Brainsharing.blog – Privacy Policy

Last Updated: January 14, 2026

1. Introduction

Welcome to brainsharing.blog (the “Website”). This Privacy Policy explains how Ependiytis OU (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you visit or interact with our Website.

Controller Information:

Company Name: Ependiytis OU
Website: brainsharing.blog
Contact Email: web@ependiytis.international
Contact Address: EPENDIYTIS OÜ , Harju maakond, Kesklinna linnaosa, Veskiposti tn 2 -1002, Tallinn, 10138 , Estonia.

We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the European Union General Data Protection Regulation (GDPR), the ePrivacy Directive, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other relevant US state privacy laws.

This Privacy Policy applies to all users of our Website, regardless of location. If you are located in the European Union/European Economic Area, United Kingdom, California, or other jurisdictions with specific privacy laws, additional rights and protections may apply to you as detailed in the relevant sections below.

2. Information We Collect

We collect different types of information to provide and improve our services:

2.1 Personal Information You Provide Directly

When you interact with our Website, you may voluntarily provide us with personal information, including:

Contact Information: Name, email address, phone number
Account Information: Username, password, profile information
Communication Data: Information contained in messages you send us through contact forms, email, or chat functions
Newsletter Subscriptions: Email address and communication preferences
Payment Information: Billing address, payment card details (processed by third-party payment processors)
User-Generated Content: Comments, blog posts, forum contributions, or other content you submit

2.2 Information We Collect Automatically

When you visit our Website, we automatically collect certain technical and usage information:

Device Information: IP address, browser type and version, operating system, device identifiers
Usage Data: Pages visited, time spent on pages, click-through rates, referring/exit pages, date and time of access
Location Data: General geographic location based on IP address
Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies (see Section 4 for details)

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

Social Media Platforms: If you connect your social media account to our Website
Analytics Providers: Aggregated demographic and interest data
Advertising Partners: Information about your interactions with advertisements
Business Partners: Information from joint marketing initiatives or co-branded services

2.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, genetic data, or information about sexual orientation, except where explicitly required for service delivery and with your explicit consent or as permitted by law.

3. How We Use Your Information

We process your personal information for the following purposes, based on the legal grounds specified:

3.1 To Provide and Maintain Our Services

Legal Basis (GDPR): Performance of contract, legitimate interest
Purpose:

Deliver requested content and services
Create and manage user accounts
Process transactions and send transaction-related communications
Provide customer support and respond to inquiries
Authenticate users and prevent fraud

3.2 To Improve and Personalize User Experience

Legal Basis (GDPR): Legitimate interest, consent
Purpose:

Analyze usage patterns and trends to improve Website functionality
Personalize content and recommendations based on your preferences
Conduct research and development for new features
Perform A/B testing and user experience optimization

3.3 To Communicate With You

Legal Basis (GDPR): Consent, legitimate interest, performance of contract
Purpose:

Send administrative communications (account updates, security alerts, policy changes)
Send marketing communications and newsletters (with your consent)
Respond to your questions and requests
Conduct surveys and gather feedback

3.4 For Marketing and Advertising

Legal Basis (GDPR): Consent, legitimate interest
Purpose:

Display relevant advertisements on our Website and third-party platforms
Measure advertising effectiveness and campaign performance
Create audience segments for targeted marketing
Conduct email marketing campaigns (with your consent)

Note for California Users: We may “sell” or “share” your personal information for targeted advertising purposes as defined under California law. You have the right to opt out (see Section 10).

3.5 For Legal and Security Purposes

Legal Basis (GDPR): Legal obligation, legitimate interest
Purpose:

Comply with legal obligations and respond to legal requests
Protect against fraud, abuse, and security threats
Enforce our Terms of Service and other agreements
Investigate and prevent prohibited or illegal activities
Protect the rights, property, and safety of Ependiytis OU, our users, and the public

3.6 Automated Decision-Making and Profiling

We may use automated processing, including profiling, for the following purposes:

Content Recommendations: Automated systems analyze your browsing behavior to suggest relevant articles and resources
Fraud Detection: Automated systems assess risk factors to prevent fraudulent activities
Marketing Personalization: Automated profiling creates audience segments for targeted communications

Your Rights: Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. You may request human intervention, express your point of view, and contest automated decisions. To exercise this right, contact us using the information in Section 13.

4. Cookies and Tracking Technologies

4.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They enable websites to remember your preferences, analyze usage patterns, and deliver personalized experiences.

4.2 Types of Cookies We Use

We use the following categories of cookies:

These cookies are essential for the Website to function properly and cannot be disabled in our systems.

Session management and authentication
Security features and fraud prevention
Load balancing and performance optimization
Basic functionality (language preferences, accessibility features)

Examples: Session identifiers, security tokens, load balancer cookies
Duration: Session or up to 1 year

These cookies enable enhanced functionality and personalization.

Remember your preferences and settings
Remember information you’ve entered in forms
Enable interactive features like chat functions
Store your login information for convenience

Examples: User preference cookies, language selection cookies
Duration: Up to 2 years

These cookies help us understand how visitors interact with our Website.

Providers: Google Analytics, [INSERT OTHER ANALYTICS PROVIDERS]
Track page views, session duration, and bounce rates
Identify technical issues and improve performance
Generate statistical reports on Website usage

Examples: Google Analytics cookies (_ga, _gid, _gat)
Duration: Up to 2 years

These cookies are used to deliver relevant advertisements and measure campaign effectiveness.

Providers: Google Ads, Facebook Pixel, [INSERT OTHER AD NETWORKS]
Track conversions and measure ad performance
Build audience profiles for targeted advertising
Deliver personalized advertisements based on your interests
Limit the number of times you see the same advertisement

Examples: Google Ads cookies, Facebook Pixel, retargeting cookies
Duration: Up to 2 years

4.3 Third-Party Cookies

Our Website may contain cookies from third-party service providers, including:

Social Media Plugins: Facebook, Twitter, LinkedIn, Instagram
Embedded Content: YouTube videos, embedded tweets, external widgets
Advertising Networks: Google DoubleClick, other ad exchanges
Analytics Providers: Google Analytics, Hotjar, [INSERT OTHERS]

These third parties may collect information about your online activities over time and across different websites. Please review their privacy policies for information about their data practices.

4.4 Other Tracking Technologies

In addition to cookies, we may use:

Web Beacons (Pixels): Small graphic images that track page views and email opens
Local Storage: HTML5 local storage and IndexedDB for storing data locally on your device
JavaScript Tags: Code snippets that collect usage information and enable features
Fingerprinting Techniques: Collection of device characteristics for fraud prevention

Cookie Consent Banner: When you first visit our Website, you will see a cookie consent banner allowing you to accept or reject non-essential cookies. You can customize your preferences by category.

Browser Settings: You can configure your browser to refuse all cookies or to indicate when a cookie is being set. However, some features of our Website may not function properly without cookies.

Opt-Out Tools:

Google Analytics Opt-Out: Google Analytics Opt-out Browser Add-on
Network Advertising Initiative: NAI Opt-Out
Digital Advertising Alliance: DAA Opt-Out
European Interactive Digital Advertising Alliance: EDAA Opt-Out

Do Not Track Signals: Some browsers offer a “Do Not Track” (DNT) signal. We currently do not respond to DNT signals, but we honor Global Privacy Control (GPC) signals for users in jurisdictions where required.

Global Privacy Control (GPC): We recognize and honor Global Privacy Control signals as a valid opt-out of the sale/sharing of personal information for targeted advertising for users in California and other applicable jurisdictions.

We do not sell your personal information to third parties for monetary compensation. However, we may disclose your information in the following circumstances:

5.1 Service Providers and Business Partners

We share information with third-party vendors who perform services on our behalf:

Hosting Providers: Website hosting and infrastructure services
Payment Processors: Stripe, PayPal, [INSERT OTHERS] for processing payments
Email Service Providers: [INSERT EMAIL PROVIDER] for sending communications
Analytics Providers: Google Analytics, [INSERT OTHERS] for usage analysis
Customer Support Tools: [INSERT TOOLS] for providing support services
Marketing Platforms: [INSERT PLATFORMS] for managing marketing campaigns
Content Delivery Networks (CDNs): For delivering Website content efficiently

These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

5.2 Advertising and Marketing Partners

With your consent or as permitted by law, we may share information with advertising partners to deliver targeted advertisements:

Ad Networks: Google Ads, Facebook Ads, [INSERT OTHER AD NETWORKS]
Social Media Platforms: For creating custom audiences and measuring ad effectiveness
Marketing Analytics Providers: For attribution and campaign analysis

California Users: This sharing may constitute a “sale” or “sharing” under California law. You have the right to opt out (see Section 10).

5.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Website before your information is transferred and becomes subject to a different privacy policy.

5.4 Legal Requirements and Protection of Rights

We may disclose your information when required by law or when we believe disclosure is necessary to:

Comply with legal obligations, court orders, subpoenas, or regulatory requirements
Enforce our Terms of Service, policies, or other agreements
Protect the rights, property, or safety of Ependiytis OU, our users, or others
Investigate and prevent fraud, security incidents, or illegal activities
Respond to government or law enforcement requests

We may share your information with third parties when you have provided explicit consent for specific purposes not covered in this Privacy Policy.

5.6 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes. Such information is not considered personal information under applicable privacy laws.

6. International Data Transfers

Ependiytis OU is based in [INSERT COUNTRY]. If you are accessing our Website from outside this jurisdiction, please be aware that your information may be transferred to, stored, and processed in countries where our servers are located and where our service providers operate.

6.1 Transfers from the EU/EEA

If you are located in the European Union or European Economic Area, we ensure that transfers of your personal information to countries outside the EU/EEA are subject to appropriate safeguards:

Standard Contractual Clauses (SCCs): We use the European Commission’s Standard Contractual Clauses (2021 version) when transferring personal data to third countries that do not have an adequacy decision.

Adequacy Decisions: We may transfer data to countries that the European Commission has determined provide an adequate level of data protection (e.g., UK, Switzerland, countries covered by EU adequacy decisions).

Additional Safeguards: In accordance with GDPR Article 46 and the Schrems II decision, we conduct Transfer Impact Assessments to evaluate the laws and practices of destination countries and implement additional technical and organizational measures where necessary, including:

Data encryption in transit and at rest
Data minimization and pseudonymization
Access controls and audit mechanisms
Contractual provisions prohibiting unlawful government access

Your Rights: You have the right to obtain information about the safeguards we have implemented for international transfers and to request a copy of relevant documentation (subject to confidentiality obligations). Contact us using the information in Section 13.

6.2 Transfers from the UK

For transfers from the United Kingdom, we comply with UK GDPR requirements and use UK-approved Standard Contractual Clauses or rely on UK adequacy regulations.

6.3 Privacy Shield (No Longer Valid)

Please note that the EU-U.S. and Swiss-U.S. Privacy Shield frameworks have been invalidated. We do not rely on these frameworks for data transfers.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

7.1 Retention Criteria

Our retention periods are determined based on:

The nature and sensitivity of the information
The purposes for which we process the information
Legal, regulatory, tax, and accounting requirements
The potential risk of harm from unauthorized use or disclosure
Whether we can achieve the purposes through other means

7.2 Specific Retention Periods

Category	Retention Period	Legal Basis
Account Information	Duration of account + 6 months after deletion	Contractual necessity, fraud prevention
Transaction Records	7-10 years after transaction	Tax and accounting obligations (varies by jurisdiction)
Marketing Communications	Until consent is withdrawn + 3 years	Consent, legitimate interest in record-keeping
Customer Support Records	3 years after last interaction	Legitimate interest, warranty obligations
Website Usage Logs	30-90 days	Security, legitimate interest
Cookies	See Section 4.2 for specific cookie durations	Varies by cookie type
Newsletter Subscriptions	Until unsubscribe + proof of consent	Consent, accountability requirement
Legal Claims Data	Duration of potential claims period (typically 6-10 years)	Legal obligation, legitimate interest

7.3 Deletion and Anonymization

When personal information is no longer needed, we will:

Delete: Permanently and securely erase the information from our active systems
Anonymize: Transform the information so it can no longer identify you
Archive: Move the information to secure, restricted-access storage where legally required

Deletion includes removal from backups, which may take up to [INSERT TIMEFRAME] due to our backup retention cycles.

7.4 Legal Holds

In some cases, we may be required to retain information beyond the standard retention period due to legal holds, litigation, regulatory investigations, or other legal requirements.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

8.1 Security Measures

Our security measures include:

Technical Safeguards:

Encryption of data in transit using TLS/SSL protocols (HTTPS)
Encryption of sensitive data at rest using industry-standard encryption algorithms
Secure authentication mechanisms and password hashing
Regular security testing, including vulnerability assessments and penetration testing
Intrusion detection and prevention systems
Automated monitoring and logging of security events
Secure software development practices

Organizational Safeguards:

Access controls based on the principle of least privilege
Role-based access restrictions to personal information
Confidentiality agreements for employees and contractors
Regular security awareness training for staff
Incident response and data breach procedures
Background checks for personnel with access to sensitive data
Secure disposal procedures for hardware and media

Vendor Management:

Due diligence assessments of third-party service providers
Contractual data protection obligations for processors
Regular audits and compliance reviews
Data processing agreements compliant with GDPR Article 28 and other applicable laws

8.2 Your Responsibility

While we implement strong security measures, the security of your information also depends on you:

Use strong, unique passwords and do not share your credentials
Enable two-factor authentication where available
Keep your devices and software up to date
Be cautious about phishing attempts and suspicious communications
Log out of your account when using shared or public devices
Promptly report any suspected unauthorized access to your account

8.3 Data Breach Notification

Despite our efforts, no security system is impenetrable. In the event of a data breach that is likely to result in a risk to your rights and freedoms:

Notification to Authorities: We will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and other applicable laws.

Notification to You: If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, providing:

A description of the nature of the breach
The categories and approximate number of individuals and records affected
The likely consequences of the breach
Measures we have taken or propose to take to address the breach
Contact information for further inquiries

Exceptions: We are not required to notify you if:

We have implemented appropriate technical and organizational protection measures (e.g., encryption) that render the data unintelligible to unauthorized persons
We have taken subsequent measures ensuring the high risk to your rights and freedoms is no longer likely to materialize
Notification would involve disproportionate effort (in which case we will make a public communication instead)

If you are located in the European Union or European Economic Area, you have the following rights regarding your personal information under the GDPR:

9.1 Right to Be Informed (Articles 13-14)

You have the right to receive clear, transparent, and understandable information about how we collect, use, and share your personal information. This Privacy Policy serves to fulfill this right.

9.2 Right of Access (Article 15)

You have the right to request:

Confirmation of whether we process your personal information
Access to your personal information
Information about the processing, including purposes, categories of data, recipients, retention periods, and your rights

We will provide one copy of your information free of charge. Additional copies may incur a reasonable administrative fee.

9.3 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal information. We will respond to your request without undue delay and notify any third parties to whom we have disclosed the information.

9.4 Right to Erasure (“Right to Be Forgotten”) (Article 17)

You have the right to request deletion of your personal information when:

The information is no longer necessary for the purposes for which it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The information has been unlawfully processed
Deletion is required to comply with a legal obligation
The information was collected in relation to the offer of information society services to a child

Exceptions: We may refuse deletion if processing is necessary for:

Exercising the right of freedom of expression and information
Compliance with a legal obligation
Establishment, exercise, or defense of legal claims
Archiving purposes in the public interest, scientific or historical research, or statistical purposes

9.5 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal information when:

You contest the accuracy of the information (during verification)
The processing is unlawful and you oppose deletion but request restriction instead
We no longer need the information, but you need it for legal claims
You have objected to processing (pending verification of our legitimate grounds)

9.6 Right to Data Portability (Article 20)

You have the right to receive your personal information in a structured, commonly used, and machine-readable format (e.g., CSV, JSON) and to transmit it to another controller when:

Processing is based on consent or performance of a contract
Processing is carried out by automated means

Where technically feasible, you may request that we transmit your information directly to another controller.

Scope: This right applies only to information you have provided to us and does not apply to information derived or inferred from your activities.

9.7 Right to Object (Article 21)

General Right to Object: You have the right to object to processing based on legitimate interests or for the performance of a task in the public interest. We must cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.

Direct Marketing: You have an absolute right to object to processing for direct marketing purposes, including profiling related to direct marketing. We will cease processing immediately upon receiving your objection.

Automated Decision-Making: You have the right to object to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects (see Section 3.6).

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal. You can withdraw consent as easily as you provided it.

9.9 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe our processing of your personal information violates the GDPR.

Relevant Supervisory Authorities:

Estonian Data Protection Inspectorate: https://www.aki.ee/en
List of EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en

9.10 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 13. We will:

Respond to your request without undue delay and within one month of receipt
Extend the response period by two additional months if necessary, informing you of the extension and reasons
Verify your identity before processing your request to protect your information
Provide the information free of charge, unless the request is manifestly unfounded or excessive

10. Your Rights Under CCPA/CPRA (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

10.1 Categories of Personal Information Collected

We collect the following categories of personal information as defined by California law:

Identifiers: Name, email address, IP address, device identifiers, online identifiers
Commercial Information: Purchase history, transaction details, payment information
Internet/Network Activity: Browsing history, search history, interactions with our Website
Geolocation Data: General location based on IP address
Inferences: Profiles reflecting preferences, behavior, and interests
Sensitive Personal Information: Account login credentials (username and password)

10.2 Business and Commercial Purposes for Collection

We use personal information for the business and commercial purposes described in Section 3, including:

Providing and improving services
Personalizing user experience
Marketing and advertising
Security and fraud prevention
Legal compliance

10.3 Categories of Third Parties

We disclose personal information to the following categories of third parties:

Service providers and processors
Advertising networks and marketing partners
Analytics providers
Social media platforms
Payment processors
Legal and professional advisors
Government authorities and law enforcement (when required)

Sale: We do not sell personal information for monetary compensation.

Sharing for Cross-Context Behavioral Advertising: We may share personal information with advertising partners for targeted advertising purposes, which may constitute “sharing” under California law. Specifically, we share:

Identifiers (IP address, device identifiers, online identifiers)
Internet/Network Activity (browsing behavior, interactions)
Inferences (preferences, interests)

Third Parties to Whom We Share Information:

Google Ads, Facebook Ads, [INSERT OTHER AD NETWORKS]

10.5 Your California Privacy Rights

Right to Know (CCPA § 1798.100)

You have the right to request:

Categories of personal information we have collected about you
Categories of sources from which information was collected
Business or commercial purposes for collection
Categories of third parties with whom we share information
Specific pieces of personal information we have collected about you

Historical Data: You may request personal information we have collected about you dating back to January 1, 2022, or earlier if maintained.

Right to Delete (CCPA § 1798.105)

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., completing transactions, detecting security incidents, complying with legal obligations).

Right to Correct (CCPA § 1798.106)

You have the right to request correction of inaccurate personal information we maintain about you.

You have the right to opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising.

How to Opt-Out:

[INSERT “Do Not Sell or Share My Personal Information” LINK]
Global Privacy Control (GPC): We honor GPC signals as a valid opt-out request
Cookie Preferences: Adjust your cookie settings to reject advertising cookies

Opt-Out Confirmation: We will display a visible confirmation that your opt-out request has been processed.

Right to Limit Use of Sensitive Personal Information (CCPA § 1798.121)

You have the right to limit our use of sensitive personal information to purposes necessary to perform services or provide goods reasonably expected by an average consumer.

Sensitive Personal Information We Collect: Account login credentials (username and password)

How to Limit Use: Contact us using the information in Section 13.

Right to Non-Discrimination (CCPA § 1798.125)

We will not discriminate against you for exercising your CCPA rights by:

Denying goods or services
Charging different prices or rates
Providing a different level or quality of goods or services
Suggesting you will receive a different price or level of quality

Permissible Differences: We may offer financial incentives (discounts, loyalty programs) for the collection, sale, or retention of personal information, provided the incentive is reasonably related to the value of the information.

10.6 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We require:

Written authorization signed by you authorizing the agent to act on your behalf
Verification of your identity directly with us
Proof of the agent’s authority to act on your behalf

10.7 How to Exercise Your California Rights

Submission Methods:

Email: [INSERT EMAIL]
Online Form: [INSERT LINK TO REQUEST FORM]
Phone: [INSERT PHONE NUMBER] (toll-free)
Mail: [INSERT MAILING ADDRESS]

Response Timeline: We will acknowledge receipt of your request within 10 days and respond substantively within 45 days. If additional time is needed, we will notify you and may extend the deadline by an additional 45 days.

Verification: We will verify your identity by [INSERT VERIFICATION METHOD, e.g., matching information you provide with information in our records, email verification, multi-factor authentication]. We cannot respond to your request if we cannot verify your identity.

No Fee: We will process your first two requests within a 12-month period free of charge. We may charge a reasonable fee for additional requests if they are manifestly unfounded, excessive, or repetitive.

10.8 California “Shine the Light” Law

Under California Civil Code § 1798.83, California residents may request information about personal information disclosed to third parties for their direct marketing purposes during the preceding calendar year. We do not share personal information with third parties for their direct marketing purposes without your consent.

10.9 California Minors

If you are a California resident under 18 years of age and have registered for an account, you may request removal of content or information you have publicly posted. Contact us using the information in Section 13. Please note that removal does not ensure complete or comprehensive removal from all systems, as content may have been shared or reposted by others.

11. Children’s Privacy

Our Website is not directed to children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children under these ages without verifiable parental consent.

11.1 Age Verification

We do not intentionally collect personal information from users we know are children. If age information is collected through registration or other means, we will prevent children from providing personal information without parental consent.

11.2 Parental Rights (COPPA Compliance for US Users)

If you are a parent or guardian and believe we have collected personal information from your child without your consent, please contact us immediately at [INSERT EMAIL]. We will:

Verify your identity as the parent or guardian
Provide you with access to the information collected
Allow you to request deletion of the information
Allow you to refuse further collection or use of the information

For users in the European Union, where we offer information society services directly to children, we will obtain parental consent for children under age 16 (or the lower age set by Member States, which may be as low as 13) before processing their personal information.

11.4 Discovery of Children’s Information

If we discover that we have inadvertently collected personal information from a child without appropriate consent:

We will delete the information as soon as possible
We will not use the information for any purpose
We will not disclose the information to third parties

Parents who wish to review, modify, or delete their child’s personal information may contact us using the information in Section 13.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.

Notification of Changes: We will notify you of material changes by:

Posting the updated Privacy Policy on our Website with a new “Last Updated” date
Sending an email notification to the address associated with your account (for registered users)
Displaying a prominent notice on our Website for a reasonable period

Your Continued Use: Your continued use of the Website after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you should discontinue use of the Website and contact us to delete your account and information.

Material Changes Requiring Consent: If changes materially affect how we process your personal information in ways not originally consented to, we will obtain your explicit consent before applying the changes to your information.

Version History: Previous versions of this Privacy Policy are available upon request by contacting us using the information in Section 13.

13. Additional Jurisdiction-Specific Information

13.1 UK Users

For users in the United Kingdom, this Privacy Policy complies with the UK GDPR and the Data Protection Act 2018. You have the same rights as EU users described in Section 9. The supervisory authority is the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk
Phone: 0303 123 1113

13.2 Other US State Privacy Laws

If you are a resident of other US states with comprehensive privacy laws (Colorado, Connecticut, Virginia, Utah, Montana, Oregon, Texas, Delaware, Iowa, Indiana, Tennessee, Kentucky, Rhode Island, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey), you may have rights similar to those described in Section 10, including rights to access, delete, correct, and opt out of targeted advertising and the sale of personal information. Contact us using the information in Section 13 to exercise these rights.

13.3 International Users

If you are accessing our Website from outside the EU/EEA, UK, or United States, your information will be transferred to and processed in jurisdictions where our servers and service providers are located. By using our Website, you consent to such transfers and processing. We will take appropriate measures to protect your information in accordance with this Privacy Policy and applicable law.

14. Specific Disclosures and Additional Information

14.1 Third-Party Websites and Links

Our Website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to such third-party sites. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

Our Website may include social media features and widgets (e.g., Facebook “Like” button, Twitter “Share” button, LinkedIn “Share” button). These features may collect your IP address, the page you are visiting, and may set cookies to enable functionality. Social media features are hosted by third parties, and your interactions with them are governed by the privacy policies of the companies providing them.

14.3 Public Forums and User-Generated Content

If you post content to public areas of our Website (e.g., comments, forums, reviews), your posts and any personal information you include will be publicly accessible. We are not responsible for the use of information you voluntarily disclose in public areas. Please exercise caution and do not post sensitive personal information in public forums.

14.4 Employment Applications

If you apply for employment with Ependiytis OU through our Website, we will collect and process information necessary to evaluate your application, including your resume, cover letter, contact information, employment history, references, and other information you provide. We will retain this information for the duration of the application process and may retain it for a reasonable period thereafter for compliance and recordkeeping purposes. If you are hired, this information will become part of your employee record. If you are not hired and do not wish us to retain your information for future opportunities, you may request deletion by contacting [INSERT EMAIL].

14.5 Merger, Acquisition, or Insolvency

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the successor entity or acquiring party. We will notify you via email and/or prominent notice on our Website before your information is transferred and becomes subject to a different privacy policy. You will have the opportunity to delete your information before the transfer if you do not agree to the new entity’s privacy practices.

Processing Activity	Legal Basis	GDPR Article
Account creation and management	Performance of contract	Article 6(1)(b)
Processing payments	Performance of contract	Article 6(1)(b)
Providing customer support	Performance of contract, Legitimate interest	Article 6(1)(b), 6(1)(f)
Sending service-related communications	Performance of contract, Legal obligation	Article 6(1)(b), 6(1)(c)
Sending marketing communications	Consent	Article 6(1)(a)
Analytics and Website improvement	Legitimate interest	Article 6(1)(f)
Advertising and profiling	Consent, Legitimate interest	Article 6(1)(a), 6(1)(f)
Security and fraud prevention	Legitimate interest, Legal obligation	Article 6(1)(f), 6(1)(c)
Compliance with legal obligations	Legal obligation	Article 6(1)(c)

14.7 Privacy by Design and Default

We implement privacy by design and default principles in accordance with GDPR Article 25:

We collect only the minimum personal information necessary for each purpose (data minimization)
We configure systems to use the most privacy-friendly settings by default
We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities
We implement privacy-enhancing technologies where appropriate (e.g., pseudonymization, encryption)

14.8 Data Protection Impact Assessments (DPIAs)

We conduct DPIAs for processing activities that present a high risk to individuals’ rights and freedoms, including:

Large-scale profiling and automated decision-making
Processing of sensitive personal information on a large scale
Systematic monitoring of publicly accessible areas on a large scale
Processing that may result in high risk to vulnerable individuals

14.9 Cybersecurity Audits and Risk Assessments

In compliance with California CCPA amendments effective January 1, 2026, we conduct regular cybersecurity audits and risk assessments for processing activities that present significant risk to consumers, including:

Selling or sharing personal information
Processing sensitive personal information
Using automated decision-making technology (ADMT)
Profiling activities that may have legal or similarly significant effects

15. Definitions

“Personal Information” or “Personal Data”: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

“Processing”: Any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

“Controller”: The entity that determines the purposes and means of processing personal data. Ependiytis OU is the controller for the personal data collected through brainsharing.blog.

“Processor”: An entity that processes personal data on behalf of the controller.

“Data Subject”: An identified or identifiable natural person whose personal data is processed.

“Consent”: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data.

“Sensitive Personal Information”: Personal information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification purposes, health data, data concerning sex life or sexual orientation, and (under California law) precise geolocation, account login credentials, Social Security numbers, financial account information, government-issued IDs, and certain other categories.

“Profiling”: Any form of automated processing of personal data to evaluate certain personal aspects relating to an individual, particularly to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Pseudonymization”: Processing personal data in such a manner that it can no longer be attributed to a specific data subject without the use of additional information, which is kept separately and subject to technical and organizational measures.

“Anonymization”: The process of rendering personal data permanently and irreversibly unable to identify an individual, such that it no longer constitutes personal data.

“Sale” (under CCPA/CPRA): Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information to a third party for monetary or other valuable consideration.

“Sharing” (under CCPA/CPRA): Sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

By using brainsharing.blog, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with this Privacy Policy, please discontinue use of the Website immediately.

For users in jurisdictions requiring explicit consent: By clicking “Accept” on our cookie banner, creating an account, or continuing to use the Website after being presented with this Privacy Policy, you provide your explicit consent to the processing of your personal data as described in this Privacy Policy.