Privacy Policy
Etra Global AI. (“we,” “us,” or “our”) operates Brunu, available at brunu.ai. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service. It is designed to comply with the General Data Protection Regulation (GDPR) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Information We Collect
Account Information
When you register, we collect information through Clerk, our authentication provider. This includes your name, email address, and any OAuth profile information from providers you use to sign in (e.g., Google). Clerk processes this data under its own privacy policy and acts as a data processor on our behalf.
Usage and Interaction Data
- Chat messages — the content of your conversations with Brunu, stored to maintain session continuity and improve the Service
- Forecast interactions — predictions you create, view, or interact with, including timestamps and outcomes
- Watchlist data — topics, assets, or entities you choose to monitor
- Document uploads — files you upload for analysis, temporarily processed and stored per our retention policy
Behavioral and Trading Pattern Data
Brunu analyzes patterns in how you interact with markets, forecasts, and financial data to improve the accuracy and relevance of its outputs. This includes the sequence of assets you view, the timing of your interactions, and forecast accuracy over time. You can opt out of this behavioral analysis at any time in Settings → Privacy. Opting out will not affect your ability to use the Service, but may reduce personalization quality.
Technical Data
We automatically collect certain technical information including your IP address, browser type and version, device type, operating system, referring URLs, and pages visited within the Service. This data is used for security, debugging, and aggregate analytics.
2. How We Use Your Information
We process your personal information for the following purposes:
- To provide and operate the Service — including authenticating your account, processing your queries, and returning AI-generated responses
- To improve forecast accuracy — using aggregated and anonymized interaction data to train and refine our models
- To personalize your experience — tailoring content, watchlists, and intelligence feeds to your stated interests and usage patterns
- To communicate with you — sending service notifications, security alerts, and (with your consent) product updates
- To enforce our Terms of Use — detecting and preventing abuse, fraud, and unauthorized access
- To comply with legal obligations — responding to lawful requests from authorities where required
3. Data Storage and Security
Your data is stored in PostgreSQL databases hosted on Supabase, with encryption at rest using AES-256 and in transit via TLS 1.2+. Our servers are located in Canada and the United States. We implement industry-standard security controls including access controls, audit logging, and regular security reviews.
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by law.
4. Third-Party Services
We share data with the following service providers who act as data processors:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication and identity management | Email, name, OAuth tokens |
| Anthropic / OpenAI | AI language model processing | Chat message content (no PII by default) |
| Supabase | Database and file storage | All structured user data |
| Vercel | Web hosting and edge delivery | IP address, request metadata |
| CoinGecko | Cryptocurrency market data | No personal data (query parameters only) |
| FRED (Federal Reserve) | Macroeconomic data | No personal data |
We do not sell your personal information to third parties. We do not share your data with advertisers or data brokers.
5. Cookies and Local Storage
The Service uses cookies and browser local storage to maintain your session, store user preferences, and remember authentication state. These are necessary for the Service to function and cannot be disabled without affecting functionality. We do not use third-party advertising cookies or cross-site tracking.
Session cookies expire when you close your browser. Persistent cookies and local storage data may be retained for up to 12 months or until you clear your browser data.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data. Under GDPR (EU/EEA residents) and PIPEDA (Canadian residents), these include:
- Right of Access (GDPR Art. 15) — Request a copy of the personal data we hold about you
- Right to Rectification (GDPR Art. 16) — Request correction of inaccurate or incomplete data
- Right to Erasure (GDPR Art. 17) — Request deletion of your personal data, subject to legal retention requirements
- Right to Restriction (GDPR Art. 18) — Request that we limit processing of your data in certain circumstances
- Right to Data Portability (GDPR Art. 20) — Receive your data in a machine-readable format
- Right to Object (GDPR Art. 21) — Object to processing based on legitimate interests, including behavioral analysis
- Right to Withdraw Consent — Withdraw consent for processing where consent was the lawful basis
To exercise any of these rights, contact us at info@etra.global. We will respond within 30 days. In most cases, you can also access, edit, or delete your data directly in Settings.
7. Data Retention
We retain your data for the following periods:
- Account data — Retained for the duration of your account, plus 90 days after deletion to allow for recovery
- Chat messages — Retained for 12 months from the date of creation, then deleted unless you have an active subscription
- Uploaded documents — Retained for 30 days after the analysis session, then deleted
- Behavioral and forecast data — Retained for up to 24 months in identifiable form, then anonymized
- Technical logs — Retained for 90 days
8. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at info@etra.global and we will promptly delete the information.
9. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including Canada and the United States. When transferring data from the EU/EEA, we rely on standard contractual clauses approved by the European Commission or other appropriate transfer mechanisms to ensure your data is protected.
10. Email, Messaging and Device Integrations
Brunu can compose emails and text messages on your behalf using its agent capabilities. However, Brunu never sends messages automatically. All composed messages are opened in your device's native app (Messages, Mail, or your default email client) for you to review, edit, and send at your discretion.
Brunu does not access, read, monitor, or store your email inbox, sent messages, text message history, or any other private communications. The messaging integration is strictly one-directional: Brunu composes a draft and hands it to your device. Your email credentials, accounts, and message content are never transmitted to or processed by our servers.
When you use the contacts import feature, Brunu reads contact names, phone numbers, and email addresses from your device's address book to enable messaging. This data is stored securely in your private Brunu account and is never shared with other users, used for marketing, or sold to third parties. You can delete your imported contacts at any time from Settings.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date at the top of this page and, where appropriate, by email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
12. Contact and Data Controller
Etra Global AI. is the data controller for personal information collected through the Service. For privacy inquiries, data requests, or complaints:
info@etra.global
Etra Global AI., British Columbia, Canada
If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.