Legal

Data Protection Policy

Last updated: 10/09/2025

This Data Protection Policy provides detailed information about the personal data processing practices followed by BRAINBOP LTD, registration No. 15835241, legal address: 50 Gilbert Road, Smethwick, England, B66 4PY (also "Company" or "we").

Data Controller

For UK and Rest of World customers, the Data Controller is BRAINBOP LTD (UK, Reg. No. 15835241). For EEA customers, the Data Controller is БРЕЙНБОП ЕООД (Bulgaria, EIK 207653828). Both entities follow applicable data protection laws (UK GDPR and EU GDPR respectively).

Data Collection Sources

We collect personal data from various sources, including direct interactions where you provide information, such as when creating an account or making purchases. Additionally, we collect data automatically through cookies and similar tracking technologies. We also obtain data from third-party service providers (e.g., payment processors), state authorities, and publicly available sources.

Data Collection and Storage

We adhere to strict data minimization principles, collecting and storing only essential information required for our services and legal compliance.

Our secure SQL database is hosted by Hostinger servers. If personal data is transferred outside the UK/EEA, we ensure compliance through Standard Contractual Clauses (SCCs). Our database contains:

  • User Account Data: Basic account information and encrypted passwords.
  • Contact Information: Email addresses and phone numbers (if provided).
  • Technical Data: IP addresses, device types, and browser details for security purposes.
  • Transaction Data: Necessary order and subscription details for billing.
  • User Support and Communication Data: Stored securely and retained only as needed.

We do not collect or store:

  • Photos, avatars, or detailed workplace information
  • Full names, birthdates, or identification documents
  • Payment card or bank account details
  • Marketing preferences or loyalty program data
  • User-uploaded documents or file contents
  • Video surveillance data

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Specifically, we keep data to ensure compliance with legal obligations, such as anti-money laundering (AML) regulations, for a period typically up to 5 years. Additionally, in accordance with UK law (Limitation Act 1980), personal data may be retained for up to 6 years after the end of the business relationship to comply with legal requirements and defend potential claims.

International Data Transfers

Your personal data may be transferred and processed outside the European Economic Area (EEA). When such transfers occur, we ensure compliance with data protection laws through appropriate safeguards such as Standard Contractual Clauses (SCC).

Security Measures

We take the security and confidentiality of your personal data very seriously and implement a range of technical and organizational measures to protect it. These measures include advanced encryption techniques, strict access controls, and ongoing training for our employees on data protection practices.

Data Subject Rights

You have the following rights regarding your personal data:

  • Access: You can request access to your data and obtain a copy of it.
  • Rectification: If your data is inaccurate or incomplete, you have the right to correct it.
  • Erasure: Under certain conditions, you may request the deletion of your data.
  • Restriction: You can request that we limit the processing of your data in specific situations.
  • Objection: You have the right to object to certain types of processing, such as direct marketing.
  • Portability: You can receive your data in a commonly used and machine-readable format and transfer it to another controller.
  • Withdrawal of Consent: If you have given consent for the processing of your data, you can withdraw it at any time.

Lodging a Complaint

If you have any concerns about our data processing activities, please do not hesitate to contact us. Additionally, you have the right to lodge a complaint with the supervisory authority if you feel that your data protection rights have been violated. If you are a UK resident, you may lodge a complaint with the Information Commissioner's Office (ICO). If you are an EEA resident, you may lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP).

Contact Information

For any questions, contact us at: hello@file.energy