Your data — bRRAIn Docs
What bRRAIn stores about you and your organization, where it lives, who can see it, how to export it, and how to delete it.
Your data
You own your data on bRRAIn. This page is a plain-English account of what we store, where we store it, who can read it, how you can get it back, and how you can delete it.
What we store
Data on bRRAIn falls into three buckets: account data, organization data, and operational telemetry.
Account data (yours, personally)
- Your sign-in identity: email, hashed password, MFA enrollment state, recovery codes (one-way hashed).
- Your profile: display name, optional avatar, optional bio for your bRRAInUserID profile.
- Your account settings: notification preferences, theme preference, time zone.
- Your organization memberships and the role(s) you hold in each.
- Your billing identity if you carry a personal subscription (separate from organization billing).
Account data follows you when you switch organizations.
Organization data (the team's)
- The Vault: every memory record, file, and decision your team writes through any client.
- The graph: typed relationships connecting people, places, organizations, events, decisions, and learnings.
- Settings, integrations, marketplace extensions, members, billing, roles, and audit log.
- Operational outputs of installed marketplace extensions (orchestration runs, document portal uploads, etc.).
Organization data is owned by the organization, not by individual members. When a member leaves, the records they authored stay with the organization.
Operational telemetry (ours, briefly)
- HTTP access logs for security monitoring (90-day retention by default; longer on Enterprise).
- Failed sign-in attempts (used to detect brute-force attacks).
- Aggregated usage metrics (how many records were created, not what's in them).
We never log the content of your records, files, or queries.
Where data lives
You choose your data residency region at organization creation. Your Vault, your graph, your files, your audit log — all your organization data — stays in that region. We do not silently replicate to other regions.
Available regions today include US-East, US-West, EU-Frankfurt, EU-Ireland, Singapore, and Tokyo. Sovereign-cloud customers can pin to a specific country or even a specific data center. See Data residency for the current list.
Encryption
Every record is encrypted at rest using envelope encryption: a per-organization data encryption key (DEK) wrapped by a key encryption key (KEK) derived from your organization's authentication chain. Files are encrypted with their own per-file DEK; the bytes on disk are unintelligible without the DEK chain. See Data encryption for cryptographic detail.
Connections to bRRAIn are encrypted with TLS 1.3 across every surface. Internal traffic between bRRAIn services is mutually-authenticated TLS.
Who can see your data
The short answer: only people you've invited, in the roles you've given them, scoped to the zones you've allowed.
The long answer:
- Members of your organization see records according to their role (see Roles & permissions).
- bRRAIn engineers do not have routine access to your Vault. Production access is gated behind a break-glass workflow that requires written customer approval, two-person operator authorization, and is logged in your organization's audit trail.
- Marketplace extension operators see only the data the extension is configured to read. Each extension declares its required scopes at install time; you approve them explicitly.
- Subprocessors — we use a small number of subprocessors (object storage, payment processing, email delivery, GPU compute on supported tiers). The current list is at brrain.io/subprocessors.
Exporting your data
You can export every byte of your account or organization data at any time, in machine-readable form.
Personal account export
Account → Privacy → Export my data generates a ZIP containing your profile, memberships, MFA channel metadata, and a list of every organization you belong to. Generated within a few minutes and emailed as a download link valid for 7 days.
Organization export
A Sovereign can request a full organization export under Console → Settings → Export. The export includes:
- Every Vault record as JSON Lines, with their metadata, ontology tags, and version history.
- Every file in original form plus a manifest with checksums.
- The graph as both a typed-edge list and a Cypher dump.
- The audit log as JSON Lines.
- The members list, roles, and integration configuration (with secrets redacted).
Large exports are split into multi-part archives. We sign the manifest with a per-export key so you can verify integrity.
The export tool is also available via the API (POST /api/orgs/{id}/export) for automated archival.
Deleting data
Deleting a single record
Any member with write access to a zone can delete records they have permission to write. Deletes are soft for 30 days (recoverable from the trash) then hard-purged. Deleting through the API or SDK does the same; the audit log records who deleted what.
Deleting your account
Account → Privacy → Delete my account queues your account for deletion. You're given 30 days to cancel. After 30 days:
- Your sign-in identity is purged.
- Your name on records you authored is replaced with
[former member]. - Your bRRAInUserID, if claimed, is released and may be reissued after a 90-day cool-down.
- Organizations where you were the sole Sovereign block account deletion until you transfer ownership or delete the organization.
Deleting an organization
See Organizations → Deleting an organization for the 30-day suspension + 90-day backup retention process.
Data subject requests (GDPR, CCPA, etc.)
If you are an EU or California resident (or any other jurisdiction with similar rights), you can:
- Access your data via the export tool.
- Correct your profile from your account settings, or your record-level data through the appropriate client.
- Delete your account or specific records via the controls above.
- Object to processing or withdraw consent by emailing privacy@brrain.io.
We respond to written requests within 30 days. Verified-identity may be required for sensitive requests.
Data retention defaults
| Data class | Default retention | Configurable? | |---|---|---| | Vault records | Indefinite (until you delete) | Per-zone retention policy | | Files in Document Portal | Indefinite | Per-folder retention policy | | Audit log | 365 days | Up to 7 years on Enterprise | | Sign-in logs | 90 days | Up to 1 year on Enterprise | | Soft-deleted records | 30 days | Configurable 7–90 days | | Backup snapshots | 30 days rolling | Up to 90 days on Enterprise |
Compliance-tagged organizations (HIPAA, SOC 2, GDPR-strict) get appropriate retention forced automatically. See Compliance.
Where to next
- Data encryption — the cryptographic detail.
- Audit logging — what we record about access and changes.
- Data residency — full region list and sovereign-cloud options.
- Compliance — HIPAA, SOC 2, GDPR, and other regulatory programs.