Skip to content
Book a demo

PRIVACY POLICY

MyCerebro

Effective Date: May 26, 2026

Last Updated: May 26, 2026

1. Introduction

MyCerebro ("MyCerebro," "we," "us," or "our") provides a business-to-business software-as-a-service platform that delivers proprietary product data, search, and related functionality to electrical distributors, specifiers, manufacturers, and other authorized business customers (the "Service"). This Privacy Policy describes the categories of personal information and other data that we collect, how we use and share that information, and the rights and choices available to individuals whose information we process.

This Policy applies to information that we collect through (a) our website at mycerebro.ai and any associated subdomains (collectively, the "Website"); (b) the MyCerebro application, dashboard, and application programming interfaces (collectively, the "Platform"); and (c) related communications, support interactions, sales activities, and marketing channels (together with the Website and Platform, the "Service").

Please read this Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with the practices described here, please do not use the Service.

2. Scope and Application

MyCerebro is a business-to-business platform. We do not knowingly market the Service to, or solicit personal information from, individual consumers or minors. This Policy applies to the following categories of individuals:

  1. Authorized Users — individuals who access the Platform on behalf of a customer organization that has entered into a master services agreement, order form, or similar commercial agreement with MyCerebro ("Customers");
  2. Website Visitors — individuals who visit or interact with the Website, including prospective customers and the general public;
  3. Business Contacts — individuals at prospective customers, suppliers, partners, or manufacturer licensors with whom we communicate in a commercial or professional capacity; and
  4. Job Applicants — individuals who apply for employment or contractor engagements with MyCerebro.

Where a Customer organization is the controller of personal information processed through the Platform (for example, employee directory information, internal user identifiers, or query records initiated by Customer's Authorized Users), this Policy describes our practices as a processor or service provider acting on the Customer's behalf. The Customer's own privacy notices and internal policies govern its handling of such personal information, and the Customer remains responsible for providing required disclosures and obtaining required consents from its Authorized Users.

3. Information We Collect

We collect personal and non-personal information from and about you in three principal ways: information you provide directly, information collected automatically through your use of the Service, and information received from third parties.

3.1 Information You Provide Directly

  1. Account and Registration Information: name, business email address, business telephone number, company name, job title, and credentials used to authenticate to the Platform. Where Customers use single sign-on or federated identity, we receive only the identifiers that the identity provider returns to us.
  2. Billing and Commercial Information: billing contact name, billing email, tax identification number, purchase order data, and limited payment method metadata. We do not store full payment card numbers; card data is processed and stored by our third-party payment processor (Stripe, Inc.).
  3. Communications: the content of emails, support tickets, chat messages, demonstration requests, recorded sales or onboarding calls (where lawfully consented to), and any other communications you direct to us.
  4. Query and Input Content: the search queries, parameters, filters, prompts, uploads, attachments, comments, and other content that you submit to the Platform in the course of using it ("Customer Data").
  5. Survey and Feedback Responses: responses you provide to product surveys, beta program intake forms, net promoter score requests, and similar feedback mechanisms.

3.2 Information Collected Automatically

When you interact with the Service, we and our service providers automatically collect certain information about your device and your interaction with the Service, including:

  1. Usage Data: features accessed, queries executed, query latency and result counts, click and scroll behavior, session duration, error events, API method invocations, and other telemetry generated by your interactions with the Platform.
  2. Device and Connection Data: IP address, browser type and version, operating system, device identifiers, screen resolution, language preference, time zone, and referring or exit pages.
  3. Cookies and Similar Technologies: we use cookies, web beacons, pixels, local storage, and similar technologies on the Website and Platform. See Section 11 (Cookies and Tracking) for details.
  4. Logs and Audit Records: security and access logs, including authentication events, permission changes, and per-query audit records used for billing reconciliation and abuse detection.

3.3 Information from Third Parties

  1. Identity Providers: when an Authorized User authenticates through a Customer's single sign-on or social identity provider (for example, Microsoft Entra ID, Google Workspace, or Okta), we receive the identifiers and profile attributes that the provider releases to us.
  2. Enrichment and Marketing Vendors: we may receive business contact data, firmographic data (industry, company size, location), and intent signals from data enrichment vendors and marketing platforms (including HubSpot, Inc.) for purposes of marketing, sales prospecting, and account management.
  3. Manufacturer Licensors and Data Partners: we receive product specifications, catalog data, and related materials from manufacturers and other data partners under license; this content is not personal information about you.
  4. Publicly Available Sources: we may collect information from publicly available business sources such as company websites, professional networks, government registries, and trade publications.

4. How We Use Personal Information

We use the information described in Section 3 for the following purposes:

  1. Service Delivery: to provision accounts, authenticate users, deliver the features of the Platform, return query results, generate usage reports, and provide technical support.
  2. Billing and Account Management: to meter usage, calculate fees, issue invoices, process payments through our payment processor, manage subscriptions, and collect amounts owed.
  3. Service Improvement and Research: to monitor performance, debug errors, conduct analytics, evaluate feature usage, and perform internal research to improve the relevance, accuracy, and reliability of the Service.
  4. Model Training and Development: as further described in Section 5, we use certain Customer Data and Usage Data to train, fine-tune, evaluate, and improve the machine learning models and retrieval systems that power the Platform.
  5. Security, Fraud Prevention, and Abuse Detection: to detect, investigate, and prevent unauthorized access, fraudulent activity, abuse of the Service, scraping, and violations of our Terms of Service.
  6. Communications: to send service-related messages (such as security alerts, billing notices, and policy updates), respond to inquiries, and — where permitted — send marketing communications about products, features, events, and offers.
  7. Legal and Compliance: to comply with applicable laws, regulations, court orders, and lawful requests from public authorities; to enforce our agreements; and to establish, exercise, or defend legal claims.
  8. Corporate Transactions: to evaluate, negotiate, and complete corporate transactions such as financings, acquisitions, mergers, divestitures, and reorganizations.

Where we rely on consent as our legal basis for processing (for example, certain marketing communications or non-essential cookies), you may withdraw that consent at any time as described in Section 10.

5. Artificial Intelligence and Machine Learning

The Platform relies on machine learning models, embedding-based retrieval systems, and other artificial intelligence components. This section explains how we use Customer Data and Usage Data in connection with those components. We treat this disclosure as material and encourage you to read it carefully.

5.1 What We Train On

Subject to the restrictions in Section 5.3 and to any individually negotiated terms in a Customer's master services agreement or data processing addendum, we use the following categories of data to train, fine-tune, evaluate, and improve the machine learning models, embeddings, ranking systems, and retrieval pipelines used in the Service:

  1. Query content, parameters, and filters submitted to the Platform;
  2. Click, dwell, and selection signals generated by interactions with query results;
  3. Explicit feedback signals such as ratings, flags, corrections, and comments;
  4. Aggregated and de-identified usage telemetry; and
  5. Synthetic data derived from the foregoing categories.

5.2 What We Do Not Train On

We do not use the following for model training: full payment card numbers, government-issued identification numbers, authentication credentials, content explicitly marked confidential under a signed agreement that excludes training, or personal information of individuals located in jurisdictions that require explicit opt-in consent for such use where that consent has not been obtained.

5.3 Customer Opt-Out and Enterprise Controls

Customers may, by written agreement (typically in a master services agreement, data processing addendum, or order form), elect to exclude their Customer Data from model training. Upon execution of such an election, we will configure the Customer's tenant so that its Customer Data is processed solely for purposes of delivering the Service to that Customer and is not incorporated into general model training datasets. Customers seeking to make this election should contact support@mycerebro.ai.

5.4 De-Identification and Aggregation

Where we use Customer Data for training, we apply reasonable measures to remove or obscure direct identifiers (such as named contacts, account identifiers, and free-text fields that may contain personal information) before incorporating the data into training corpora. Outputs of trained models do not reproduce verbatim Customer Data of any particular Customer except where that Customer is itself querying the Platform within its own tenant.

5.5 Automated Decision-Making

The Service produces ranked search results, recommendations, and similar outputs through automated processing. These outputs are decision-support tools intended for evaluation by qualified human users (such as electrical specifiers, estimators, and purchasing professionals); they are not intended to produce legal or similarly significant effects on individuals without human review. If you are subject to laws that grant additional rights with respect to automated decision-making (such as the EU General Data Protection Regulation or the California Consumer Privacy Act as amended), you may exercise those rights as described in Section 10.

6. How We Share Information

We share personal information only in the limited circumstances described below. We do not sell personal information in the traditional sense of exchanging it for monetary consideration, and we do not engage in "cross-context behavioral advertising" as that term is defined under the California Consumer Privacy Act.

6.1 Sub-Processors and Service Providers

We engage trusted third-party vendors to perform functions on our behalf. These sub-processors are bound by contract to use personal information only as instructed by MyCerebro and to maintain appropriate technical and organizational safeguards. Our current sub-processors include:

  1. Google Cloud Platform (Google LLC): cloud infrastructure, including managed database (AlloyDB for PostgreSQL), compute, storage, and networking, hosted in the United States.
  2. Microsoft Azure (Microsoft Corporation): identity and secrets management services (Microsoft Entra ID and Azure Key Vault) used to authenticate users and protect credentials.
  3. HubSpot, Inc.: customer relationship management, email marketing, and sales operations.
  4. Stripe, Inc.: payment processing for credit card transactions.
  5. Operational Vendors: communications providers (email delivery and transactional messaging), customer support tooling, analytics providers, security vendors, and professional advisors such as accountants and counsel.

An up-to-date list of sub-processors is available upon request by writing to support@mycerebro.ai. We will provide reasonable advance notice of any material change to our sub-processor list to Customers who have subscribed to receive such notice through their master services agreement.

6.2 Manufacturer Partners

Where a Customer's use of the Service involves manufacturer-licensed content, we may share limited query and usage data with the relevant manufacturer or licensor solely as required to demonstrate compliance with our license obligations, to facilitate royalty calculations, or to permit the manufacturer to authorize the Customer's access to the content. We do not share Customer-identifiable query content with manufacturers for the manufacturer's own marketing or commercial purposes without the Customer's prior written consent.

6.3 Legal and Compliance Disclosures

We may disclose personal information to courts, regulators, law enforcement, and other governmental authorities (a) in response to lawful requests, including subpoenas, court orders, and search warrants; (b) where we believe in good faith that disclosure is necessary to comply with applicable law; (c) to protect the rights, property, or safety of MyCerebro, our Customers, our personnel, or the public; or (d) to enforce our Terms of Service or other agreements. Where lawful and practicable, we will notify the affected Customer before responding to such requests.

6.4 Corporate Transactions

In the event of a merger, acquisition, financing, reorganization, sale of all or substantially all of our assets, or other corporate transaction, personal information may be transferred to the surviving or acquiring entity. We will notify Customers and Authorized Users of any such transaction that materially changes how their information is processed, to the extent required by law.

6.5 With Your Direction or Consent

We share personal information with additional third parties when you or your Customer organization direct us to do so or otherwise consent.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specific retention practices include:

  1. Account and Profile Information: retained for the duration of the Customer's subscription and for up to twelve (12) months following termination, unless deletion is requested earlier.
  2. Customer Data and Query Records: retained in identifiable form for up to twenty-four (24) months from the date of generation, after which records are either deleted or de-identified and aggregated for analytics and model evaluation purposes.
  3. Billing and Tax Records: retained for the period required by applicable tax, accounting, and audit laws, typically seven (7) years from the close of the fiscal year to which the records relate.
  4. Security and Audit Logs: retained for up to thirty-six (36) months for the purpose of security investigations, incident response, and regulatory compliance.
  5. Marketing Records: retained until you unsubscribe or until the contact has been inactive for thirty-six (36) months, whichever is sooner.

After the applicable retention period, we will delete, anonymize, or aggregate the relevant information so that it cannot reasonably be associated with an individual.

8. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our safeguards include encryption of data in transit using current industry-standard transport-layer security; encryption of data at rest in our managed database and object storage layers; least-privilege access controls; multi-factor authentication for administrative access; centralized secrets management; vulnerability scanning; logging and monitoring; periodic access reviews; and incident response procedures.

Despite these measures, no system can be guaranteed to be completely secure. We cannot warrant the absolute security of any information you transmit to us, and you transmit such information at your own risk. If we become aware of a security incident that materially affects your personal information, we will notify you and applicable authorities to the extent required by law and our contractual commitments.

9. International Data Transfers

MyCerebro is headquartered in the United States, and our primary processing infrastructure is located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and may be accessible from other jurisdictions where our personnel or service providers operate. These jurisdictions may have data protection laws that differ from those of your home jurisdiction.

Where we transfer personal information of individuals located in the European Economic Area, the United Kingdom, or Switzerland to a country that has not been recognized by the relevant authority as providing an adequate level of data protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses, the United Kingdom's International Data Transfer Addendum, and any successor or replacement mechanisms. You may request a copy of the relevant transfer mechanism by writing to support@mycerebro.ai.

10. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights with respect to your personal information. We honor these rights to the extent required by applicable law and after verifying your identity. Where you are an Authorized User of a Customer, certain rights are exercised through your Customer organization, which is the controller of your information; we will refer such requests to the relevant Customer.

10.1 Residents of the European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the UK, or Switzerland, the General Data Protection Regulation, the UK GDPR, or the Swiss Federal Act on Data Protection (as applicable) grants you the following rights:

  1. Right of access: to obtain confirmation of whether we process your personal information and to receive a copy of that information;
  2. Right to rectification: to have inaccurate or incomplete personal information corrected;
  3. Right to erasure: to request deletion of your personal information in defined circumstances;
  4. Right to restriction: to limit our processing of your personal information in defined circumstances;
  5. Right to data portability: to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller;
  6. Right to object: to object to processing based on our legitimate interests, including direct marketing;
  7. Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of prior processing; and
  8. Right to lodge a complaint: with your supervisory authority.

10.2 California Residents

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), grants you the following rights:

  1. Right to know: to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share information;
  2. Right to delete: to request deletion of personal information we have collected from you, subject to statutory exceptions;
  3. Right to correct: to request correction of inaccurate personal information;
  4. Right to opt out of sale or sharing: California law treats certain disclosures of personal information for cross-context behavioral advertising as a "sale" or "sharing." We do not sell or share personal information as those terms are defined under the CCPA;
  5. Right to limit use of sensitive personal information: to direct us to limit our use of your sensitive personal information to permitted purposes. We do not use sensitive personal information beyond the purposes permitted under the CCPA;
  6. Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at support@mycerebro.ai. An authorized agent may submit a request on your behalf with appropriate proof of authorization.

10.3 Residents of Other U.S. States

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Tennessee, New Jersey, New Hampshire, Minnesota, Maryland, Rhode Island, and other states with comprehensive consumer privacy laws may have rights analogous to those described above, including rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of certain processing activities such as targeted advertising, the sale of personal information, and profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise these rights, contact us at support@mycerebro.ai.

10.4 Exercising Your Rights

To exercise any of the rights described in this Section 10, please submit a request to support@mycerebro.ai. We will respond to verifiable requests within the timeframes required by applicable law. We may require additional information to verify your identity before fulfilling a request. If we decline to act on a request, we will explain the basis for that decision and inform you of your right to appeal where applicable.

11. Cookies and Tracking Technologies

We use cookies and similar technologies on the Website and Platform. The categories of cookies we use are:

  1. Strictly Necessary Cookies: required to operate the Service, including authentication, session management, security, and load balancing. These cannot be disabled through our consent interface.
  2. Functional Cookies: used to remember user preferences such as language and display settings.
  3. Analytics Cookies: used to understand how visitors interact with the Website and Platform. We use Google Analytics 4 for first-party analytics.
  4. Marketing and CRM Cookies: used to support marketing campaigns and customer engagement. We use HubSpot for marketing automation and customer relationship management.

You can manage non-essential cookies through the consent interface presented on first visit to the Website and through your browser settings. Disabling cookies may affect the functionality of the Service.

We do not currently respond to browser "Do Not Track" signals because no common industry standard for honoring such signals has been finalized. We do honor opt-out preference signals (such as the Global Privacy Control) as required by applicable law.

12. Children's Privacy

The Service is intended exclusively for business users who are at least eighteen (18) years of age. We do not knowingly collect personal information from children under the age of eighteen. If we become aware that we have inadvertently collected personal information from a child under eighteen, we will promptly delete that information. If you believe that a child has provided personal information to us, please contact support@mycerebro.ai.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes to our practices, the Service, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this Policy and provide additional notice — for example, through an email to the registered Customer contact or a notice on the Website or Platform — as appropriate to the nature of the change. Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of the updated terms.

14. How to Contact Us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, please contact us:

MyCerebro

Email: support@mycerebro.ai

Website: https://mycerebro.ai