We have developed detailed documentation and added many functional enhancements to the Brainybear platform to ensure that you as a controller can feel totally confident that you can use Brainybear and fulfill your obligations under GDPR.
Yes! The main purpose and spirit of the GDPR is to grant data subjects specific rights to their personal data. Understanding these rights and how to comply with them as a Data Controller is paramount to your ability to comply with GDPR. Brainybear will be acting as a Data Processor for your customer’s data and will provide ways to comply with all of your data subject’s rights under the obligations of a data processor. You will need to decide which data you are capturing that may be considered personal, take steps to exclude the data that you do not want Brainybear to process, and understand how you will use consent or other lawful basis when Brainybear will be processing personal data.
Probably. Since the GDPR is concerned with the rights of individuals, it is hard to be sure that you will never process the data of an EU citizen due to the prevalence of international travel, remote work, etc. At Brainybear, we think of our entire customer base as having equal protections, regardless of citizenship.
Brainybear production data is both processed and stored within Amazon Web Services’s data centers. All AWS data centers that process Brainybear data are located in the US and the EU. AWS’s data centers are world-renowned for their cutting-edge security systems. If you have customers in the EU or are located in the EU, you will need to agreed with the Data Processing Agreement (DPA) with Brainybear as some personal data may be processed in the US.
Yes! Please use this link that describes Brainybear’s GDPR data processing to your end users. This link should be helpful in cookie policies or other consent flows. https://brainybear.ai/include-brainybear-privacy-policy
Although this is not GDPR specific, it may be helpful to understand and explain to your customers.
Brainybear uses first-party cookies. The Brainybear capturing script sets a single first-party cookie containing your end-user’s fs_uid when capturing their activities on your site. This cookie uses your domain as the host, instead of “brainybear.ai,” which is what distinguishes it as a first-party cookie. More information here: Cookies Policy
Not necessarily. The GDPR is primarily concerned with personal data and defining the rights that an EU citizen has to their own data. Unidentified sessions are largely anonymous and may not include personal data, so capturing a session without consent can be OK.
However, it is possible to capture personal or sensitive data passively if you are capturing forms or pages where personal data is inputed or displayed on your website or application. It is important that you audit your own site and ensure all appropriate form fields or elements are excluded before you start capturing (or that you're capturing only after you have consent).
There are two types of personal data that you can send to Brainybear. You can actively send information, such as your name, email address, company, etc., to Brainybear using our API or one of our integrations. Additionally, personal information that your website or app visitors input into fields or that may be displayed on pages captured by Brainybear can be passively sent. In the case of passively captured information, Brainybear masks all form inputs as '*'.
Yes! You can delete individual users with the click of a button in your Brainybear account or using our DeleteIndividual API.
Brainybear will delete all of your data at the time of account cancellation.
No, you can't. We have already masked the collected IP addresses for country recognition only.