Brilliant Privacy Policy

Last Updated: May 24, 2026

Introduction

This Privacy Policy describes how Connectif Artificial Intelligence S.L. ("Brilliant", "we", "us", or "our") collects, uses, and protects information about you when you use the Brilliant platform — an AI Sales Assistant for eCommerce businesses (the "Service"), available at getbrilliant.ai.

This Policy applies to: (a) merchants and businesses ("Customers") who subscribe to and use the Service; and (b) end users who interact with the Brilliant AI Sales Assistant as deployed on a Customer's online store.

If you have any questions about this Policy, please contact us at dpo@getbrilliant.ai.

1. About the Data Controller

The party responsible for data processing (hereinafter, the DATA CONTROLLER) is:

This Privacy Policy applies to all personal data collected through Brilliant, including website interactions, beta waitlist registrations, and usage of Brilliant features.

2. What kind of data we collect

Depending on your use of Brilliant, we may collect the following categories of personal data:

• Account and identification data: name, surname, email address, language, country of residence, company name, and other information provided when registering for or using the Service.
• eCommerce and store data: information about the Customer's Shopify store, including store URL, product catalogue data, order information, and customer interaction data, to the extent necessary to operate and personalise the Brilliant AI Sales Assistant.
• Chat transcript data: conversations between end users and the Brilliant AI Sales Assistant deployed on a Customer's store. This data is processed on behalf of the Customer (who acts as data controller for their end users) and is used to provide and improve the Service.
• Usage and analytics data: features accessed, session duration, interactions with AI recommendations, clicks, and engagement metrics within the Brilliant platform.
• Device and technical data: IP address, browser type, operating system, device identifiers, and approximate location (country/city level derived from IP address).
• Payment data: billing details and transaction information, processed by our payment provider. Brilliant does not store full payment card details.
• Communications data: any information you provide when contacting our support team, including the content of emails or messages.
• Other data voluntarily provided: any additional information you choose to share while using Brilliant or interacting with our team.

Certain fields are mandatory to access specific features. Failure to provide them may prevent account registration or feature usage.

3. How we use your data

3.1 Service delivery

We use your data to set up and maintain your Brilliant account, operate the AI Sales Assistant on your Shopify store, process transactions, and provide the features you have subscribed to. This processing is necessary for the performance of our contract with you.

3.2 Customer support

We use your personal data to respond to inquiries, questions, or technical issues submitted via email or other support channels. This processing is based on our legitimate interests in providing effective customer service.

3.3 Marketing communications

We may use your name and email address to send you product updates, newsletters, and promotional communications about Brilliant. The legal basis for this processing is your explicit consent, which you can withdraw at any time by clicking "unsubscribe" in our emails or contacting dpo@getbrilliant.ai.

3.4 Product improvement

We may analyse interactions and usage data to improve the performance and capabilities of the Brilliant AI Sales Assistant. Processing is based on our legitimate interests in improving the Service.

3.5 Analytics and performance monitoring

We use usage and technical data to monitor the performance and reliability of the Service, identify and fix bugs, and understand how Customers interact with our platform. Processing is based on our legitimate interests.

3.6 Fraud prevention and security

We may process technical and account data to detect and prevent fraudulent activity, abuse, or security incidents affecting the Service. This processing is based on our legitimate interests in maintaining the security and integrity of the platform.

3.7 Legal compliance

We may process and retain your data as necessary to comply with applicable laws and regulations, respond to lawful requests from authorities, and enforce our Terms of Service. This processing is based on our legal obligations.

3.8 Social media interactions

If you contact Brilliant via social media, we may process your personal data to respond. This is based on your consent.

4. Cookies and Tracking Technologies

4.1 Brilliant website (getbrilliant.ai)

Our website uses cookies and similar tracking technologies to operate, analyse, and improve your browsing experience. These include strictly necessary cookies (required for the site to function), analytics cookies (to understand how visitors use the site), functional cookies (to remember your preferences), and marketing cookies (to deliver relevant content, placed only with your consent). When you first visit our website, you will be presented with a cookie consent banner. You can update your preferences at any time via the cookie settings link in the footer, or through your browser settings.

4.2 Brilliant Application on Customer stores

The Brilliant Application installed on a Customer's Shopify store may use session and functional cookies to operate the AI Sales Assistant on that store. In this context, Brilliant acts as a data processor on behalf of the Customer. The Customer, as the store operator and data controller, is responsible for ensuring appropriate cookie consent is obtained from their end users in accordance with applicable law.

For questions about cookies, contact dpo@getbrilliant.ai.

5. Legal basis for processing

We rely on one or more of the following legal bases under GDPR:

• Consent: for marketing communications, beta communications, cookie placement, and social media interactions.
• Contractual necessity: to provide the features and services you have subscribed to.
• Legitimate interests: for usage analytics, product improvement, fraud prevention, and customer support.
• Legal obligation: to comply with applicable laws and regulatory requirements.

You can withdraw consent at any time without affecting the lawfulness of prior processing.

6. Data retention

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law:

• Account data: retained for the duration of your subscription and for up to 3 years after termination, unless a shorter period is required by law.
• Chat transcript data: retained for as long as the Customer's account is active, or as otherwise agreed in the Data Processing Agreement.
• Support inquiries: retained until resolved, plus 1 year.
• Marketing communications: retained until you unsubscribe or request deletion.
• Usage and analytics data: retained for as long as necessary to improve the Service or meet legal obligations.
• Financial and billing records: retained for a minimum of 6 years in accordance with Spanish accounting and tax obligations.

7. Third-party technology providers

To operate and deliver the Service, Brilliant uses trusted third-party technology providers who process personal data solely on our behalf and under our instruction. These providers act as subprocessors and do not use your data for their own purposes. All subprocessors are bound by data processing agreements requiring them to protect your data in accordance with applicable law.

Our current key subprocessors include:

• Microsoft Azure (Microsoft Corporation): Cloud hosting and infrastructure. Your data may be stored and processed on Azure servers, which may be located within the EEA or in third countries subject to appropriate safeguards.
• AI infrastructure providers: We use third-party AI and machine learning infrastructure to power the Brilliant AI Sales Assistant. Specific providers may vary; contact dpo@getbrilliant.ai for the current list.
• Shopify International Limited: Brilliant integrates with Shopify to connect to Customer stores and access store data necessary to operate the AI Sales Assistant. Shopify acts as a separate data controller for its own platform data.
• Google LLC: Analytics and website performance monitoring (Google Analytics). Data collected is anonymized and subject to Google's privacy terms.
• Connectif S.L.: As the parent company of Brilliant, Connectif may process certain data for internal communications, billing administration, and support purposes, under appropriate data sharing arrangements.
• Payment processors: Where applicable, payment data is handled by our payment provider. Full payment card details are never stored by Brilliant.

A full and current list of subprocessors is available upon request by contacting dpo@getbrilliant.ai. We will notify Customers of any material changes to our subprocessor list in advance, in accordance with our Data Processing Agreement.

Where personal data is processed outside the EEA, Brilliant ensures appropriate safeguards are in place in accordance with applicable data protection law. For more information, contact dpo@getbrilliant.ai.

8. Data Security

Brilliant implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• Encryption: Data is encrypted in transit (using TLS) and at rest.
• Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis, and is protected by authentication controls.
• Infrastructure security: Our cloud infrastructure (Microsoft Azure) operates under industry-standard security certifications and practices.
• Incident response: We maintain procedures to detect, report, and investigate personal data breaches, and respond in accordance with applicable law.
• Vendor security: All subprocessors are required to maintain appropriate security standards under their contractual agreements with Brilliant.

While we take data security seriously, no system is entirely immune to risk. If you become aware of any security concern related to the Service, please report it promptly to dpo@getbrilliant.ai.

9. Your rights

9.1 Rights under GDPR (EEA and UK users)

If you are located in the European Economic Area ("EEA") or the United Kingdom, you can exercise the following rights at any time by contacting our Data Protection Officer at dpo@getbrilliant.ai:

1. Access: request a copy of the personal data we hold about you.
2. Rectification: correct inaccurate or incomplete data.
3. Deletion: request removal of your personal data where it is no longer necessary for the purposes for which it was collected.
4. Restriction: request that we temporarily limit the processing of your data.
5. Data portability: receive your data in a structured, commonly used, machine-readable format.
6. Objection: oppose processing based on legitimate interests or for direct marketing purposes.
7. Withdraw consent: revoke any consent you have given at any time, without affecting the lawfulness of prior processing.

We will respond to your request within one month. You also have the right to lodge a complaint with the data protection authority in your country of residence.

9.2 Users in other jurisdictions

If you are located outside the EEA or UK, you may have additional rights regarding your personal data under your local laws. To exercise any such rights, please contact us at dpo@getbrilliant.ai and we will respond in accordance with applicable law.

10. Complaints

If you have a concern about how we handle your personal data, please contact our Data Protection Officer at dpo@getbrilliant.ai. We will acknowledge your complaint promptly and aim to resolve it within 30 days. You also have the right to lodge a complaint with the data protection authority in your country of residence.

11. Privacy Policy modifications

This Privacy Policy may be updated from time to time. Significant changes will be communicated via email or through Brilliant notifications. The date of the most recent revision will always be noted at the top of this page. Users may review and, if necessary, withdraw consent or cancel their account.