Privacy Notice

Last updated: May 24, 2026

1. Who we are

This service ("BrillyBot", "we", "us") is operated by Ahmed Ayman Ahmed Fouad Hamam ("the Seller"), acting as the data controller for personal data processed in connection with the service. For any privacy question you can contact us through the in-app support channel or the email address listed on your invoice.

2. Personal data we collect

  • Account data: name, email address, authentication identifiers (e.g. Google account ID), profile picture URL.
  • Content you upload: documents, files, and text you provide to your AI tutor sessions.
  • Usage data: tutors created, sessions, messages, files counts, storage usage, plan and quota information.
  • Technical data: device identifiers, IP address, browser type, log and error data.
  • Support data: messages you send us and their metadata.

Payment data (card numbers, billing address, tax identifiers) is collected and processed directly by our reseller Paddle — we do not receive or store your card details.

3. Purposes and legal basis

  • Provide the service (account creation, running tutors, storing your files) — performance of a contract.
  • Security, abuse and fraud prevention — legitimate interests and legal obligation.
  • Customer support — performance of a contract and legitimate interests.
  • Service improvement and analytics — legitimate interests.
  • Billing, tax and invoicing via Paddle — performance of a contract and legal obligation.
  • Legal compliance — legal obligation.

4. Who we share data with

  • Service providers / subprocessors: cloud hosting, database, file storage, AI model providers used to power tutor responses, error monitoring and analytics tooling.
  • Merchant of Record: Paddle.com Market Limited and its affiliates, acting as our reseller and Merchant of Record for the sale of subscriptions, subscription management, payments, tax compliance, and invoicing.
  • Professional advisers: legal, accounting and tax advisers where necessary.
  • Authorities: where required by law, court order, or to protect our rights.

5. International transfers

Some recipients may be located outside your country, including in the United States and the European Union. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We retain personal data for as long as your account is active and for as long as needed to provide the service. After account deletion, content and usage data are deleted or anonymised within a reasonable period, except where we must keep records for legal, tax, accounting or fraud-prevention reasons (typically up to 7 years for billing records held by Paddle).

7. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, the right to withdraw consent at any time, and the right to lodge a complaint with your local supervisory authority. To exercise these rights, contact us through the support channel. We will respond within the period required by applicable law (typically one month under the GDPR).

8. Security

We use appropriate technical and organisational measures — including encryption in transit, access controls, and database row-level security — to protect personal data. No method of transmission or storage is 100% secure.

9. Cookies

We use strictly necessary cookies and local storage to keep you signed in and to operate the service. We do not use advertising cookies. Paddle may set cookies during checkout to process your payment.

10. Changes

We may update this notice from time to time. We will update the "Last updated" date at the top and, for material changes, notify you in-app or by email.

See also our Terms of Service and Refund Policy.