Legal

Privacy Policy

Effective 06 July 2026 · Governing law: England and Wales · Regulated under the UK GDPR & Data Protection Act 2018.

At FrontBrain AI, operated by FrontBrain AI LTD (“we,” “us,” or “our”), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our SaaS platform, or interact with our services.

Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Who we are (Data Controller)

FrontBrain AI LTD is the data controller for personal data processed through this website and the FrontBrain AI platform. We are a company incorporated in England and Wales.

2. Information we collect

We collect information that you provide directly to us, as well as information generated automatically when you use the Service:

We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

3. Legal basis for processing

Under the UK GDPR we rely on the following lawful bases (Article 6):

4. How we use your data

5. Credential security & encryption

FrontBrain AI is built with a security-first architecture. Any credentials, API keys, private keys, passwords, model keys, API tokens, service account JSON, certificates, or client workspace scopes you connect to the Platform are encrypted in transit and at rest within our secure credential vault. These credentials are used solely to execute the tasks you authorise and are never displayed back in plain text or shared with unauthorised parties. BYOK keys and infrastructure credentials are used only to perform authorised model calls, tool actions, or connected-system workflows requested through the platform.

6. Remote Gateway — customer-side agent

If you choose to deploy the FrontBrain AI Remote Gateway inside your network, the agent installed on your machine is a small Linux service. The data flows are deliberately narrow and asymmetric:

What the gateway sends to FrontBrain AI Cloud:

What stays on the gateway machine and never leaves your network:

What FrontBrain AI Cloud stores about the gateway:

You can pull either the cloud audit log (per tenant, per workspace, or per gateway) as NDJSON for ingestion into your own SIEM. The local JSONL log is yours to ship anywhere you want.

7. Data sharing & disclosures

We do not sell your personal data. We share your information with trusted third-party processors required to operate the Service, all bound by written data-processing agreements that meet UK GDPR requirements:

A current sub-processor list is available on request from privacy@frontbrain.ai.

8. International transfers

Some of our sub-processors are located outside the United Kingdom. Where we transfer personal data outside the UK, we rely on one of the following safeguards:

You can request a copy of the relevant safeguards by writing to privacy@frontbrain.ai.

9. Retention

We keep personal data only for as long as is necessary for the purposes described above and to meet our legal obligations:

After the applicable retention period ends, we delete or irreversibly anonymise the data.

10. Cookies & similar technologies

Our website uses a small number of cookies. On your first visit you will see a consent banner offering three options: Accept all, Reject non-essential, or Customise. Your choice is remembered locally and can be changed at any time from the “Cookie settings” link in the footer.

We use the following categories:

We do not currently load any analytics or marketing cookies. If that changes, the consent banner will be updated to enumerate them by name, purpose, provider, and duration before any such cookie is set. You can withdraw consent at any point by clicking “Cookie settings” in the footer, which clears the stored preference and re-shows the banner.

11. Your rights under the UK GDPR

You have the following rights over your personal data:

To exercise any of these rights, email privacy@frontbrain.ai. We will respond within one month, extendable by a further two months for complex requests. Access requests are free of charge except where they are manifestly unfounded or excessive.

12. Complaints — Information Commissioner’s Office (ICO)

If you are unhappy with how we have handled your personal data, we would like a chance to put it right — please contact us first at privacy@frontbrain.ai. You also have the right to lodge a complaint with the UK Information Commissioner’s Office:

13. Security

We use technical and organisational measures appropriate to the risk to protect personal data, including TLS in transit, encryption at rest, credential vaulting, workspace isolation, approval gates, and audit logging. No system is perfectly secure, but if we ever suspect a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO and, where required, affected users without undue delay.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or regulatory requirements. We will post any updates on this page and revise the effective date accordingly. Where changes are material, we will also give you reasonable prior notice by email or in-app.

15. Contact us

If you have any questions or concerns about this Privacy Policy or our data-handling practices, please contact us at privacy@frontbrain.ai.