Privacy Policy

Last updated: February 1, 2026

Introduction

This Privacy Policy describes how BrainUs AI ("we," "us," or "our") collects, uses, and protects your personal information when you use our API services at developers.brainus.lk (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create a developer account, we collect:

Email address
Name
Organization/company name (if provided)
Billing information (for paid plans)

API Usage Data

We automatically collect information about your API usage, including:

API requests (queries, parameters, response times)
API key identifiers (not the keys themselves)
Rate limit consumption
Error rates and types
Timestamps and usage patterns

Prompts and Outputs

We may temporarily store:

Your prompts: To generate responses, detect abuse, and improve the Service
API outputs: Temporarily cached for performance; not used for training

File Attachments (Images, PDFs)

Important: Files attached to API requests are handled with maximum privacy:

Never stored - Files are processed in-memory only and never saved to disk or cloud storage
No retention - Files are immediately discarded after processing
Third-party processing - Files are sent directly to Google Gemini API for AI processing
No logging - File contents are not logged or cached
No training - Files are not used to train our models

We do not have access to or retain copies of your files after processing. File metadata (size, type) may be logged for abuse detection.

Technical Information

We collect standard web/API technical data:

IP addresses
User-agent strings
Browser/device type
Location (country-level via IP)

Payment Information

If you subscribe to a paid plan:

We use third-party payment processors (e.g., Stripe)
We do NOT store full credit card numbers
We retain billing history for accounting and tax purposes

Communications

If you contact us for support, we collect:

Your email address
Message content
Any additional information you provide

How We Use Information

Service Provision

To operate and provide the Service, including:

Processing API requests
Managing your account and subscriptions
Enforcing usage limits and plan restrictions

Security & Abuse Prevention

To protect the Service and users:

Detecting and preventing abuse, spam, and violations of our Terms
Identifying suspicious patterns or unauthorized access
Maintaining service integrity and performance

Communication

To communicate with you about:

Service updates and announcements
Billing and account status
Technical issues or downtime
Security incidents

Analytics & Improvement

To improve the Service (using aggregated, anonymized data):

Understanding usage patterns
Improving API performance and reliability
Training and improving our models (only with explicit consent)

Legal Compliance

To comply with legal obligations, such as:

Responding to valid legal requests
Enforcing our Terms of Service
Protecting our rights and property

Data Retention

Account Data

We retain your account information while your account is active and for a reasonable period afterward to facilitate reactivation.

API Usage Data

Request logs: Retained for up to 90 days
Aggregated analytics: Retained indefinitely in anonymized form

Prompts and Outputs

Prompts: Temporarily retained (typically 30 days) for abuse monitoring and service improvement
Outputs: Cached temporarily (typically 24-72 hours) for performance; not stored long-term
File attachments: Never stored - processed in-memory only and immediately discarded after processing

Deletion

You may request deletion of your data at any time. We will delete your data within 30 days of your request, except where retention is required for legal or operational purposes.

We Do Not Sell Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

We share data with trusted service providers who assist us in operating the Service, including:

Cloud infrastructure providers (e.g., AWS, Google Cloud) - for hosting and infrastructure
AI processing providers (Google Gemini API) - for processing prompts and file attachments
Payment processors (e.g., Stripe) - for billing and subscriptions
Analytics and monitoring tools - for service performance and security

These providers are contractually bound to protect your data and use it only as directed by us.

Important: When you send file attachments (images, PDFs) to our API, these files are transmitted directly to Google Gemini API for AI processing. Google's data processing practices are governed by their terms of service and privacy policy. We do not store or retain these files.

Legal Requirements

We may disclose your information if required by law, such as:

In response to valid legal requests (subpoenas, court orders)
To protect our rights, property, or safety
To prevent fraud or abuse

Business Transfers

If BrainUs AI is acquired, merged, or undergoes a business restructuring, your information may be transferred as part of that transaction.

Security

Our Security Measures

We implement industry-standard security measures to protect your data, including:

Encryption in transit (TLS/SSL)
Encryption at rest for sensitive data
Regular security audits and monitoring
Access controls and authentication

Your Responsibilities

You are responsible for:

Keeping your API keys confidential
Using strong passwords for your account
Notifying us immediately of any suspected unauthorized access

Breach Notification

In the event of a data breach affecting your information, we will notify you promptly as required by applicable law.

Your Rights

Depending on your location, you may have the following rights:

Access & Portability

You can access your account data through your dashboard. For a complete data export, contact us at privacy@brainus.lk.

Correction & Deletion

You can update your account information in your dashboard. To request deletion of your data, contact us at privacy@brainus.lk.

Opt-Out

You can opt out of:

Marketing emails (via unsubscribe link)
Non-essential communications

You cannot opt out of essential service communications (e.g., security alerts, billing notices).

Data Processing Objection

You may object to certain data processing activities. Contact us at privacy@brainus.lk to exercise this right.

Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

International Data Transfers

If you access the Service from outside Sri Lanka, your information may be transferred to and processed in countries where we or our service providers operate. We ensure appropriate safeguards are in place for such transfers.

Cookies and Tracking

Our website uses cookies for:

Authentication and session management
Analytics and performance monitoring
Preference storage

You can control cookies through your browser settings.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

Email: privacy@brainus.lk
Website: https://developers.brainus.lk

For EU/EEA Residents

If you are in the EU/EEA and have concerns about how we handle your data, you may also lodge a complaint with your local data protection authority.

Your privacy matters to us. If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to contact us at privacy@brainus.lk.

On this page