GDPR Notice

1. Introduction

Bravery Technology LTD ("Bravery", "we", "us") is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This GDPR Notice explains how we process your personal data, your rights as a data subject, and how you can exercise those rights.

This notice should be read in conjunction with our Privacy Policy, which provides comprehensive details about our data processing practices.

2. Data Controller

The data controller responsible for the processing of your personal data is:

• Company: Bravery Technology LTD
• Country: United Kingdom
• Email: info@braverytechnology.com

As the data controller, Bravery determines the purposes and means of processing personal data collected through the Bravery AI platform ("Platform").

3. Legal Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following legal bases:

a) Performance of a Contract (Article 6(1)(b))

Processing that is necessary for the performance of our contract with you, including account creation and management, provision of AI-powered chat services, project and file management, and subscription and billing management.

b) Legitimate Interests (Article 6(1)(f))

Processing that is necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms. This includes ensuring Platform security and preventing unauthorised access, fraud detection and prevention, improving service quality and user experience, and technical troubleshooting and system maintenance.

c) Consent (Article 6(1)(a))

Where we rely on your consent for processing, including the use of conversation data for AI model training, processing of optional location data, and the memory feature that retains information from previous conversations. You may withdraw your consent at any time through your account settings without affecting the lawfulness of processing carried out prior to withdrawal.

d) Legal Obligation (Article 6(1)(c))

Processing that is necessary to comply with our legal obligations, including retention of financial records as required by law, responding to lawful requests from regulatory authorities, and compliance with applicable data protection legislation.

4. Data Subject Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

a) Right of Access (Article 15)

You have the right to obtain confirmation as to whether your personal data is being processed and, where that is the case, to access the personal data and information about how it is being processed. You may request a copy of the personal data we hold about you.

b) Right to Rectification (Article 16)

You have the right to obtain the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

c) Right to Erasure (Article 17)

You have the right to obtain the erasure of your personal data without undue delay where the data is no longer necessary for the purposes for which it was collected, you withdraw your consent and there is no other legal basis for processing, or the data has been unlawfully processed. You may delete your account and all associated data through the settings page in the Platform.

d) Right to Restrict Processing (Article 18)

You have the right to obtain the restriction of processing where you contest the accuracy of the personal data, the processing is unlawful and you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification of our legitimate grounds.

e) Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used and machine-readable format. Our Platform provides a data export feature that allows you to download all your data in a ZIP archive, including conversations, projects and account information.

f) Right to Object (Article 21)

You have the right to object to the processing of your personal data based on legitimate interests. Where you object, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

g) Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Bravery does not currently make automated decisions that produce legal effects on users. AI-generated responses are provided as informational assistance and do not constitute automated decision-making within the meaning of Article 22.

5. Data Protection Officer

For all matters relating to data protection and the exercise of your rights under the UK GDPR, you may contact us at:

• Email: info@braverytechnology.com

We endeavour to respond to all data protection enquiries within 30 days, in accordance with the requirements of the UK GDPR.

6. International Data Transfers

Your personal data is stored on servers located in the United Kingdom. As data is stored within the UK, it is subject to the protections afforded by the UK GDPR and the Data Protection Act 2018.

Payment processing is handled by Stripe, which may process data through its global infrastructure. Stripe maintains appropriate safeguards in compliance with applicable data protection regulations.

Where Bravery receives infrastructure support from third-party AI services, data is shared only for the purpose of service delivery with appropriate security measures and contractual safeguards in place.

7. Data Retention

We retain your personal data in accordance with the following periods:

• Account data: Retained while your account is active. Upon account deletion, all data is permanently erased within 30 days.
• Chat and content data: Retained while your account is active. Individual conversations may be deleted at any time.
• Memory data: Retained until you reset the memory or delete your account.
• Technical log data: Retained for a maximum of 1 year for security purposes.
• Payment records: Retained for 10 years in accordance with legal obligations.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Bravery will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by Article 33 of the UK GDPR
• Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by Article 34 of the UK GDPR
• Document all personal data breaches, including the facts relating to the breach, its effects and the remedial actions taken

9. Complaints

If you are dissatisfied with how we handle your personal data or believe that your data protection rights have been infringed, you have the right to lodge a complaint with the supervisory authority:

• Information Commissioner's Office (ICO)
• Website: ico.org.uk
• Telephone: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us at info@braverytechnology.com in the first instance.

10. Changes

Bravery reserves the right to update this GDPR Notice from time to time. Significant changes will be communicated via the Platform or by email. The updated notice takes effect on the date of publication. Your continued use of the Platform constitutes acceptance of the updated notice.

11. Contact

For questions about this GDPR Notice or the exercise of your data protection rights, you may contact us:

• Email: info@braverytechnology.com