Skip links

Give us a sign.

We’re here to answer any question you may have.

Want to hear more from us? Leave your contact details below!

    Linkedin
    Login

    Last updated: 17/06/2025

    Privacy Policy

    We are BRAIWAVES S.R.L. (Tax & Company No. RO38252838), trading as HyperBlocks AI.
    Registered address: Str. George Bacovia 10A, Galați, Romania.

    For any privacy‑related questions or to exercise your rights, please write to privacy@brain‑waves.ai (we are not currently required to appoint a Data Protection Officer under Art 37 GDPR).

    Privacy Policy

    ● Transitory workflow processing – workflow content lives only in memory and is never stored by us.
    ● Bring‑your‑own storage – connect your own cloud bucket and retain exclusive control.
    ● No AI model training – we never use your data to train or fine‑tune models.
    ● EU‑based processing – all primary compute and storage remain inside the European Union.

    Introduction

    HyperBlocks AI is a workflow‑automation and document‑generation platform for public procurement tenders and other business processes. This notice explains how we collect, use, share, and protect personal data when you use our platform or visit our website.

    Data Collection, Use & Legal Bases

    We purposefully collect only the data strictly necessary to run the service:

    PurposeCategories of personal dataLawful basis (Art 6 GDPR)
    Create and manage your accountName, business e‑mail, organisation, roleContract – Art 6 (1)(b)
    Provide the SaaS service, incl. supportAuth tokens, workflow logs, and usage metricsContract – Art 6 (1)(b) & Legitimate interests – Art 6 (1)(f) (service maintenance & security)
    Product & security notificationsName, e‑mailLegitimate interests – Art 6 (1)(f)
    Marketing e‑mails (opt‑in)Name, e‑mailConsent – Art 6 (1)(a)

    Retention
    ●Workflow logs – 30 days (minimum period required for security forensics and service troubleshooting).
    ● Account profile & billing data – kept until you delete the account, after which it is erased or anonymised within 30 days unless a longer period is required by tax or accounting law (max 5 years).
    ● All other content can be deleted at any time by the user via in‑product controls or API.

    Website & Cookies

    We use only essential cookies required to keep you logged in and to enable third‑party OAuth connections (e.g., Google Workspace nodes). No analytics or advertising cookies are set. You may block cookies in your browser, but doing so may prevent you from signing in.

    Data Storage & Security

    All processing takes place on EU‑based cloud servers that are certified to ISO 27001 (or equivalent) security standards. Details available upon request. Key measures include:
    ● Encryption in transit (TLS 1.2+) and at rest (AES‑256)
    ● Daily encrypted database backups with 30‑day retention; restore procedures tested internally
    ● Azure role‑based access control with MFA enforced for administrative and developer accounts
    ● Regular internal vulnerability scanning; our first external penetration test is scheduled for 2026
    ● Incident‑response plan currently in draft; if a personal‑data breach occurs, we will notify the supervisory authority within 72 hours and affected users without undue delay

    Change Notifications

    We will email account owners 1–3 days before material changes take effect and will circulate release notes after each deployment. (We do not currently provide in‑app banner notifications.)

    Automated Decision‑Making

    HyperBlocks AI does not perform automated decision‑making within the meaning of Art 22 GDPR. All bidding decisions and document submissions remain fully under your control.

    Sub‑processors & International Transfers

    We use a small number of specialised providers (e.g., cloud infrastructure, error‑logging, AI model APIs). A current register is available under NDA as part of our Data Processing Agreement.
    Where a sub‑processor is located outside the EEA, we rely on the European Commission’s Standard Contractual Clauses together with technical and organisational measures to ensure essentially equivalent protection.

    Your Rights

    You may access, rectify, erase, restrict, or object to the processing of your personal data and obtain a copy of it (data portability). Contact privacy@brain‑waves.ai to exercise any right; we will respond within one month.

    Supervisory Authority

    You have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal – ANSPDCP) or with your local EU authority.

    Children

    Our services are not directed to children under 16. If we discover that we have unintentionally collected such data, we will delete it without undue delay.

    Effective date: 17.06.2025

    Explore
    Drag