to download your Report.

10. Data Security

We implement appropriate technical and organisational measures to protect your data:

11. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has submitted data through the Service, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in the Service or applicable law. The current version is always available on this page. Where changes are material, we will make reasonable efforts to notify users. Continued use of the Service after the effective date of an update constitutes acceptance of the revised Policy.