Privacy Policy
Last updated: July 7, 2026 Effective: June 16, 2026 Status: Reviewed by counsel (April 2026; Section 3.4 Lead Center — lead data, prospect discovery, Gmail sending, and reply tracking — reviewed June 2026).
Plain-language summary
Brin is designed to keep your data on your own device. Your tasks, notes, knowledge base entries, and memories are stored locally on the Mac Mini (or computer) you install Brin on — not on our servers. The only information that leaves your device is:
- The specific prompts and text you send to AI providers (Anthropic Claude, OpenAI) when you use John, voice mode, or any AI feature. These providers process that text to generate responses and then return them to your device.
- Optional webhook calls you configure yourself (for example, to n8n or Slack).
We (the Brin team) do not operate a cloud backend that stores your content. We do not sell your data. We do not run ad networks. We do not use analytics trackers inside the application.
If you stop using Brin, deleting the app and its data folder deletes your information.
This document explains the above in more detail and describes your rights under U.S. state privacy laws and the Philippines Data Privacy Act.
1. Who we are
"Brin," "we," "us," or "our" refers to Brin Solutions, a company located in and operating from the United States.
Controller contact:
- Email: privacy@brinsolutions.com
- Postal: Brin Solutions, 17350 State Hwy 249, Ste 220 #35038, Houston, Texas 77064, USA
Data Protection Officer (for Philippines Data Privacy Act purposes):
- Email: dpo@brinsolutions.com
If you have any question about this policy, your data, or your rights, email the addresses above and we will respond within 30 days.
2. Who this policy applies to
This policy applies to:
- Individuals who install and use Brin on their own device
- Visitors to the Brin marketing site or
/legalpages - Individuals who sign up for the waitlist or contact us
Brin is built for adults operating in a professional capacity (solo founders, consultants, executives, and other working professionals). It is not directed at children under 18, and we do not knowingly collect personal information from children under 18.
3. What information we handle
3.1 Information you provide directly
When you set up Brin, you enter information through the onboarding wizard and ongoing use of the product. This includes:
- Account information: name, email address (if you provide one), and a password hash stored locally on your device.
- Profile and goals: information you tell John about your career, vision, goals, projects, working style, and coaching preferences. This is stored in a local SQLite database and local JSON files in Brin's data folder.
- Tasks, projects, notes, knowledge base entries, and ideas: everything you create inside Brin.
- Voice transcripts: if you use voice mode, the audio is sent to the voice provider (OpenAI Realtime API) which returns a text transcript. The text transcript is stored locally.
- API keys you configure: your own Anthropic, OpenAI, and optional n8n keys, stored locally.
3.2 Information processed by AI providers on your behalf
When you use a feature that calls an AI model (John, voice mode, knowledge base extraction, planning, etc.), the relevant text is sent to the AI provider you have configured. This includes:
- The prompt Brin constructs (which may include relevant parts of your context, memory, and recent messages)
- Any content you explicitly ask Brin to act on (such as a URL you paste for knowledge base extraction)
The AI provider processes the prompt, generates a response, and returns it to your device. We do not receive or retain any copy of this data.
Current AI providers are listed in /legal/sub-processors. Their own privacy policies govern how they handle the data you send them.
3.3 Information we handle on our marketing site and waitlist
If you visit the Brin marketing site or join a waitlist, we may process:
- Your email address (to contact you about availability)
- Basic server logs (IP address, user agent, request path) retained for up to 30 days for security
We do not use third-party advertising trackers, session replay, or cross-site tracking on the marketing site.
3.4 Lead data and email sending (Lead Center)
If your workspace includes the Lead Center, additional categories apply:
- Lead and contact data you enter: names, email addresses, phone numbers, company details, and notes about your sales leads. These records describe third parties (your prospects and customers). You are the owner of this data; Brin processes it only to provide the Lead Center to you. We do not use your lead data to contact your leads ourselves, and we never sell it.
- Prospect discovery: when you run a Discover search, your search terms (a service category, an area, an optional keyword) are sent to our sourcing provider (Apify), which returns publicly listed business information (name, category, website, public contact details, ratings). Your stored lead data is not sent to the sourcing provider.
- AI drafting: when you draft an email with Brin, the relevant lead's details and your instructions are sent to the AI provider to generate the draft, as described in section 3.2.
- Sending email from your Gmail account: if you connect Gmail, Brin requests a send-only permission (
gmail.send). Brin can send the emails you review and approve, from your address. Brin cannot read, search, or list your mailbox. You can revoke this permission at any time in your Google account settings, or disconnect in Settings. We store the OAuth tokens needed to send on your behalf and the content of emails you send through Brin (so your lead timeline is complete); we never store your inbox. - Reply tracking. Outreach you send through the Lead Center uses a Brin-managed reply-to address so that replies from your leads are routed back to Brin and attached to that lead's timeline. To do this, your leads' replies (sender, subject, body) pass through our email provider (Resend) and are processed by the AI provider to classify the reply (for example, "interested" or "wants a quote") so Brin can suggest a next step. We process these replies only to provide the Lead Center to you; we do not use them for any other purpose and never sell them.
Brin's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4. How we use information
We process the information described above only for these purposes:
- To operate Brin on your device. Almost all processing happens locally — we are not involved.
- To relay your prompts to AI providers you configure. Your device sends the data directly; we do not proxy it.
- To respond to you. If you email us, we use your email to reply.
- To maintain the waitlist. If you join a waitlist, we use your email to notify you about availability.
- To comply with law and protect the rights and safety of users and the public.
We do not:
- Sell personal information
- Share personal information for cross-context behavioral advertising
- Use your data to train AI models
- Profile you for automated decisions with legal or similarly significant effects
5. Legal bases (for users in the Philippines)
Under the Philippines Data Privacy Act of 2012 (Republic Act 10173), we rely on the following legal bases:
- Consent (Sec. 12[a]) for processing personal information during onboarding and waitlist sign-up.
- Contract performance (Sec. 12[b]) for operating Brin after you install it.
- Legitimate interest (Sec. 12[f]) for security logging on the marketing site.
You may withdraw consent at any time by contacting dpo@brinsolutions.com.
6. How long we retain information
- On your device: Brin retains the data you create until you delete it or remove Brin's data folder. There is no automatic server-side deletion timer because there is no server-side copy.
- On our side (waitlist / support email): up to 24 months, or until you ask us to delete it.
- Server logs (marketing site): up to 30 days.
7. How information is stored and protected
- On your device: Brin stores data in a local SQLite database and JSON files inside a
data/folder. Access is protected by your operating system account and Brin's own login. Keeping your device up to date, using a strong OS password, and enabling disk encryption (FileVault on macOS) is the most important security measure for your Brin data. - Transmission to AI providers: all calls to Anthropic and OpenAI APIs are made over HTTPS (TLS 1.2+).
- On our side: waitlist and support emails are stored in a hosted inbox protected by 2FA and strong passwords.
No system is perfectly secure. If we become aware of a breach that materially affects your personal information, we will notify you within 72 hours where required by applicable law (including RA 10173 Sec. 20[f]).
8. Your U.S. state privacy rights
8.1 California residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we have about you and how it's used.
- Access a copy of your personal information.
- Delete your personal information.
- Correct inaccurate personal information.
- Opt out of sale or sharing of your personal information (we do not sell or share for cross-context behavioral advertising; there is nothing to opt out of).
- Limit the use of Sensitive Personal Information (we do not use SPI for purposes that trigger the limitation right).
- Non-discrimination for exercising these rights.
- Designate an authorized agent to make requests on your behalf (we will verify the agent's authority).
We do not use or disclose Sensitive Personal Information for any purpose other than those permitted under Cal. Civ. Code § 1798.121(a).
To exercise a right, email privacy@brinsolutions.com. We will respond within 45 days (extendable to 90 days where permitted).
8.2 Other U.S. state privacy laws
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, New Jersey, Delaware, New Hampshire, Kentucky, Maryland, Minnesota, Rhode Island, Indiana, Iowa, and Tennessee have similar rights under their own state privacy statutes, including the right to:
- Confirm whether we process your personal data and access a copy
- Correct inaccuracies
- Delete your personal data
- Obtain a portable copy of your personal data
- Opt out of targeted advertising, sale of personal data, and certain forms of profiling (we do none of these)
- Appeal a denied request
To exercise a right, email privacy@brinsolutions.com. We will respond within the period required by your state's law (generally 45 days). If we deny your request, you may appeal in writing to the same address.
8.3 Residents of other U.S. states
Even if your state does not yet have a comprehensive privacy law, you may email privacy@brinsolutions.com with any data request and we will make reasonable efforts to honor it.
9. Your rights under the Philippines Data Privacy Act
If you are a data subject under RA 10173, you have the right under Sec. 16 to:
- Be informed of how your personal information is processed.
- Object to processing.
- Access your personal information.
- Rectify inaccurate personal information.
- Request erasure or blocking of your personal information.
- Damages for inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal information.
- Data portability.
- Lodge a complaint with the National Privacy Commission (NPC) at
https://www.privacy.gov.ph/or by emailingcomplaints@privacy.gov.ph.
To exercise any of these rights, email dpo@brinsolutions.com. We will respond within the period required by the NPC's implementing rules (generally 15 days for the initial response).
10. Children
Brin is not intended for users under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, email privacy@brinsolutions.com and we will delete it.
11. International transfers
Because Brin is local-first, your content generally stays on your device. When you use an AI feature, the relevant prompt is sent to the AI provider whose infrastructure may be located in the United States or other countries. By using the AI features, you consent to this transfer.
If you are a Philippines data subject, note that Anthropic and OpenAI are U.S.-based and your prompts will be processed in the U.S. You can disable AI features by removing the API keys in Settings; Brin will continue to function as a local task and knowledge manager without them.
12. Third parties
Brin does not sell or rent your personal information. We do use a small number of sub-processors that you explicitly opt into by configuring them (for example, by providing an Anthropic API key). A current list is at /legal/sub-processors.
Some personnel or contractors who help us operate and support the service may be located outside the United States, including in the Philippines. They may access personal data only as needed to provide the service and are bound by confidentiality and data-protection obligations.
13. Changes to this policy
When we update this policy, we will:
- Change the "Last updated" date at the top
- Bump the
LEGAL_POLICY_VERSIONconstant inside the application - Prompt you to re-accept the updated policy the next time you open Brin
For material changes, we will also email waitlist and known contact addresses where we have them.
14. Contact
Questions, requests, or complaints about this policy:
- General privacy: privacy@brinsolutions.com
- Philippines DPO: dpo@brinsolutions.com
- Philippines NPC: https://www.privacy.gov.ph/
This document is provided in English only. If we publish a Filipino translation, the English version will control in the event of a conflict, except where required otherwise by Philippine law.
Change history
We keep this list so you can see what has changed and when.
- July 7, 2026 — Clarified that Brin Solutions is a United States company, and disclosed that some personnel or contractors who support the service may be located outside the U.S. (including the Philippines) under confidentiality and data-protection obligations. Non-material clarification; no change to how your data is used or to your rights.
- June 16, 2026 — Added Lead Center processing (lead data, prospect discovery, Gmail sending, and reply tracking); reviewed by counsel.
