Skip to content

Privacy Policy

As of: February 2026

1. General Information and Controller

The protection of your personal data is important to us. This privacy policy informs you about the processing of your data on our website in accordance with GDPR, the Bulgarian Personal Data Protection Act (ZZLD), and the EU AI Act.

Controller:

HyBrayn Ltd. ("ХайБрейн" ООД)

Vladislav Varnenchik Bvld. 112, 5th Floor, 9000 Varna, Bulgaria

Represented by the Managing Directors:

Alexander Vallon

Jonas Lachowitzer

Email: [email protected]

2. Hosting & CDN (Cloudflare)

Our website is delivered via Cloudflare, Inc. (USA) to ensure security, availability, and performance.

  • Purpose: DDoS protection, load balancing, and secure content delivery (CDN).
  • Data Processed: IP address, timestamp, browser configuration, pages accessed.
  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate interest in cybersecurity and site availability).
  • Data Transfer: Cloudflare is certified under the EU-US Data Privacy Framework (DPF).

3. Data Collection on this Website

3.1 Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits automatically:

  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)
  • IP address of the accessing device (anonymized)

Legal Basis: Art. 6(1)(f) GDPR (Legitimate interest in the technical provision of the website).

Retention period: Log files are automatically deleted after 14 days.

3.2 Contact (Email / Chatbot)

When you contact us via email or the AI chatbot, the data you provide (e.g., name, email address, message content) is stored for the purpose of processing your inquiry.

Legal Basis: Art. 6(1)(b) GDPR (Pre-contractual measures) or Art. 6(1)(f) GDPR (Legitimate interest in responding to inquiries).

4. Google Analytics 4

We use Google Analytics 4 (GA4) to analyze website usage. Google Analytics is only loaded in your browser after you have given explicit consent via our cookie banner.

Google Consent Mode v2: We use Google Consent Mode v2 to ensure that no analytics data is collected or cookies are set before you give consent. By default, all analytics storage is denied. Only after your explicit opt-in does GA4 begin collecting anonymized usage data.

Cookies: The service uses cookies (text files) and Client-IDs to recognize returning visitors and analyze sessions. GA4 automatically anonymizes IP addresses.

Legal Basis: Art. 6(1)(a) GDPR (Consent). Google Analytics is only activated if you have explicitly agreed via the Cookie Banner.

Data Recipient: Google Ireland Ltd. / Google LLC (USA).

Data Transfer: Google is certified under the EU-US Data Privacy Framework (DPF).

5. AI Chatbot (Google Gemini)

Our website features AI agents ("Discovery Bot", "Site Guide") powered by Google Gemini (Enterprise API).

⚖️ Transparency Notice pursuant to EU AI Act

Please be aware that you are interacting with an automated Artificial Intelligence system. Responses are machine-generated and may be inaccurate or incomplete. For binding information, please contact our team directly.

Data Usage: We have contractually ensured that your inputs (prompts) are NOT used to train Google's AI models. Your data remains confidential.

Storage: Chat logs are retained for 30 days for quality assurance and then deleted.

Legal Basis:

  • General Queries: Art. 6(1)(f) GDPR (Legitimate Interest).
  • Lead Qualification: Art. 6(1)(b) GDPR (Pre-contractual measures).

6. Appointment Scheduling (Cal.com)

We use Cal.com for scheduling discovery calls.

  • Data Collected: Name, email address, phone number, meeting details.
  • Legal Basis: Art. 6(1)(b) GDPR (Performance of steps prior to entering into a contract).

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of access to your stored data (Art. 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure of your data (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

You may withdraw your consent for Analytics at any time via the Cookie Settings on our website.

Supervisory Authority: Commission for Personal Data Protection (CPDP), Sofia, Bulgaria — www.cpdp.bg

Back to Home