BrainyMonkey ← Home

Privacy Policy

Effective May 19, 2026

This Privacy Policy explains how BrainyMonkey ("we", "us", "our") collects, uses, and shares information about you when you use our website and services (the "Services"). We've tried to keep the language plain. If anything is unclear, email hello@brainymonkey.io.

Who we are

BrainyMonkey is operated by Liad Karadi, based in Petah Tikva, Israel. For privacy-related questions, requests, or complaints, contact hello@brainymonkey.io.

Information we collect

Information you provide

  • Account information, such as your email address, name, and password (stored hashed).
  • Channel configuration you set up, including personas, voice preferences, and posting schedules.
  • Credentials for third-party platforms you connect (TikTok, YouTube), stored as access tokens, encrypted at rest.
  • Content you create, edit, or upload through the Services.
  • Communications you send us, such as support emails.

Information we collect automatically

  • Log data, such as IP address, browser type, pages viewed, and timestamps.
  • Usage data — which features are used, error rates, performance metrics. We use aggregate, non-identifying signals to improve the product.
  • Cookies, limited to what's strictly necessary to keep you signed in and operate the site. We don't use third-party advertising or tracking cookies.

How we use information

  • Provide, operate, and improve the Services.
  • Generate the videos and related artifacts you request.
  • Publish to the platforms you've explicitly connected, on your behalf, after you approve.
  • Communicate with you about your account, features, and updates.
  • Detect, investigate, and prevent fraud, abuse, or security incidents.
  • Comply with legal obligations.

How we share information

We don't sell your personal information. We share it only with the categories of recipients below, and only as needed to provide the Services.

Sub-processors

To deliver the Services, we use the following sub-processors. Each is bound by data-protection terms appropriate to the data they handle.

  • Anthropic — large language model used for script drafting and content suggestions.
  • OpenAI — speech-to-text transcription used to generate caption timing.
  • Inworld — text-to-speech used for narration.
  • Pexels — stock video search for b-roll matching.
  • TikTok and Google (YouTube) — destination platforms you've connected, where we publish on your behalf.
  • Cloudflare, DigitalOcean, Bunny.net, deSEC — infrastructure providers for hosting, DNS, and content delivery.
  • Email forwarding providers we use for our own contact addresses.

Other recipients

  • Authorities, if required by valid legal process.
  • Parties to a corporate transaction (e.g., a merger or acquisition), with notice to you where required.

Legal bases (EU/UK users)

If GDPR or UK GDPR applies to you, our legal bases for processing are: performance of a contract (to provide the Services you've requested), our legitimate interests (to operate, secure, and improve the Services), your consent (where required), and compliance with legal obligations.

Data retention

We keep personal information only as long as we need it for the purposes described in this policy, after which we delete or anonymize it. Account data is retained for the life of your account plus a short backup-cycle window. OAuth tokens are revoked when you disconnect a platform or close your account. Server logs are typically retained for up to 30 days.

Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your information, subject to limited exceptions.
  • Receive a copy of your information in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where consent is the legal basis.
  • Lodge a complaint with your local data-protection authority.

To make a request, email hello@brainymonkey.io. We respond within 30 days.

International transfers

Some of our sub-processors are located in the United States or elsewhere outside the EU/EEA. Where applicable, we rely on Standard Contractual Clauses or equivalent safeguards to protect transferred data.

Security

We use technical and organizational measures appropriate to the sensitivity of the data we hold — encryption at rest for secrets, encryption in transit for data sent over the public internet, and access controls on the systems that store personal information. No method of transmission or storage is perfectly secure, but we work to keep our practices current.

Children

The Services are not directed to children under 18. We don't knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information, please contact us so we can remove it.

Changes to this Policy

We may update this Policy from time to time. We'll post the updated version with a new effective date. Where the changes are material, we'll notify registered users by email at least 14 days before they take effect.

Contact

Email hello@brainymonkey.io.