Legal

Privacy Policy

Last updated: March 2026

1. Who We Are

BrainKit is operated by Johannes (sole trader). We provide a bespoke AI productivity setup service for solo consultants and freelancers.

Data controller contact: johannes@brainkit.so

This policy covers data collected via brainkit.so and in the course of delivering our service. It applies to clients in the EU, UK, and elsewhere. We comply with the GDPR and UK GDPR where applicable.

2. What Data We Collect

We collect only what is necessary to deliver the service:

  • Name and email address — provided at checkout via Stripe, used to contact you about your order and send your deliverables.
  • Intake form responses — information you voluntarily provide about your work, projects, clients, and preferences. Used solely to build your CLAUDE.md configuration.
  • Payment data — handled entirely by Stripe. We receive only a confirmation of payment; we never see or store your card details.

We do not collect any data through this website beyond what Stripe processes during checkout. There are no tracking pixels and no analytics cookies on brainkit.so.

3. How We Use Your Data

Your data is used for the following purposes:

  • Service delivery — generating your CLAUDE.md and related configuration materials based on your intake form responses.
  • Communication — sending you your deliverables, booking confirmation for your setup call, and any follow-up support.
  • Legal and compliance — retaining Stripe transaction records as required by applicable tax and accounting law.

Our legal basis for processing is contract performance (Article 6(1)(b) GDPR) — we need this data to fulfil the service you purchased. For transaction records retained for legal compliance, the basis is legal obligation (Article 6(1)(c) GDPR).

4. Data Retention

Intake form responses and working notes are deleted after your deliverables have been sent. We do not maintain an ongoing database of client project information.

Your name, email address, and Stripe transaction record are retained for as long as required by applicable tax and accounting regulations (typically 5-7 years depending on jurisdiction).

5. Third-Party Processors

We use the following third-party services that may process your data:

  • Stripe — payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy .
  • Mailgun (operated by Sinch, US-based) for transactional email delivery. Data may be processed in the United States under Standard Contractual Clauses. Emails are sent from or on behalf of johannes@brainkit.so. We do not use bulk marketing platforms.

We do not sell, rent, or share your personal data with any other third party.

6. Cookies

brainkit.so does not set any first-party cookies. Stripe may set cookies when you interact with the payment flow on checkout pages hosted or powered by Stripe. These are necessary for payment processing and fraud prevention.

7. Your Rights

Under the GDPR and UK GDPR you have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your data, subject to our legal retention obligations.
  • Restriction — ask us to limit how we process your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing where our basis is legitimate interests.

To exercise any of these rights, email johannes@brainkit.so . We will respond within 30 days. If you are in the EU or UK and believe we have handled your data unlawfully, you have the right to lodge a complaint with your local data protection authority.

8. International Transfers

Your data may be processed in countries outside the EU/EEA or UK by our third-party processors (e.g. Stripe, Mailgun/Sinch). Where this occurs, we rely on those processors' own adequacy mechanisms (such as Standard Contractual Clauses) to ensure your data is protected to GDPR standards. Stripe and Mailgun/Sinch both operate under Standard Contractual Clauses for transfers from the EU/EEA and UK to the United States.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will always be available at brainkit.so/legal/privacy. For material changes we will notify active clients by email.

10. Contact

Privacy questions or data subject requests: johannes@brainkit.so

← Back to BrainKit