Brussle

Privacy Policy

Effective Date: February 7, 2026

Contents

  1. Introduction
  2. What This Privacy Policy Covers
  3. Personal Data We Collect
  4. How We Use Your Personal Data
  5. How We Disclose Your Personal Data
  6. AI Clone Interactions and Memory
  7. Voice and Audio Data
  8. Vector Embeddings and AI Processing
  9. Cookies and Tracking Technologies
  10. Data Security
  11. Data Retention
  12. Personal Data of Children
  13. U.S. State Privacy Rights
  14. Exercising Your Rights
  15. Washington Consumer Health Data
  16. EU and UK Data Subject Rights
  17. Contact Information

1. Introduction

At AltQuid, Inc. ("AltQuid," "we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use Brussle, accessible at brussle.com (the "Platform"), and all related websites, applications, features, tools, and services (collectively, the "Services").

Your use of the Services is subject to our Terms of Service and, if you are a Creator, our Creator Terms of Service. Capitalized terms used but not defined in this Privacy Policy have the meanings given to them in the Terms of Service or Creator Terms of Service.

As we work to improve our Services, we may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform, sending you an email, or by other reasonable means. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

For questions about this Privacy Policy, contact us at: support@brussle.com

2. What This Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. "Personal Data" means any information that identifies or relates to a particular individual and includes information referred to as "personally identifiable information," "personal information," or "sensitive personal information" under applicable data privacy laws, rules, or regulations, including the California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020 ("CCPA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), the Montana Consumer Data Privacy Act ("MCDPA"), the Oregon Consumer Privacy Act ("OCPA"), the Texas Data Privacy and Security Act ("TDPSA"), the Utah Consumer Privacy Act ("UCPA"), and the Virginia Consumer Data Protection Act ("VCDPA") (collectively, the "State Privacy Laws").

This Privacy Policy does not cover the practices of companies we do not own or control, or people we do not manage.

3. Personal Data We Collect

The following sections describe the categories of Personal Data we collect, the purposes for which we collect it, and the categories of third parties to whom we may disclose it.

3.1 Profile and Contact Data

What we collect: Full name, email address, username, bio, profile image, header image, and profile visibility preferences.

Purpose: Providing, customizing, and improving the Services; creating and managing your account; corresponding with you.

Disclosed to: Service Providers (Clerk for authentication, Vercel for hosting).

3.2 Payment Data

What we collect: Payment card type and last four digits (via Stripe); for Creators: Stripe Connect account identifiers, payout amounts, destination bank last four digits, bank name, platform fees, Stripe fees, and net amounts.

Purpose: Processing payments, managing subscriptions, facilitating Creator payouts.

Disclosed to: Service Providers (Stripe, Inc. for payment processing). We do not store full credit card numbers; this data is held by Stripe.

3.3 Device and Technical Data

What we collect: IP address, device type, operating system, browser type, and domain server.

Purpose: Providing, customizing, and improving the Services; security and fraud prevention.

Disclosed to: Service Providers (Vercel for hosting, Clerk for authentication).

3.4 Usage and Analytics Data

What we collect: Page interactions, feature usage, and referring webpage or source through which you accessed the Services.

Purpose: Providing, customizing, and improving the Services; understanding how users interact with the Platform.

Disclosed to: Service Providers (Vercel for analytics).

3.5 Chat and Interaction Data

What we collect: Messages sent to and received from AI Clones, file attachments, message votes (upvotes and downvotes), chat visibility settings (public or private), and crisis detection flags (whether a crisis was detected in a session and the count of flagged messages).

Purpose: Providing and operating the AI Clone chat experience; content moderation and safety; improving the Services.

Disclosed to: AI model providers (Google, Anthropic) for generating AI Clone responses.

3.6 AI Clone Configuration (Creators Only)

What we collect: Personality and behavior settings, conversation preferences, knowledge base content, safety configuration, suggested questions, voice training examples (Q&A pairs), FAQ triggers, conversation goals, and custom system prompts provided by the Creator.

Purpose: Creating, configuring, and operating the Creator's AI Clone.

Disclosed to: AI model providers as part of AI Clone system prompts used to generate responses.

3.7 Creator Knowledge Base

What we collect: Resources uploaded by Creators (text, links), original and processed content, source URLs, and vector embeddings (mathematical representations used for content retrieval).

Purpose: Enabling AI Clones to draw on Creator-provided knowledge when responding to users; improving response relevance and accuracy.

Disclosed to: Embedding providers (Voyage AI, OpenAI) for generating vector representations. AI model providers receive retrieved content snippets during conversations.

3.8 User Memory and Relationship Data

What we collect: User interaction profiles, conversation history and summaries, personalization data derived from your interactions (such as preferences, interests, and communication style), and contextual information used to improve conversation quality over time.

Purpose: Enabling AI Clones to provide personalized, contextually aware interactions; improving conversation quality over time.

Disclosed to: AI model providers receive memory context during conversations to personalize responses. Creators may receive aggregated interaction analytics and conversation summaries through their Creator Dashboard.

3.9 Public Chat Sessions

What we collect: When visitors interact with an AI Clone on a Creator's public page (/[username]), we collect a visitor identifier, session data, and messages exchanged during the session.

Purpose: Providing the public AI Clone chat experience.

Disclosed to: AI model providers (Google, Anthropic) for generating AI Clone responses.

3.10 Moderation Data

What we collect: Content hashes (not the raw content itself), sanitized content previews (with personally identifiable information automatically removed), content moderation decisions, safety flags, crisis detection results, and processing metadata.

Purpose: Content moderation, safety enforcement, crisis detection, preventing misuse of the Services.

Disclosed to: Moderation service providers for content classification.

3.11 Creator Analytics and Insights

What we collect: AI-generated insights about clone performance, including knowledge gaps, quality issues, engagement opportunities, and highlights, with supporting evidence such as sample questions, metrics, and vote data. We also track Creator actions taken in response to insights and their outcomes.

Purpose: Providing Creators with actionable intelligence to improve their AI Clones.

Disclosed to: The relevant Creator (this is their operational data).

3.12 Voluntarily Provided Information

What we collect: Any information you choose to share in conversations with AI Clones, which may include health data (such as medical conditions or mental health information), personal circumstances, or other details about yourself.

Purpose: Providing, customizing, and improving the Services; corresponding with you.

Disclosed to: AI model providers (for generating responses); Creators (via conversation summaries and aggregated analytics).

Categories of Sources

We collect Personal Data from the following sources:

  • You: When you create an account, use the Services, interact with AI Clones, provide content, or contact us.
  • Clerk: When you authenticate using a third-party provider (such as Google) through Clerk, we receive information made available through that provider, subject to your privacy settings with that provider.
  • Automated Collection: Device, technical, and usage data collected automatically when you use the Services.
  • Creators: When a Creator refers you to the Services, we may receive your email address.
  • AI-Derived Data: Information generated by AI systems based on your interactions, including personalization data, conversation summaries, and content moderation decisions.

4. How We Use Your Personal Data

4.1 Providing, Customizing, and Improving the Services

  • Creating and managing your account
  • Processing payments and managing subscriptions
  • Facilitating Creator payouts through Stripe Connect
  • Operating AI Clone conversations, including retrieving relevant knowledge and memory context
  • Building and maintaining user-specific memory for personalized interactions
  • Generating conversation summaries and extracting memory facts
  • Providing Creators with dashboard insights and analytics
  • Improving the Services through research, internal analytics, and product development
  • Personalizing the Services and communications based on your preferences

4.2 Safety and Content Moderation

  • Detecting and responding to crisis situations (potential self-harm or harm to others)
  • Content moderation to enforce our Terms of Service and Acceptable Use Policy
  • Detecting jailbreak attempts and prompt injection attacks
  • Security, fraud prevention, and debugging

4.3 Corresponding with You

  • Responding to your inquiries and support requests
  • Sending transactional emails and service updates
  • Sending promotional communications (from which you may opt out at any time)

4.4 Legal Compliance

  • Fulfilling our legal obligations under applicable law, regulation, court order, or other legal process
  • Protecting the rights, property, or safety of you, AltQuid, or others
  • Enforcing our Terms of Service and other agreements
  • Responding to claims that content violates third-party rights
  • Resolving disputes

We do not use your Personal Data for interest-based advertising, targeted advertising, or for sale to third parties.

5. How We Disclose Your Personal Data

Service Providers

These parties help us provide the Services or perform business functions on our behalf:

  • Clerk — Authentication and identity management
  • Stripe, Inc. — Payment processing, subscription management, and Creator payouts. Please see Stripe's Terms of Service and Privacy Policy for information on its use and storage of your Personal Data.
  • Vercel — Hosting, content delivery, blob storage, and analytics
  • Voyage AI — Vector embedding generation
  • OpenAI — Content moderation and vector embeddings
  • Google — AI services
  • Anthropic — AI services

Creators

When you interact with a Creator's AI Clone, the Creator may receive:

  • Your profile data visible on public pages (name, username, profile image)
  • Aggregated interaction analytics
  • Conversation summaries (key points, emotional context)
  • Creator Dashboard insights derived from interactions with their AI Clone

Parties You Authorize

  • Third parties with whom you choose to share conversations (for example, sharing a public chat link)

Legal Obligations

We may disclose Personal Data to government entities, including law enforcement, when required to: fulfill legal obligations; comply with court orders, subpoenas, or other legal process; prevent, detect, or investigate security incidents or potentially illegal activity; or protect the rights, property, or safety of you, AltQuid, or others.

Business Transfers

Your Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). We will notify you of any such transfer that materially changes the processing of your Personal Data.

Aggregated and De-Identified Data

We may create aggregated, de-identified, or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable. We may use and disclose such data for our lawful business purposes, including to analyze, build, and improve the Services, provided that we will not disclose such data in a manner that could identify you.

What We Do Not Do

  • We do not sell your Personal Data. We do not sell Personal Data to any third party, whether for monetary or other valuable consideration.
  • We do not share your Personal Data with advertising networks, ad partners, or marketing providers.
  • We do not use retargeting or interest-based advertising cookies.

6. AI Clone Interactions and Memory

Because Brussle is an AI Clone platform, your interactions involve unique data processing that we want to explain clearly.

How Conversations Work

When you send a message to an AI Clone, your message is processed by an AI model provider (currently Google or Anthropic) along with relevant context, including the Clone's personality configuration, retrieved knowledge base content, and your conversation history. The AI provider generates a response, which is then delivered to you. Messages are stored in our database to maintain conversation continuity.

Memory and Personalization

AI Clones build a relationship profile over time to provide more personalized interactions. This includes a synthesis of what the Clone has learned about you — such as your interests, communication style, and preferences — as well as a general measure of how well the Clone knows you based on your interaction history.

Memory Scoping

Memory is scoped to each Clone-user pair. This means that information you share with one Creator's AI Clone is not shared with or accessible to any other Creator's AI Clone. Each relationship is independent.

Conversation Summaries

After conversations, the system may generate summaries that capture key points, notable exchanges, and emotional context. These summaries allow the AI Clone to reference prior conversations without retaining every message verbatim.

Contextual Understanding

Over time, AI Clones may develop contextual understanding of your preferences, interests, and communication style to provide more relevant responses. This may include recognizing topics you return to frequently and adapting tone to suit the conversation.

These insights are used solely to improve the quality and relevance of AI Clone responses. They are not used for marketing, advertising, or profiling for commercial purposes unrelated to the Services.

Managing Memory Data

You can manage your memory data through your account settings. You may also request deletion of memory data associated with your account by contacting us at support@brussle.com. See Section 14 for more information about exercising your data rights.

7. Voice and Audio Data

Certain features of the Services, including voice interactions with AI Clones, may involve the collection of audio recordings of your voice for the purpose of speech-to-text recognition and transcription.

We want to be clear about what we do and do not do with your voice data:

  • We do not create voiceprints or any biometric identifiers from your voice.
  • We do not use facial recognition, facial geometry scanning, or any form of biometric identification or analysis.
  • We use your voice data solely to provide and improve the Services, specifically for speech-to-text transcription.
  • We protect voice data using appropriate technical and organizational safeguards in compliance with applicable law.
  • We retain voice recordings only for as long as necessary to provide the Services, or for up to 3 years from your last interaction, whichever is shorter, unless a longer retention period is required by law.
  • We disclose voice data to third parties only when required by law (for example, in response to a valid subpoena or court order).

8. Vector Embeddings and AI Processing

What Are Vector Embeddings

To power AI Clone knowledge retrieval, we convert Creator-provided content into vector embeddings — mathematical representations of text in high-dimensional space. These are arrays of numbers that capture semantic meaning. Embeddings are not human-readable and cannot be directly converted back into the original text.

Embedding Providers

We use third-party embedding providers (Voyage AI, OpenAI) to generate vector representations. When content is sent to these providers for embedding generation, it is processed in transit and is not stored by the providers beyond what is necessary to complete the processing request, subject to the providers' respective privacy policies.

User Memory Embeddings

Information extracted from your conversations may also be converted into vector embeddings. These embeddings enable the AI Clone to recall relevant context during conversations. Memory embeddings are scoped to the specific Clone-user relationship and are not shared across Clones.

9. Cookies and Tracking Technologies

The Services use cookies and similar technologies to enable our servers to recognize your web browser, help you log in, and analyze how you use the Services.

Types of Cookies We Use

  • Essential Cookies: Required for core functionality, including authentication through Clerk. Disabling these cookies may make certain features and services unavailable.

  • Functional Cookies: Used to record your choices and settings, maintain your preferences, and recognize you when you return to the Services.

  • Performance and Analytical Cookies: Allow us to understand how visitors use the Services by collecting information about page views, session duration, and navigation patterns. We may use Vercel Analytics or similar services for this purpose.

Cookies We Do Not Use

  • We do not use retargeting or advertising cookies.
  • We do not use interest-based advertising cookies.
  • We do not allow third-party ad networks to place cookies on our Services.

Do Not Track

Our Services do not currently respond to "Do Not Track" signals sent from web browsers. You can learn more about Do Not Track at allaboutdnt.com.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and decide on acceptance of each cookie individually. If you disable cookies, some features of the Services may not function properly.

For more information about cookies, visit allaboutcookies.org.

10. Data Security

We implement physical, technical, organizational, and administrative security measures designed to protect your Personal Data from unauthorized access, use, disclosure, alteration, and destruction.

Privacy-Respecting Moderation

Our content moderation system is designed with privacy in mind:

  • Content Hashing: We store cryptographic hashes of moderated content rather than the raw content itself, allowing us to audit moderation decisions without retaining the full text of every message.
  • PII Scrubbing: Any content previews stored for moderation auditing are automatically scrubbed of personally identifiable information before storage.
  • Minimal Logging: We log moderation decisions selectively, prioritizing safety-relevant events while minimizing retention of routine interactions.

Your Responsibilities

You are responsible for maintaining the confidentiality of your account credentials, limiting access to your devices, and signing out after using the Services. Please be aware that no method of transmitting data over the internet or storing data is completely secure. While we strive to protect your Personal Data, we cannot guarantee its absolute security.

11. Data Retention

We retain Personal Data for as long as necessary to provide you with our Services or to fulfill our business or legal purposes. Specific retention periods include:

Data CategoryRetention Period
Profile and credentialsDuration of your account
Payment dataAs long as needed for processing and legal compliance
Chat messages and conversationsDuration of your account, or until you delete them
Memory data (user profile, memories, summaries)While the Clone-user relationship is active
Creator Content (knowledge base, resources)6 months after Creator account termination
Voice recordingsUp to 3 years from your last interaction
Moderation logsRetained for safety auditing purposes
Device and technical dataAs long as needed for security and system integrity
Aggregated or de-identified dataMay be retained indefinitely

When establishing retention periods, we consider the nature and sensitivity of the data, the purposes for which it was collected, and our legal obligations. After the applicable retention period, Personal Data is permanently deleted or anonymized.

12. Personal Data of Children

In accordance with the Children's Online Privacy Protection Act ("COPPA"), we do not knowingly collect or solicit Personal Data from children under the age of 13. If you are under 13, please do not attempt to register for or use the Services or send us any Personal Data.

If you are in the European Union or United Kingdom, this age restriction is 16 years of age.

Users between 13 and 18 years of age must have the consent and supervision of a parent or legal guardian, who agrees to be bound by our Terms of Service on the minor's behalf.

If we learn that we have collected Personal Data from a child under the applicable age, we will delete that information as quickly as possible. If you believe that a child under 13 (or 16 in the EU/UK) may have provided Personal Data to us, please contact us at support@brussle.com.

13. U.S. State Privacy Rights

Depending on your state of residence, you may have certain rights under applicable State Privacy Laws. These rights may include:

  • Access: You may have the right to request confirmation of whether we process your Personal Data and to access a copy of that data. If you are an Oregon resident, you also have the right to request a list of specific third parties (other than natural persons) to which we have disclosed your Personal Data.
  • Deletion: You may have the right to request that we delete the Personal Data we have collected about you.
  • Correction: You may have the right to request that we correct inaccurate Personal Data we have collected about you.
  • Portability: You may have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible.

We Do Not Sell Your Personal Data

We do not sell your Personal Data. We do not sell Personal Data to any third party, whether for monetary or other valuable consideration. Because we do not sell your data, there is no need for a "Do Not Sell" opt-out.

We do not share your Personal Data with advertising networks or marketing partners. We do not use advertising cookies or engage in interest-based advertising.

Nevada Residents

We do not sell your Personal Data as "sale" is defined under Nevada Revised Statutes Chapter 603A.

Anti-Discrimination

We will not discriminate against you for exercising your rights under applicable privacy laws. We will not deny you our Services, charge you different prices, or provide you a lower quality of service because you exercise your privacy rights.

Authorized Agents

Depending on your state of residence, you may designate an authorized agent to exercise your rights on your behalf. Your authorized agent must provide written permission from you, and we may request verification of this authorization.

14. Exercising Your Rights

To exercise the rights described in this Privacy Policy, you or your authorized agent must send us a request (a "Valid Request") that:

  1. Provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (such as your name and email address associated with your account); and
  2. Describes your request in sufficient detail to allow us to understand, evaluate, and respond to it.

How to Submit a Request

Email us at: support@brussle.com

Response Timeline

We will respond to your Valid Request within the time period required by applicable privacy laws. We will not charge a fee for making a Valid Request unless your request is excessive, repetitive, or manifestly unfounded. If we determine that a fee is warranted, we will notify you and explain that decision before completing your request.

Appealing a Denial

If we refuse to take action on your request, you may appeal our decision. Your appeal must: (1) provide sufficient information for us to verify your identity and identify the original request, and (2) describe the basis of your appeal. We will respond to your appeal within the time period required under applicable law.

Depending on your state of residence, if your appeal is denied, you may have the right to contact your state's Attorney General.

15. Washington Consumer Health Data

What Consumer Health Data We May Have

If you choose to share health-related information in conversations with AI Clones (such as medical conditions, mental health information, or wellness goals), that information may constitute "Consumer Health Data" under the Washington My Health My Data Act. We do not actively seek or require health information from you.

We do not collect biometric information (faceprints, voiceprints, or scans of facial or hand geometry) from any user.

How We Use Consumer Health Data

We process Consumer Health Data that you voluntarily share solely to provide the AI Clone conversation experience and to maintain Memory for personalized interactions.

How We Disclose Consumer Health Data

Consumer Health Data shared in conversations may be disclosed to AI model providers (Google, Anthropic) for generating responses. If you share health information with a Creator's AI Clone, the Creator may receive aggregated summaries or analytics that include references to this information.

Washington Consumer Health Data Rights

If you are a Washington resident or we have collected your Consumer Health Data in Washington, you have the following rights:

  • Access: Request confirmation of or access to the Consumer Health Data we process about you, including a list of third parties to whom we have disclosed it.
  • Deletion: Request that we delete your Consumer Health Data.
  • Withdraw Consent: Withdraw your consent for us to collect and disclose your Consumer Health Data.
  • Appeal: If we refuse to take action on your request, you may appeal our decision. If we deny your appeal, you have the right to contact the Washington Attorney General at atg.wa.gov/file-complaint.

To exercise these rights, email us at: support@brussle.com

We will not discriminate against you for exercising your rights under applicable law.

16. EU and UK Data Subject Rights

EU and UK Residents

If you are a resident of the European Union ("EU"), United Kingdom ("UK"), Liechtenstein, Norway, or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation ("GDPR") with respect to your Personal Data.

AltQuid, Inc. is the controller of your Personal Data processed in connection with the Services.

Lawful Bases for Processing

We process your Personal Data only where we have a lawful basis to do so:

  • Contractual Necessity: We process Personal Data as necessary to perform under our Terms of Service, which enables us to provide you with the Services. This includes Profile and Contact Data, Payment Data, Chat and Interaction Data, and Memory Data. Failure to provide such data will result in your inability to use some or all of the Services.

  • Legitimate Interest: We process certain Personal Data when we believe it furthers our or a third party's legitimate interests, including Device and Technical Data, Usage and Analytics Data, and Moderation Data. Our legitimate interests include providing and improving the Services, ensuring safety and security, and corresponding with you.

  • Consent: In some cases, we process Personal Data based on your express consent at the time of collection. When we process Personal Data based on your consent, you have the right to withdraw your consent at any time.

Your Rights

You have the following rights with respect to your Personal Data:

  • Access: Request information about and a copy of the Personal Data we hold about you.
  • Rectification: Request that we correct any inaccurate or incomplete Personal Data.
  • Erasure: Request that we erase some or all of your Personal Data from our systems.
  • Withdrawal of Consent: If processing is based on consent, withdraw your consent at any time.
  • Portability: Request a copy of your Personal Data in a machine-readable format, or request that we transmit it to another controller where technically feasible.
  • Objection: Object to the processing of your Personal Data for certain purposes, such as direct marketing.
  • Restriction of Processing: Request that we restrict further processing of your Personal Data.
  • Right to Lodge a Complaint: You have the right to lodge a complaint about our practices with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available at edpb.europa.eu/about-edpb/board/members_en.

To exercise any of these rights, please email us at: support@brussle.com

Transfers of Personal Data

The Services are hosted and operated in the United States through AltQuid and its service providers. If you do not reside in the United States, laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that your Personal Data will be transferred to and processed in the United States. In some circumstances, your Personal Data may be transferred pursuant to a data processing agreement incorporating standard contractual clauses.

Data Protection Representatives

AltQuid does not currently maintain Article 27 GDPR representatives in the EU or UK. If this changes, we will update this Privacy Policy accordingly. In the meantime, you may direct all inquiries to support@brussle.com.

17. Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, or your choices and rights regarding such collection and use, please contact us at:

Copyright 2026 AltQuid, Inc. All rights reserved.