Legal

Privacy Policy

Last updated: 27 June 2026

Data Controller

Aydin Habibi Javanbakht

Operating: mCoreBrain™ — research proof-of-concept platform

Berlin, Germany

Email: info@mcorebrain.com

1. Overview

This Privacy Policy explains how mCoreBrain™ ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit mcorebrain.com (the "Platform"). This Platform is a proof-of-concept developed in the context of a Doctorate in Business Administration (DBA) research project at SSBM Geneva.

We are committed to protecting your privacy and processing personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the German Federal Data Protection Act (BDSG), and all applicable data protection legislation.

This policy applies to all visitors, registered users, survey participants, and beta testers of the Platform.

2. Data We Collect

2.1 Account & Authentication Data

When you register or sign in, we collect:

2.2 CRM Builder & Sandbox Data

When you use the Core AI builder, we store:

System configuration and metadata are generated using AI processing. Only metadata and configuration logic are processed externally — customer operational data remains in your configured environment. See Section 6 for details on third-party processors.

2.3 Research Survey Data

If you voluntarily participate in the DBA research survey:

2.4 Technical & Usage Data

We and our infrastructure providers automatically collect:

3. Legal Basis for Processing (GDPR Art. 6)

4. How We Use Your Data

We do not sell your personal data. We do not use your data for targeted advertising. We do not share your data with third parties for their independent marketing purposes.

5. Data Retention

6. Third-Party Data Processors

We use the following sub-processors. All are bound by data processing agreements and appropriate safeguards:

Supabase (Authentication & Database)

Supabase, Inc. — 970 Toa Payoh North, Singapore 318992

Processes: account credentials, session tokens, sandbox data, conversation history

Infrastructure hosted on AWS (us-east-1 / EU regions where applicable)

Privacy: supabase.com/privacy

Vercel (Hosting & CDN)

Vercel, Inc. — 340 S Lemon Ave #4133, Walnut, CA 91789, USA

Processes: web traffic, IP addresses, access logs, static assets

Data transfer to USA is covered by Standard Contractual Clauses (SCCs)

Privacy: vercel.com/legal/privacy-policy

AI Processing — Large Language Models

mCoreBrain uses Large Language Models (LLMs) to assist in generating metadata, system configuration, CRM/ERP structures, automation logic, user interface definitions, and infrastructure blueprints.

Depending on the selected configuration, the AI generation layer may involve providers such as Anthropic, OpenAI, Google Gemini, DeepSeek, Meta Llama, and Kimi.

Data isolation: Only system metadata and configuration logic are transmitted to these providers. Customer operational data, business records, CRM records, uploaded datasets, and production database content remain within your configured local, private, or dedicated server environment and are not shared with any LLM provider.

LLM providers used by mCoreBrain are contractually bound not to use transmitted data for model training, profiling, advertising, or independent processing. Data transfers to non-EEA countries are covered by Standard Contractual Clauses (SCCs) where applicable.

GitHub (Optional OAuth Provider)

GitHub, Inc. (Microsoft) — 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA

Only applies if you choose "Continue with GitHub" — we receive your public GitHub username and email

Privacy: GitHub Privacy Statement

7. Cookies & Local Storage

mCoreBrain™ does not use tracking cookies or advertising cookies.

We use browser localStorage (not cookies) to store your session token and user profile locally on your device. This is strictly necessary for the Platform to function and does not require consent under GDPR Recital 47. This data:

Vercel may set essential infrastructure cookies for load balancing and DDoS protection. These do not track individuals across websites.

8. International Data Transfers

Some of our third-party processors are based in the United States. Transfers of personal data to the USA are made under Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR, providing appropriate safeguards for your data.

You may request a copy of the applicable transfer mechanisms by contacting us at info@mcorebrain.com.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:

In the event of a personal data breach, we will notify affected users and the relevant supervisory authority (where required) within 72 hours of becoming aware, in accordance with Art. 33–34 GDPR.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights, exercisable free of charge by contacting info@mcorebrain.com:

Right of Access (Art. 15)
Obtain confirmation of whether we process your data and receive a copy
Right to Rectification (Art. 16)
Have inaccurate personal data corrected without undue delay
Right to Erasure (Art. 17)
Request deletion of your data ('right to be forgotten') where applicable
Right to Restriction (Art. 18)
Request that processing be restricted in certain circumstances
Right to Portability (Art. 20)
Receive your data in a structured, machine-readable format
Right to Object (Art. 21)
Object to processing based on legitimate interests at any time
Right to Withdraw Consent
Withdraw any consent you have given at any time without affecting prior processing
Right to Lodge a Complaint
File a complaint with the competent supervisory authority

We will respond to requests within 30 days. In complex cases, this may be extended by a further 60 days, of which you will be notified.

You may also lodge a complaint with the competent supervisory authority in Germany: Berliner Beauftragte für Datenschutz und Informationsfreiheit (datenschutz-berlin.de), or the supervisory authority in your country of residence.

11. Children's Privacy

mCoreBrain™ is not directed at or intended for use by persons under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact info@mcorebrain.com and we will promptly delete such data.

12. Academic Research Context

This Platform is developed as part of a DBA doctoral research project at SSBM Geneva, supervised in accordance with academic ethics standards. Processing of anonymised, aggregated research data is carried out in the public interest of academic knowledge (Art. 6(1)(e) GDPR and Art. 89 GDPR).

No identifiable personal data is used in any published academic output. All research data used in publications is fully anonymised and aggregated.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users by email. Continued use of the Platform after changes constitutes acceptance of the updated policy.

14. Contact

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

Email: info@mcorebrain.com

We aim to respond within 72 hours for privacy-related enquiries.

← HomeImprintinfo@mcorebrain.com