What we collect and why.
We collect the minimum necessary to operate the platform. Tenant data stays tenant-scoped at the database layer. Audit logs record platform operations, not customer data contents. Email privacy@brainstorm.co for specifics, DPA, or deletion requests.
/ 01
Collection
Operational telemetry only.
Account email, tenant ID, audit events. We do not collect tenant content for cross-tenant analytics. Sentinel grid metrics aggregate by product, not by tenant.
/ 02
Storage
AWS us-east-1, encrypted.
PostgreSQL RDS with at-rest AES-256. TLS 1.3 in transit. Backups encrypted with the same key envelope. EU residency planned for SOC 2 window.
/ 03
Sharing
Only with subprocessors we publish.
Vendor processors listed at /subprocessors. We notify customers before adding new processors. No data sold; no cross-tenant analytics; no third-party ad pixels.
/ 04
Your rights
Access, export, delete.
Enterprise tenants can query the platform audit chain for their own data. Right-to-erasure honored via a ChangeSet template. Email privacy@brainstorm.co with the request.