Legal

Privacy Notice

Effective Date: 10/09/2025

This Privacy Notice (also "Notice") provides detailed information about the personal data processing practices followed by BRAINBOP LTD, registration No. 15835241, legal address: 50 Gilbert Road, Smethwick, England, B66 4PY (also "Company" or "we"). Here you will find information about the types of personal data being processed, respective purposes and legal bases, how personal data is protected, as well as other important information related to the processing of your personal data. Please review this document carefully to understand our practices related to personal data processing.

If you have any questions, contact us as indicated in the last section ("CONTACT INFORMATION") of this document.

By using our services, you agree to the provisions stipulated by this Notice. For any inquiries, please contact us. If you disagree with anything stated in this document, please discontinue the use of our services.

Data Controller

For UK and Rest of World customers, the Data Controller is BRAINBOP LTD (UK, Reg. No. 15835241). For EEA customers, the Data Controller is БРЕЙНБОП ЕООД (Bulgaria, EIK 207653828). Both entities follow applicable data protection laws (UK GDPR and EU GDPR respectively).

Data Collection Sources

We collect personal data from various sources, including direct interactions where you provide information, such as when creating an account or making purchases. Additionally, we collect data automatically through cookies and similar tracking technologies. We also obtain data from third-party service providers (e.g., payment processors), state authorities, and publicly available sources.

Data Collection and Storage

We adhere to strict data minimization principles, collecting and storing only essential information required for our services and legal compliance.

Our secure SQL database is hosted by Hostinger servers. If personal data is transferred outside the UK/EEA, we ensure compliance through Standard Contractual Clauses (SCCs). Our database contains:

  • User Account Data: Basic account information and encrypted passwords.
  • Contact Information: Email addresses and phone numbers (if provided).
  • Technical Data: IP addresses, device types, and browser details for security purposes.
  • Transaction Data: Necessary order and subscription details for billing.
  • User Support and Communication Data: Stored securely and retained only as needed.

We do not collect or store:

  • Photos, avatars, or detailed workplace information
  • Full names, birthdates, or identification documents
  • Payment card or bank account details
  • Marketing preferences or loyalty program data
  • User-uploaded documents or file contents
  • Video surveillance data

Purposes and Legal Bases for Processing

We utilize your personal data to ensure you receive the highest quality experience with our services. The following outlines how and why we process your data:

  1. Providing Services: To deliver the services you request, in accordance with our agreement with you.
  2. Setting Up and Managing Your Account: To establish and administer your user account, as it is essential for fulfilling our contractual obligations to you.
  3. Processing Orders: To process and manage your orders, as it is integral to our contractual obligations.
  4. Managing Transactions: To conduct and oversee transactions, in line with our agreement and legitimate interests.
  5. Complying with Laws: To adhere to legal and regulatory requirements, as it is a legal obligation.
  6. Engaging with You: To communicate with you, provide support, and deliver service-related information, which is essential for fulfilling our contractual obligations and safeguarding our legitimate interests.
  7. Managing Risks: To assess and manage risks and make informed business decisions, in accordance with our contractual obligations, legal requirements, and legitimate interests.
  8. Marketing and Personalization: We will send marketing communications only with your explicit consent, as required under the UK Privacy and Electronic Communications Regulations (PECR). You can withdraw your consent at any time.
  9. Troubleshooting: To identify and resolve technical issues with our website and services, as it is essential for fulfilling our contractual obligations.
  10. Preventing Fraud: To prevent fraud and misuse of our services, which is necessary for compliance with legal requirements and to protect our legitimate interests.
  11. Handling Disputes: To manage claims and resolve disputes, in line with our contractual obligations, legal requirements, and legitimate interests.
  12. Ensuring Security: To protect our information and assets, in line with our contractual obligations, legal requirements, and legitimate interests.
  13. Improving Services: To enhance and develop our services, in accordance with our legitimate interests.

Recipients of Personal Data

We may share your personal data with trusted partners for the provision of our services, such as payment processors. Additionally, we may disclose your data to state authorities if required by law.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Notice or as required by law. Specifically, we keep data to ensure compliance with legal obligations, such as anti-money laundering (AML) regulations, for a period typically up to 5 years. Additionally, in accordance with UK law (Limitation Act 1980), personal data may be retained for up to 6 years after the end of the business relationship to comply with legal requirements and defend potential claims.

Once your personal data no longer serves any legitimate purpose, we ensure it is securely deleted or anonymized to protect your privacy.

If you have any questions or concerns about our data retention practices, please feel free to contact us.

International Data Transfers

Your personal data may be transferred and processed outside the European Economic Area (EEA). When such transfers occur, we ensure compliance with data protection laws through appropriate safeguards such as Standard Contractual Clauses (SCC).

Security Measures

We take the security and confidentiality of your personal data very seriously and implement a range of technical and organizational measures to protect it. These measures include advanced encryption techniques, strict access controls, and ongoing training for our employees on data protection practices.

We also actively monitor the use of our services to detect and prevent any prohibited activities or violations of our policies. This includes the use of automated systems and manual reviews to ensure compliance with our Terms and Conditions and to protect against malicious activities such as uploading hate speech, offensive content, or any other prohibited materials.

We encourage you to play a role in maintaining the security of your personal data. You can help by using strong, unique passwords and staying vigilant against potential online threats.

If you have any questions or concerns about our security measures, please feel free to contact us. Your privacy and data security are of the utmost importance to us.

Data Subject Rights

You have the following rights regarding your personal data:

  • Access: You can request access to your data and obtain a copy of it.
  • Rectification: If your data is inaccurate or incomplete, you have the right to correct it.
  • Erasure: Under certain conditions, you may request the deletion of your data.
  • Restriction: You can request that we limit the processing of your data in specific situations.
  • Objection: You have the right to object to certain types of processing, such as direct marketing.
  • Portability: You can receive your data in a commonly used and machine-readable format and transfer it to another controller.
  • Withdrawal of Consent: If you have given consent for the processing of your data, you can withdraw it at any time.

Please note that these rights are not absolute and may be subject to legal preconditions. Additionally, to protect your privacy and security, we may need to verify your identity before processing your request.

To exercise any of these rights, please contact us using contact information provided in this Notice.

Automated Decisions and Profiling

We do not make automated decisions with legal effects. However, profiling may be used to provide personalized content and recommendations.

Prohibited Content and Third-Party Consent

While our Privacy Notice primarily focuses on the handling of personal data, it is important to highlight our policies regarding prohibited content and third-party consent:

  • Prohibited Content: We strictly prohibit the uploading, creation, or distribution of any media that contains expressions of hate, abuse, offensive images or conduct, obscenity, pornography, or sexually explicit material. Any attempt to upload such content will result in immediate termination of your account and potential legal action.
  • Third-Party Consent: If you upload a document or picture that includes a third-party individual, you must have obtained written authorization or consent from that person to depict them in the content. By uploading such content, you warrant that you have the necessary rights and permissions to do so, and you agree to indemnify the Company against any claims arising from unauthorized use of third-party content.

These policies are designed to ensure the responsible use of our services and to protect the rights and privacy of all individuals. We encourage all users to adhere strictly to these guidelines.

Monitoring and Enforcement

The Company actively monitors the use of our services to detect and prevent any prohibited activities or violations of our policies. This includes the use of automated systems and manual reviews to ensure compliance with our Terms and Conditions and to protect against malicious activities such as uploading hate speech, offensive content, or any other prohibited materials.

If any prohibited activity is detected, we reserve the right to take appropriate action, including suspending or terminating user accounts and reporting unlawful activities to relevant authorities.

By using our services, you acknowledge and agree to these monitoring practices and the associated consequences for violations.

Lodging a Complaint

If you have any concerns about our data processing activities, please do not hesitate to contact us. We are committed to addressing your concerns and ensuring your satisfaction. Additionally, you have the right to lodge a complaint with the supervisory authority if you feel that your data protection rights have been violated. If you are a UK resident, you may lodge a complaint with the Information Commissioner's Office (ICO). If you are an EEA resident, you may lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP).

Changes to the Privacy Notice

We may update this Privacy Notice to reflect changes in our practices. The updated version will be published on our website. Significant changes will be communicated to you separately through appropriate communication channels.

Contact Information

For any questions, contact us at: hello@file.energy