BrevantBack to home

Privacy Policy

Last updated: March 30, 2026

1. Introduction

Brevant ("we," "our," or "us") operates the brevant.ai platform, an AI-powered business advisory service for small business owners. This Privacy Policy explains how we collect, use, store, and protect your personal and business information when you use our services.

By using Brevant, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials. If you sign up via Google OAuth, we receive your name, email address, and profile picture from Google.

Business Data

To provide personalised advice, we collect business information you provide during onboarding and ongoing use, including:

  • Business name, industry, and description
  • Financial data (revenue, margins, employee count)
  • Goals, challenges, and strategic priorities
  • Competitive landscape and market information

Conversations and Check-ins

We store your chat conversations with the AI assistant and weekly check-in submissions. These are used to build persistent memory and provide contextually relevant advice over time.

Documents

You may upload documents (financial statements, contracts, plans) for AI analysis. These are stored securely and processed only to provide insights relevant to your business.

Usage Data

We collect standard usage analytics (pages visited, feature usage, session duration) via Vercel Analytics to improve the product experience.

3. How We Use Your Information

  • AI-powered advice: Your business data, conversations, and check-ins are used to generate personalised insights, decision simulations, and strategic recommendations.
  • Persistent memory: We maintain a structured knowledge base about your business so the AI assistant can provide contextually relevant advice across sessions.
  • Proactive insights: We analyse your business data periodically to identify trends, risks, and opportunities, delivered as actionable notifications.
  • Service improvement: Aggregated, anonymised usage patterns help us improve features and user experience.
  • Communications: We send transactional emails (check-in reminders, weekly digests, account notifications) and occasional product updates.

4. AI Processing and Third-Party Services

Brevant uses artificial intelligence to analyse your data and generate advice. Your data is processed by the following third-party services:

  • Anthropic (Claude): Powers our conversational AI assistant, insight generation, decision simulation, and strategy analysis. Your business context and conversation history are sent to Anthropic's API to generate responses. Anthropic does not use your data to train its models.
  • OpenAI: Used for generating text embeddings (semantic search) and voice transcription. Embedding inputs are limited to conversation snippets and check-in summaries. OpenAI does not use API data to train its models.
  • Supabase: Provides our database (PostgreSQL), authentication, and file storage infrastructure. All data is encrypted at rest and in transit.
  • Stripe: Handles payment processing. We do not store your credit card details — all payment information is processed and stored directly by Stripe in accordance with PCI-DSS standards.
  • Resend: Delivers transactional and notification emails (check-in reminders, weekly digests, account notifications).
  • Vercel: Hosts the application and provides analytics on usage patterns.
  • Sentry: Captures error reports and performance data to help us identify and fix issues quickly.

5. Data Storage and Security

Your data is stored in Supabase-managed PostgreSQL databases with the following security measures:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Row Level Security (RLS) policies ensuring users can only access their own data
  • Secure authentication via Supabase Auth with support for email and OAuth providers
  • Regular security audits and infrastructure monitoring

Uploaded documents are stored in Supabase Storage with access-controlled buckets. Files are encrypted at rest and only accessible to the account owner.

6. Cookies and Authentication

We use essential cookies to maintain your authentication session. These are strictly necessary for the service to function and cannot be disabled. We do not use advertising or tracking cookies.

Vercel Analytics collects anonymised usage data using a privacy-friendly, cookie-free approach.

7. Data Retention

  • Active accounts: Your data is retained for as long as your account is active and you maintain an active subscription.
  • Cancelled subscriptions: Your data is retained for 90 days after subscription cancellation, after which it is permanently deleted unless you reactivate.
  • Account deletion: When you delete your account, all associated data (business profiles, conversations, documents, insights) is permanently deleted within 30 days.
  • Backups: Encrypted database backups may retain your data for up to 30 additional days after deletion as part of disaster recovery procedures.

8. Your Rights

You have the following rights regarding your personal and business data:

  • Access: Request a copy of all data we hold about you and your business.
  • Export: Download your business data, conversations, and check-in history in a portable format.
  • Correction: Update or correct any inaccurate information in your business profile.
  • Deletion: Delete your account and all associated data at any time from the Settings page.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at hello@brevant.ai. We will respond to all requests within 30 days.

9. GDPR Compliance

For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

  • Contract performance: Processing necessary to provide the Brevant service you have subscribed to.
  • Legitimate interests: Service improvement, security monitoring, and fraud prevention.
  • Consent: Optional marketing communications and non-essential data processing, which you can withdraw at any time.

You have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.

10. Children's Privacy

Brevant is designed for business owners and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on the platform. Your continued use of Brevant after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: hello@brevant.ai