SideBrain
Sign inStart free

Privacy Policy

Last updated: 2026-08-01

The TL;DR

  • We do not train models on your private content.
  • We do not sell your data, ever.
  • We share data with three categories of subprocessors only: hosting (Vercel), database (Neon), AI (Anthropic / OpenAI / DeepSeek), email (Resend), payments (Stripe), error monitoring (Sentry).
  • You can export or delete all your data from Settings → Data at any time.
  • GDPR + CCPA + LGPD compliant. Reach us anytime at help@sidebrain.app.

1. What we collect

We collect only what we need to run the service:

  • Account: email, name (optional), password hash (Argon2id) or OAuth tokens (encrypted at rest with AES-256-GCM).
  • Workspace data: the side-hustle config you set up, your voice profile, the content you generate.
  • Integrations: X read-only OAuth tokens, RSS feed URLs you supply. Tokens are encrypted at rest.
  • Usage: per-skill run counts, token totals, cost estimates — used for billing and your weekly digest.
  • Diagnostics: error reports via Sentry (with cookie + auth header redaction), basic page analytics via Vercel Analytics (no third-party trackers, no IP storage beyond 24h).

2. What we do not collect

  • We do not run any third-party trackers (no Google Analytics, no Facebook Pixel, no Hotjar).
  • We do not store IP addresses long-term (Vercel Analytics is privacy-preserving by default).
  • We do not log full prompts or completions in analytics — only counts, cost, and tier.

3. AI subprocessors and your prompts

When you run a skill, your prompt + relevant memory snippets are sent to one of our LLM providers (Anthropic, OpenAI, DeepSeek). We have signed Data Processing Agreements with all three. Per their zero-data-retention API policies, your content is not used to train their models when accessed through enterprise/API tiers.

We retain your generations in our database so you can find them later. You can delete them from the Library or wipe them entirely from Settings → Data.

4. Cookies

Session cookie (HttpOnly, Secure, SameSite=Lax) is the only essential cookie. We do not use analytics or advertising cookies.

5. Data retention

  • Active accounts: data is kept for the life of your account.
  • Cancelled accounts: data is retained for 30 days for restoration, then permanently deleted.
  • Stripe data: invoices kept 7 years per accounting requirements (Stripe is the system of record).

6. Your rights (GDPR / CCPA / LGPD)

  • Access: export your data from Settings → Data → Export.
  • Erasure: Settings → Data → Delete account (30-day grace period).
  • Portability: exports are JSON and Markdown, machine-readable.
  • Objection: email help@sidebrain.app with subject "DSAR" — we respond within 14 days.

7. Children

The service is not intended for children under 16. We do not knowingly collect data from minors.

8. Changes

Material changes to this policy will be announced via email at least 14 days before they take effect.

9. Contact

Questions, concerns, or DSARs: help@sidebrain.app. Data Protection Officer is the founder until our first hire.