Effective Date: May 25, 2026
Last Updated: May 25, 2026
Next Scheduled Review: May 25, 2027
BrainCX reviews and updates this Privacy Policy at least annually, and more frequently when material changes to our practices, our platform, or applicable law require it.
BrainCX, Inc. (“BrainCX,” “we,” “us,” or “our”) is a voice-first conversational AI platform headquartered in South Florida. We provide AI-powered voice, chat, web-embedded, and avatar agents to organizations in healthcare, behavioral health, higher education, financial services, insurance, and travel.
This Privacy Policy explains how BrainCX collects, uses, shares, retains, and protects information when you:
a. Visit our websites, including braincx.ai, Answr.help, and Findable.health
b. Interact with a BrainCX AI agent deployed by one of our enterprise clients
c. Use the Answr by BrainCX self-serve agent builder
d. Use Dialingo translation relay services
e. Communicate with us through sales, support, or any other channel
This Policy applies to BrainCX as the data controller for information we collect directly. When BrainCX processes personal information on behalf of an enterprise client, we act as a data processor or service provider, and the client’s privacy notice governs that processing.
a. Information You Provide Directly
We collect information you give us when you create an account, request a demo, book a meeting through https://braincx.ai/tariq/, subscribe to communications, or contact our team. This includes name, business email, phone number, company name, job title, billing details, and any content you submit through forms or messages.
b. Voice and Conversation Data
Because BrainCX is a voice-first platform, we collect voice recordings, call transcripts, chat transcripts, voice characteristics used for agent cloning, and metadata associated with conversations such as timestamps, duration, language, and call outcomes. Voice data is collected only with appropriate notice and consent as required by federal and state law, including all-party consent jurisdictions.
c. Information Collected Automatically
When you visit our websites or use our platform, we automatically collect device identifiers, IP address, browser type, operating system, referring URLs, pages visited, session duration, and similar technical data through cookies, log files, and analytics tools.
d. Information From Third Parties
We receive information from business data providers such as Apollo and LinkedIn Sales Navigator, from our customers when they onboard their end users to BrainCX agents, and from integration partners such as CRM, telephony, and identity providers our clients connect to our platform.
We use the information we collect to:
a. Deliver, operate, and improve the BrainCX platform and our four agent types (voice AI, chat AI, web-embedded agents, and avatar AI)
b. Train, clone, and tune AI agents on behalf of our enterprise clients, using only data they authorize for that purpose
c. Authenticate users, route conversations, and surface real-time content such as pricing, images, and forms through our interactive web co-browsing feature
d. Provide customer support, account management, and implementation services
e. Process payments and manage billing
f. Communicate with you about products, features, security advisories, and policy updates
g. Conduct sales outreach, lead qualification, and relationship management consistent with applicable law
h. Detect, investigate, and prevent fraud, abuse, and security incidents
i. Comply with legal obligations and enforce our agreements
j. Generate aggregated and de-identified analytics that do not identify any individual
We do not sell personal information. We do not use voice recordings or conversation content from one client to train models for another client without explicit contractual authorization.
Where the General Data Protection Regulation or similar laws apply, we process personal information under one or more of the following legal bases: performance of a contract, legitimate interests, compliance with a legal obligation, and consent. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
We share information only as described below:
a. With our enterprise clients, who receive the conversations and data their deployed agents generate
b. With service providers and subprocessors that support our platform, including cloud infrastructure, telephony, speech recognition, translation, analytics, CRM (GHL), and security vendors, each bound by written agreements that require appropriate confidentiality and security controls
c. With professional advisors such as legal counsel, auditors, and our patent counsel at Thompson Patent Law
d. With prospective investors and acquirers under confidentiality, in connection with financing, due diligence, merger, acquisition, or sale of assets
e. With government authorities or other parties when required by law, subpoena, court order, or to protect rights, safety, or property
f. With your explicit consent or at your direction
A current list of our material subprocessors is available on request.
a. Healthcare and Behavioral Health
When BrainCX processes protected health information on behalf of a Covered Entity or Business Associate under HIPAA, we execute a Business Associate Agreement and apply the administrative, physical, and technical safeguards required by the HIPAA Security Rule.
b. Financial Services and Insurance
When we process nonpublic personal information governed by the Gramm-Leach-Bliley Act, state insurance privacy laws, or the New York Department of Financial Services cybersecurity regulation, we follow the safeguards required by those frameworks and our client contracts.
c. Higher Education
When we process student education records on behalf of an educational institution, we act as a school official with a legitimate educational interest under the Family Educational Rights and Privacy Act and follow our client’s instructions regarding use and disclosure.
d. Travel
When we process passenger data for travel clients, we follow applicable airline, hospitality, and payment industry data handling requirements.
We retain personal information only as long as needed to deliver our services, fulfill the purposes described in this Policy, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. Voice recordings and transcripts processed on behalf of enterprise clients are retained per the retention schedule defined in each client contract. When retention periods expire, we delete, destroy, or de-identify the information using documented disposal procedures aligned with our SOC 2 controls.
BrainCX maintains an information security program designed to align with the SOC 2 Trust Services Criteria for Security, Availability, Confidentiality, Processing Integrity, and Privacy. Our controls include:
a. Encryption of personal information in transit using TLS 1.2 or higher and at rest using AES-256
b. Role-based access controls, least-privilege provisioning, and multi-factor authentication for production systems
c. Network segmentation, firewalls, intrusion detection, and continuous security monitoring
d. Vulnerability management, patching, and annual third-party penetration testing
e. Secure software development lifecycle practices, including code review and dependency scanning
f. Background checks, confidentiality agreements, and security and privacy training for all personnel
g. Vendor risk management and subprocessor due diligence
h. Logging, audit trails, and a documented incident response plan with defined notification timelines
i. Business continuity and disaster recovery procedures supporting 99.9% platform uptime
j. Annual review of policies, procedures, and access rights
No security program eliminates all risk. If we become aware of a security incident affecting your personal information, we will notify you and applicable authorities as required by law.
Depending on where you live, you may have the right to:
a. Access the personal information we hold about you
b. Correct inaccurate or incomplete information
c. Delete personal information, subject to legal and contractual retention requirements
d. Restrict or object to certain processing
e. Receive a portable copy of your personal information
f. Withdraw consent where processing is based on consent
g. Lodge a complaint with a supervisory authority
California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know, the right to delete, the right to correct, the right to limit use of sensitive personal information, and the right to opt out of sale or sharing. BrainCX does not sell personal information and does not share personal information for cross-context behavioral advertising.
To exercise any right, contact us at privacy@braincx.ai. We will verify your request and respond within the timeframe required by applicable law. You may authorize an agent to submit a request on your behalf, subject to our verification procedures.
If you are an end user of a BrainCX agent deployed by an enterprise client, please direct rights requests to that client. We will support them in responding.
We use cookies and similar technologies to operate our websites, remember preferences, analyze traffic, and measure marketing performance. You can control cookies through your browser settings and through any consent banner we display. Disabling certain cookies may affect site functionality.
BrainCX is based in the United States and may transfer personal information to the United States and to subprocessors located in other countries. Where required, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms, and we apply supplementary measures appropriate to the destination.
Our platform is designed for business use and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. Where BrainCX agents are deployed in higher education or other settings that may involve minors, we follow our client’s instructions and applicable law, including COPPA and FERPA where relevant.
BrainCX agents use artificial intelligence to understand, respond to, and route conversations. AI processing may include speech recognition, natural language understanding, sentiment analysis, and voice cloning of authorized human agents. Where required by law, we and our clients disclose AI use to end users at the start of an interaction. End users may request to speak with a human representative where one is available.
Our websites and platform may link to or integrate with third-party services. We are not responsible for the privacy practices of those third parties. Review their privacy notices before providing information.
We review this Privacy Policy at least annually and update it when our practices change. When we make material changes, we will update the “Last Updated” date above and provide additional notice through our websites, by email, or through the platform. Continued use of our services after the effective date of an update constitutes acceptance of the revised Policy.
For privacy questions, rights requests, or to report a concern, contact:
BrainCX, Inc.
Attn: Privacy Office
South Florida, United States
Email: privacy@braincx.ai
Sales and general inquiries: https://braincx.ai/tariq/
For data protection inquiries from the European Economic Area or the United Kingdom, contact our Privacy Office at the address above.
—
Document Owner: BrainCX Privacy Office
Document Classification: Public
Version: 1.0
Effective Date: May 25, 2026
Last Updated: May 25, 2026
Next Scheduled Review: May 25, 2027
