Privacy Policy

Last updated: June 17, 2026
Effective date: June 17, 2026

Important: This Privacy Policy applies to all users of ProductBrain, regardless of your location. We are committed to protecting your privacy and being transparent about how we collect, use, and share your personal information.

1. Introduction

Trisafe (ABN 34 935 278 644), a sole trader registered in Queensland, Australia, trading as ProductBrain ("we", "us", or "our"), operates ProductBrain (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to complying with the Australian Privacy Act 1988 (Cth), the European Union's General Data Protection Regulation (GDPR), and other applicable data protection laws.

2. Data Controller and Contact Information

Trisafe (ABN 34 935 278 644), trading as ProductBrain, is the data controller responsible for your personal information.

Contact Information:
Email: privacy@productbrain.com
Support: support@productbrain.com

3. Information We Collect

We collect the following types of information:

3.1 Account Information

When you create an account with ProductBrain, we collect:

3.2 Brain Content and Usage Data

When you use the Service, we collect:

3.3 Technical and Analytics Data

We automatically collect technical information including:

3.4 Payment Information

Payment information is collected and processed by Paddle, our Merchant of Record for all markets.

We do not store your full payment card details. Paddle handles all payment information according to their privacy policy and PCI-DSS compliance requirements. We receive only:

3.5 Communications

If you contact us for support or communicate with us via email, we collect:

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Providing the Service

4.2 AI-Assisted Features

4.3 Improving the Service

4.4 Communications

4.5 Legal Compliance

4.6 Free and No-Login Demo Sessions

5. Data Storage and Location

5.1 Primary Data Storage

Your account information and planning data is stored, via Supabase, in the United States (Amazon Web Services, us-west-2 / Oregon region). Data is encrypted at rest and in transit using industry-standard encryption protocols.

5.2 Data Residency

Your information may be accessed or processed by our service providers in other countries, including:

We ensure that all data transfers comply with applicable data protection laws through appropriate safeguards such as Standard Contractual Clauses (SCCs) where required.

6. Third-Party Services and Data Processors

We use the following third-party services to provide and improve our Service:

Service Purpose Data Shared
Clerk Authentication and user management Email address, name, account credentials
Supabase Database and real-time synchronization All account and planning data
Google LLC (Gemini API) AI-assisted planning suggestions and semantic search (text embeddings) Content you submit to AI features and the text of nodes you create or search (goals, needs, approaches, jobs, tasks, and your queries)
Paddle Payment processing, Merchant of Record (all markets) Billing information, payment details, tax information
Vercel Application hosting and delivery IP address, browser information, usage logs
PostHog Product analytics and session replay (EU-hosted) Usage events, identified user ID, device/browser metadata, and session recordings with all text and inputs masked
Resend Transactional email delivery Email address, email content

Each of these service providers has their own privacy policy governing how they handle your data. We recommend reviewing their policies:

A standalone, versioned list of our subprocessors — with the purpose, data shared, processing region, and DPA status for each — is maintained at productbrain.com/subprocessors. Customers may request advance notice of changes to this list.

6.1 Public Share Links

ProductBrain lets you create a public share link to a read-only view of a project. Anyone who has the link can open that view without logging in — the link itself acts as the credential. A shared view includes the project's name, the items you choose to share (their titles, descriptions, and structure), and your iteration names; free-text notes are excluded. Only create a share link for content you are comfortable making publicly accessible to anyone who obtains the link.

Share links remain active once created. There is currently no self-service control to revoke a share link; to have a shared view disabled, contact us at privacy@productbrain.com.

7. AI Processing and Data Usage

Important Notice: When you use AI-assisted features in ProductBrain, your content is sent to AI services for processing.

7.1 What Data is Processed, and Where it Goes

Our AI subprocessor is Google LLC, via the Gemini API. Your brain content is sent to Google in two distinct ways:

7.2 How AI Data is Used

7.3 Opting Out of AI Features

AI-assisted drafting features are optional — if you do not activate them, your content is not sent to Google for those features. Note, however, that semantic search embeddings (§7.1) are generated as part of normal product use; if you need to avoid all transfer of node text to the AI subprocessor, contact us at privacy@productbrain.com to discuss available options.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

8.1 Essential Cookies

Required for the Service to function properly:

8.2 Analytics Cookies

Help us understand how users interact with the Service:

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

9. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

9.1 Active Accounts

While your account is active, we retain all your data to provide continuous service.

9.2 After Account Cancellation

9.3 After Account Deletion

9.4 Legal Retention Requirements

We may retain certain information longer where required by law, such as:

10. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

10.1 Rights Under GDPR (EU/UK Users)

10.2 Rights Under Australian Privacy Act

10.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@productbrain.com

We will respond to your request within:

10.4 Account Settings

You can also manage some of your data directly through your account settings:

11. Data Security

We implement industry-standard security measures to protect your personal information:

11.1 Technical Measures

11.2 Organizational Measures

11.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

12. Children's Privacy

ProductBrain is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information as soon as possible.

If you believe we have collected information from a child under 16, please contact us at privacy@productbrain.com.

13. International Data Transfers

As a global service, your personal information may be transferred to and processed in countries other than your country of residence, including:

13.1 Safeguards for International Transfers

When transferring data internationally, we ensure appropriate safeguards are in place:

13.2 Transfers to Countries Without EU Adequacy

Our primary data storage (United States) and several of our service providers are located in countries that the EU has not recognized as providing full adequacy. For transfers of EU personal data to those countries, we rely on Standard Contractual Clauses (and, where applicable, the EU-US Data Privacy Framework) to ensure GDPR compliance.

14. Payment Processor Privacy

Your payment information is handled by different processors depending on your location:

All payment processing is handled by Paddle as Merchant of Record for all markets:

15. Marketing Communications

We may send you marketing communications about ProductBrain, including:

15.1 Consent

Where required by law (e.g., in the EU), we will only send marketing communications with your explicit consent.

15.2 Opting Out

You can opt out of marketing communications at any time by:

Note: You will still receive transactional emails (account confirmations, password resets, subscription updates) even if you opt out of marketing communications.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

16.1 Notification of Changes

If we make material changes to this Privacy Policy, we will notify you by:

We will provide notice at least 30 days before the changes take effect.

16.2 Continued Use

Your continued use of the Service after the changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue using the Service and may request deletion of your account.

17. Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

17.1 EU/UK Users

EU and UK users can contact their local data protection authority. A list is available at:

17.2 Australian Users

Australian users can contact the Office of the Australian Information Commissioner (OAIC):

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ProductBrain
Email: privacy@productbrain.com
Support: support@productbrain.com


© 2026 ProductBrain. All rights reserved.