Privacy Policy
Last updated: March 29, 2026
1. Who we are
Cerebro (“we,” “us,” “our”) is a news analysis and narrative intelligence platform. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services at cerebro.dev.
2. Information we collect
Account information
When you create an account, we collect your email address and, if you sign in with Google or GitHub, your name and profile picture as provided by those services. We do not collect or store passwords — authentication uses magic links (email) or OAuth tokens from third-party providers.
Device identifiers
We set a first-party cookie (cerebro_device_id) containing a random identifier to track anonymous usage limits. This cookie is httpOnly, cannot be read by JavaScript, and persists for one year. If you create an account, this identifier is linked to your profile.
Usage data
We collect aggregated data about how you use Cerebro, including pages viewed, AI chat interactions (turn counts, not message content), and feature engagement. We do not log or store the content of your AI chat messages.
Technical data
Standard web server logs may include your IP address, browser type, operating system, and referring URL. These are used for security monitoring and are automatically purged after 30 days.
3. How we use your information
- To provide and maintain the Cerebro platform
- To authenticate your identity and manage your account
- To enforce usage limits on the free tier
- To improve the quality and relevance of our news analysis
- To send transactional emails (sign-in links, account notifications)
- To detect and prevent abuse, fraud, and security incidents
We do not sell your personal information. We do not use your data for advertising. We do not share your data with third parties except as described in this policy.
4. Third-party services
We use the following third-party services:
- Google Cloud Platform — hosting and infrastructure
- Resend — transactional email delivery for magic link sign-in
- Google OAuth / GitHub OAuth — optional third-party authentication. Subject to Google’s Privacy Policy and GitHub’s Privacy Statement
5. Cookies
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| cerebro_device_id | Anonymous usage tracking | 1 year |
| authjs.session-token | Authentication session | 30 days |
| authjs.csrf-token | CSRF protection | Session |
We do not use advertising cookies or third-party tracking pixels.
6. Data storage and security
Your data is stored on Google Cloud Platform servers in the United States. We use encryption in transit (TLS) and at rest. Database access is restricted to authorized services only. We do not store passwords — authentication is handled through magic links and OAuth providers.
7. Data retention
Account data is retained for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days. Aggregated, anonymized usage data may be retained indefinitely for platform improvement.
8. Your rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Request deletion of your account and associated data
- Export your data in a portable format
- Withdraw consent for optional data processing
To exercise these rights, contact us at privacy@cerebro.dev.
9. Children
Cerebro is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of Cerebro after changes constitutes acceptance of the updated policy.
11. Contact
For questions about this Privacy Policy, contact us at privacy@cerebro.dev.