Brio
Try free

Privacy Policy

Last updated: November 28, 2025

1. Data Controller

This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the Brio platform. The data controller responsible for your personal data is:

  • Company: VILLACORTA SOFTWARE, S.A. de C.V.
  • Address: Mexico City, Mexico
  • Email: legal@brio-ai.com

2. Information We Collect

2.1 Account Information

  • Full name
  • Email address
  • Password (stored hashed using bcrypt)
  • Billing information (processed by Stripe)

2.2 User-Generated Content

  • Projects, tasks, and notes
  • AI conversations
  • Files and documents
  • Comments and team activity

2.3 Technical Information

  • IP address
  • Browser and device type
  • Operating system
  • Usage and activity logs (anonymized)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds, as established by GDPR and applicable laws:

  • Contract performance: To provide the Brio services you have requested
  • Legal obligation compliance: For billing, accounting, and regulatory compliance
  • Legitimate interest: For product improvement, security, and fraud prevention
  • Consent: For marketing communications and newsletters (when applicable)

4. How We Use Your Information

We use your information to:

  • Provide and maintain Brio services
  • Process your payments and manage your subscription
  • Send you important service updates
  • Improve platform functionality and security
  • Comply with legal obligations
  • Prevent fraud and malicious activities

5. Data Encryption and Security

5.1 Encryption and Content Access

All conversations, notes, and files you store in Brio are saved encrypted using AES-256-GCM. Our database only stores encrypted content: our internal tools do not allow the Brio team to access your conversations or files in plain text. Content is only handled in plain text automatically when you use the platform (e.g., when generating AI responses or displaying information in the interface). We do not log your conversation content in plain text in our logging systems.

5.2 Encryption in Transit

All communications between your device and our servers are protected using TLS 1.3 to prevent data interception.

5.3 Infrastructure Security

Our servers are hosted in secure data centers with physical and digital protection measures. We conduct regular security audits and maintain encrypted backups.

6. Sharing Information with Third Parties

We do not sell your personal data. We share information only in the following cases:

  • AI Providers: OpenAI, Anthropic, and Google to process conversations (see section 7 for details)
  • Payment Processor: Stripe to manage subscriptions and billing
  • Hosting Services: Cloud infrastructure providers
  • Legal Obligations: When required by law or to protect legal rights

7. Privacy with AI Providers

When you use AI chat features, your message content is sent encrypted in transit (TLS) to our AI providers (currently OpenAI, Anthropic, and Google Gemini), who process it to generate responses.

We use their APIs and services in enterprise-designed modalities. According to public documentation and applicable agreements, the content we send to these providers is not used to train their models by default.

However, these providers may retain certain request logs for a limited period (generally 30 days or less) for purposes such as security, abuse prevention, and compliance with their legal obligations, according to their respective privacy policies.

Brio does not share your data with other third parties for advertising or data sales purposes.

8. Data Retention

We retain your data while your account is active and for the time necessary to:

  • Provide the services you have requested
  • Comply with legal and accounting obligations (up to 5 years for tax information)
  • Resolve disputes and enforce our agreements

If you cancel your account, your data will be permanently deleted after 30 days. During this period, you can restore your account by contacting support.

Encrypted backups are automatically deleted within 90 days after account deletion.

9. Your Data Rights

According to GDPR and applicable laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data
  • Portability: Export your data in a structured format
  • Restriction: Limit the processing of your data
  • Objection: Object to the processing of your data

To exercise these rights, contact legal@brio-ai.com

10. Cookie Usage

We use essential cookies to:

  • Keep your session active
  • Remember your preferences
  • Ensure platform security

We do not use third-party cookies for advertising or tracking. You can manage cookies from your browser settings.

11. Children's Protection

Brio is not intended for children under 13 years of age (or 16 years in jurisdictions where applicable). We do not intentionally collect information from minors. If we discover that a minor has provided personal information, we will delete that information immediately.

12. International Data Transfers

Your data may be transferred and processed on servers located outside your country of residence, including the United States and European Union/European Economic Area countries.

For these transfers, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, and we verify that our providers comply with equivalent protection standards.

13. Changes to this Privacy Policy

We may update this Privacy Policy occasionally. We will notify you of significant changes at least 30 days in advance by email or through a prominent notice on the platform. Continued use of Brio after such changes constitutes your acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy or how we handle your data, you may contact us at:

Your privacy is fundamental. All your data is protected with strong encryption and restricted internal access.