Last updated: 27 June 2026
Aydin Habibi Javanbakht
Operating: mCoreBrain™ — research proof-of-concept platform
Berlin, Germany
Email: info@mcorebrain.com
This Privacy Policy explains how mCoreBrain™ ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit mcorebrain.com (the "Platform"). This Platform is a proof-of-concept developed in the context of a Doctorate in Business Administration (DBA) research project at SSBM Geneva.
We are committed to protecting your privacy and processing personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the German Federal Data Protection Act (BDSG), and all applicable data protection legislation.
This policy applies to all visitors, registered users, survey participants, and beta testers of the Platform.
When you register or sign in, we collect:
When you use the Core AI builder, we store:
System configuration and metadata are generated using AI processing. Only metadata and configuration logic are processed externally — customer operational data remains in your configured environment. See Section 6 for details on third-party processors.
If you voluntarily participate in the DBA research survey:
We and our infrastructure providers automatically collect:
We do not sell your personal data. We do not use your data for targeted advertising. We do not share your data with third parties for their independent marketing purposes.
We use the following sub-processors. All are bound by data processing agreements and appropriate safeguards:
Supabase, Inc. — 970 Toa Payoh North, Singapore 318992
Processes: account credentials, session tokens, sandbox data, conversation history
Infrastructure hosted on AWS (us-east-1 / EU regions where applicable)
Privacy: supabase.com/privacy
Vercel, Inc. — 340 S Lemon Ave #4133, Walnut, CA 91789, USA
Processes: web traffic, IP addresses, access logs, static assets
Data transfer to USA is covered by Standard Contractual Clauses (SCCs)
Privacy: vercel.com/legal/privacy-policy
mCoreBrain uses Large Language Models (LLMs) to assist in generating metadata, system configuration, CRM/ERP structures, automation logic, user interface definitions, and infrastructure blueprints.
Depending on the selected configuration, the AI generation layer may involve providers such as Anthropic, OpenAI, Google Gemini, DeepSeek, Meta Llama, and Kimi.
Data isolation: Only system metadata and configuration logic are transmitted to these providers. Customer operational data, business records, CRM records, uploaded datasets, and production database content remain within your configured local, private, or dedicated server environment and are not shared with any LLM provider.
LLM providers used by mCoreBrain are contractually bound not to use transmitted data for model training, profiling, advertising, or independent processing. Data transfers to non-EEA countries are covered by Standard Contractual Clauses (SCCs) where applicable.
GitHub, Inc. (Microsoft) — 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA
Only applies if you choose "Continue with GitHub" — we receive your public GitHub username and email
Privacy: GitHub Privacy Statement
mCoreBrain™ does not use tracking cookies or advertising cookies.
We use browser localStorage (not cookies) to store your session token and user profile locally on your device. This is strictly necessary for the Platform to function and does not require consent under GDPR Recital 47. This data:
Vercel may set essential infrastructure cookies for load balancing and DDoS protection. These do not track individuals across websites.
Some of our third-party processors are based in the United States. Transfers of personal data to the USA are made under Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR, providing appropriate safeguards for your data.
You may request a copy of the applicable transfer mechanisms by contacting us at info@mcorebrain.com.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:
In the event of a personal data breach, we will notify affected users and the relevant supervisory authority (where required) within 72 hours of becoming aware, in accordance with Art. 33–34 GDPR.
As a data subject under GDPR, you have the following rights, exercisable free of charge by contacting info@mcorebrain.com:
We will respond to requests within 30 days. In complex cases, this may be extended by a further 60 days, of which you will be notified.
You may also lodge a complaint with the competent supervisory authority in Germany: Berliner Beauftragte für Datenschutz und Informationsfreiheit (datenschutz-berlin.de), or the supervisory authority in your country of residence.
mCoreBrain™ is not directed at or intended for use by persons under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact info@mcorebrain.com and we will promptly delete such data.
This Platform is developed as part of a DBA doctoral research project at SSBM Geneva, supervised in accordance with academic ethics standards. Processing of anonymised, aggregated research data is carried out in the public interest of academic knowledge (Art. 6(1)(e) GDPR and Art. 89 GDPR).
No identifiable personal data is used in any published academic output. All research data used in publications is fully anonymised and aggregated.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users by email. Continued use of the Platform after changes constitutes acceptance of the updated policy.
For any questions, requests, or concerns regarding this Privacy Policy or your personal data:
Email: info@mcorebrain.com
We aim to respond within 72 hours for privacy-related enquiries.