Privacy Policy

Last updated: April 2, 2026

The Up Sp. z o.o. ("Brain," "we," "us") builds deterministic governance infrastructure for autonomous AI systems. We take data privacy seriously — not because a regulation says to, but because our entire product exists to make AI systems more trustworthy. It would be contradictory to be careless with yours.

What we collect

We collect only what's necessary to provide and improve Brain:

• Account information — name, email, company name when you request a demo or create an account
• Usage telemetry — API call volumes, gate latency, error rates. Aggregated, never including your knowledge graph content
• Support communications — emails and messages you send us

What we never collect

Brain is a truth layer that sits between your agents and your knowledge base. We are architecturally incapable of accessing:

• Your knowledge graph content (entities, relationships, claims)
• Your agent prompts, responses, or conversation logs
• Your conflict resolution decisions or audit trails
• Any data processed through self-hosted or VPC deployments

Brain's consensus scoring, conflict detection, and audit sealing all happen within your infrastructure boundary. We provide the engine. Your data never leaves your environment.

How we use your data

• To provide and maintain the Brain service
• To communicate with you about your account or our services
• To improve system reliability and performance (using aggregated, anonymized telemetry only)
• To comply with legal obligations

Data retention

Account data is retained while your account is active and for 30 days after deletion. Aggregated telemetry is retained for 12 months. Support communications are retained for 24 months. You can request deletion of your data at any time.

Third-party services

We use a limited set of infrastructure providers:

• Google Cloud Platform — hosting and authentication (EU regions available)
• MongoDB Atlas — account metadata storage
• Stripe — payment processing (we never store card details)

We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.

Your rights

Under GDPR, you have the right to access, correct, delete, port, and restrict processing of your personal data. Under CCPA, California residents have additional rights including the right to know and the right to opt-out. To exercise any of these rights, contact us at the address below.

EU AI Act compliance

Brain is designed to help our customers comply with EU AI Act Articles 11, 12, and 13. We practice what we build — our own data processing is documented, auditable, and transparent.

Changes to this policy

We'll notify you of material changes via email at least 30 days before they take effect. Minor clarifications may be made without notice.