BrateAI

Privacy Policy

Last updated: June 15, 2026

1. Introduction

BrateAI (“we,” “us,” or “our”) is operated by Bahi Hiba Limited, registered in Abuja, Nigeria (the “Company”). This Privacy Policy explains how we collect, use, share, and protect your personal information when you access or use brateai.com and any related services (collectively, the “Service”).

This policy applies to all users of the Service worldwide. By using BrateAI, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

Account information

When you create an account, we collect your email address and, optionally, your name. If you sign in through Google, we receive your name, email address, and profile picture from Google. We do not store your Google password.

Authentication credentials

If you set a password, we store only a one-way cryptographic hash (using industry-standard bcrypt). Your plain-text password is never stored or accessible to us.

Content you provide

Conversations, prompts, image generation requests, voice generation requests, compatibility check inputs, and any other content you submit to the Service. This content is transmitted to our AI providers (see Section 4) to generate the responses you request.

Payment information

When you subscribe to a paid plan or purchase credits, payment details are processed directly by Stripe, our payment processor. We receive limited information from Stripe, such as the last four digits of your card, your card brand, and your billing region. We do not store full card numbers or security codes on our systems.

Subscription and credit history

We retain records of your subscription tier, credit balance, credit transactions, and billing events for accounting, audit, and customer support purposes.

Usage and device data

When you use the Service, we automatically collect information about your interactions, including the features you use, timestamps, IP address, browser type, device identifiers, operating system, and pages visited. This helps us operate, secure, and improve the Service.

Cookies and similar technologies

We use cookies for authentication, session management, and (where enabled) analytics. See Section 10 for details.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and operate the Service
  • Process payments and manage your subscription
  • Authenticate you and protect your account from unauthorized access
  • Respond to your support requests and communications
  • Send service-related emails (account verification, password resets, billing notifications, and important Service updates)
  • Improve and personalize the Service
  • Detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms of Service
  • Comply with legal obligations applicable to us

Where required by applicable law, we process your data on the following legal bases: performance of our contract with you, our legitimate interests in operating and improving the Service, your consent (where applicable), and compliance with legal obligations.

4. How We Share Your Information

We share your information with the following categories of service providers, each under contractual obligations to handle your data appropriately:

AI processing

We use OpenAI to process your conversations, image generation requests, voice generation requests, and other AI-powered features. Content you submit is transmitted to OpenAI to generate responses. OpenAI’s use of API content is governed by their API Data Usage Policies, which by default prohibit using API content to train OpenAI’s models.

Payment processing

We use Stripe, Inc. to process all payments, manage subscriptions, and handle billing. Stripe’s privacy practices are governed by their own Privacy Policy.

Email delivery

We use Resend to deliver transactional emails such as account verification, password resets, and billing notifications. Resend processes your email address solely to deliver these messages.

Hosting and data storage

Our application runs on virtual private server infrastructure. Our primary database is operated by Neon, a managed PostgreSQL provider. Where enabled, generated images may be stored on Cloudflare R2 object storage.

Analytics and advertising

Where legally permitted and (where required) with your consent, we may use Google Analytics and Google Ads to measure Service usage and advertising performance. These services may set cookies and collect device identifiers. See Section 10 for cookie controls.

Legal requirements

We may disclose your information if required by law, court order, or governmental authority, or to enforce our Terms of Service, protect our rights or property, or protect the safety of users or the public.

Business transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any change in ownership or control of your personal information.

We do not sell your personal information to third parties.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete your personal data within 30 days, except where retention is required for:

  • Tax, accounting, and audit obligations, for the periods required by applicable law
  • Legal compliance, dispute resolution, or fraud prevention
  • Backup systems, until the relevant data is rotated out of our backup retention windows

Stripe retains payment records independently for its own legal compliance, regardless of your account status with us.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — request that we correct inaccurate or incomplete information
  • Deletion — request that we delete your account and associated personal information
  • Portability — request a machine-readable copy of your data
  • Objection and restriction — object to or restrict certain processing
  • Withdrawal of consent — where we process data based on consent, withdraw that consent at any time
  • Complaint — lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at the email in Section 12. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

If you are in the European Economic Area, the United Kingdom, or California, additional rights may apply under GDPR, UK GDPR, or CCPA respectively. Contact us for jurisdiction-specific information.

7. Children's Privacy

BrateAI is intended for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. The Service is not designed for, and we do not solicit information from, minors.

If you believe a minor has provided us with personal information, please contact us at support@brateai.com and we will delete it promptly.

8. International Transfers

BrateAI operates globally, and your information may be transferred to and processed in countries other than your country of residence, including Nigeria (where we are based) and the United States (where many of our service providers operate). These countries may have different data protection laws than your country.

Where required by applicable law, we put appropriate safeguards in place for these transfers, including standard contractual clauses or equivalent mechanisms.

9. Security

We implement reasonable technical and organizational security measures to protect your information, including:

  • Encrypted transmission (HTTPS / TLS) for all data in transit
  • Password hashing using bcrypt
  • Access controls limiting who within our organization can access user data
  • Regular reviews of our infrastructure and dependencies
  • Industry-standard authentication mechanisms

No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal information, we will notify you in accordance with applicable law.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Strictly necessary cookies — session and authentication cookies that keep you signed in. These cannot be disabled because the Service requires them to function.
  • Functional cookies — cookies that remember your preferences and improve your experience.
  • Analytics cookies — if enabled, cookies that help us understand how the Service is used (Google Analytics).
  • Advertising cookies — if enabled, cookies set by Google Ads to measure ad performance.

You can control cookies through your browser settings. Disabling strictly necessary cookies will affect Service functionality. We will seek your consent where required by applicable law before activating analytics or advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects when this policy was last revised.

Material changes will be communicated to you via email or a notice within the Service before the changes take effect. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

Bahi Hiba Limited

Abuja, Nigeria

Email: support@brateai.com

See also our Terms of Service.