Privacy Policy

Last Updated: February 13, 2026

This Privacy Policy describes the privacy practices of Brilliant Enterprise Magic, Inc. (“we”, “us”, or “our”), and how we handle personal information that we collect through our website at bem.ai and any other website or service that we own or control and that links to this Privacy Policy (collectively, the “Service” or “Services”).

This Privacy Policy does not apply to our handling of personal information that we process on behalf of our enterprise customers as a service provider or processor. This Agreement is between Brilliant Enterprise Magic Inc. and the company or person accessing or using the Product. bem operates with governing law of the State of Delaware.

Personal Information We Collect

We collect the following categories of personal information:

Information you provide to us:

  • Contact information, such as your first and last name, email and mailing addresses, phone number, company name, and professional title.
  • Account information, such as the username and password you use to access our Services.
  • Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
  • Payment information needed to complete your transactions with us, including name, payment card information, and billing information. This information is processed by our payment service provider, which may handle your payment information in accordance with its own privacy policy. We do not have access to your full payment card information.
  • Usage information, such as information about how you use the Services and interact with us, including information associated with any content you upload to the Services or otherwise submit to us, and information you provide automatically when you use any interactive features of the Services.
  • Marketing information such as your preferences for receiving our marketing communications and details about your engagement with them.
  • Other information not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic data collection.

We and our service providers may automatically log and combine information about you, your computer or mobile device, and your interactions over time with the Services, online resources, and our communications, such as:

  • Device data, including your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, and general location information such as city, state, or geographic area.
  • Online activity data, including pages, screens and/or features you viewed, accessed and/or used, how long you spent on a page, screen and/or feature, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page, screen and/or feature, access times, duration of access, and whether you have opened or otherwise engaged with our communications, such as our marketing emails, or clicked links or files within them.

We use the following tools for automatic data collection:

  • Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Information we obtain from other sources:

  • Social media. We may maintain pages on social media platforms, such as Twitter, LinkedIn, Facebook, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use, and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.
  • Third-party login information. When you link, connect, or log into the Services with a third party service (e.g. Google), you direct the service to send us information (e.g., contact information) controlled by that service or as authorized by you via your privacy settings at that service.
  • Other sources. We may obtain personal information from other third parties, such as marketing partners, publicly-available sources, and data providers.

How We Use Personal Information

We use personal information for the following purposes or as otherwise described at the time of collection. We have identified the lawful basis under Article 6 of the GDPR for each purpose below:

To operate our Services:

  • Provide, operate, maintain, secure, and improve our Services. Lawful basis: Performance of a contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)), namely our interest in maintaining, improving, and securing our Services.
  • Provide information about our Services. Lawful basis: Performance of a contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)), namely our interest in informing users about our Services and their features.
  • Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages. Lawful basis: Performance of a contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)), namely our interest in keeping you informed about service changes and ensuring the security of your account.
  • Understand your needs and interests, and personalize your experience with our Services and our communications. Lawful basis: Legitimate interests (Art. 6(1)(f)), namely our interest in improving and personalizing our Services to better serve you.
  • Respond to your requests, questions, and feedback. Lawful basis: Performance of a contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)), namely our interest in providing effective user support.

Research and development.

As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services, and promote our business.

Direct marketing.

We may send you direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the “Opt-out of marketing communications” section below.

Compliance and protection, including to:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  • Protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims).
  • Audit our internal processes for compliance with legal and contractual requirements and internal policies.
  • Enforce the terms and conditions that govern our website and Services.
  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Payments and subscriptions

  • Renewal/non-renewal notice period- at least 30 days before the end of the current Subscription Period.
  • Automatic payment: Customer authorizes provider to bill and charge Customer's payment method on file Monthly for immediate payment or deduction without further approval.
  • Certain parts of the Product have different pricing plans, which are available at Provider’s pricing page. Customer will pay Provider the applicable fees based on the Product tier and Customer’s usage. Provider may update Product pricing by giving at least 30 days notice to Customer (including by email or notification within the Product), and the change will apply in the next Subscription Period. Modifying Section 5.1, fees are inclusive of taxes.
  • Customer may only use the Cloud Service for internal business operations or in customer-facing products that do not directly or indirectly compete with bem. Use is prohibited for the purpose of developing, training, or enhancing a competing product or service. Unless otherwise agreed in writing, the Cloud Service may not be used to process more than the contracted volume of documents, users, or transformation requests. Any applicable volume caps, user limits, or geographic restrictions will be specified in the Order Form or Subscription Plan.
  • "Customer"- the company or person who accesses or uses the Product. If the person accepting this Agreement is doing so on behalf of a company, all use of the word "Customer" in the Agreement will mean that company.

Training and Optimization of AI Systems

We are committed to transparency regarding the methods and data involved in training our AI systems. This section outlines how we handle this process:

1. Methods of Training

Our AI systems are trained using data to improve their accuracy, performance, and functionality. This may involve supervised learning, unsupervised learning, reinforcement learning, or other machine learning techniques, depending on the nature of the AI system.

2. Data Collected and Processed

  • The data used to train our AI systems may include information collected directly from you, data provided by third-party sources, and publicly available datasets.
  • If personal data is used for training purposes, we ensure compliance with applicable data protection laws, including obtaining necessary consents where required.

3. Special Categories of Personal Data

  • We do not intentionally use special categories of personal data (such as data revealing religious or philosophical beliefs, political opinions, genetic information, health data, or data concerning sexual life) to train our AI systems unless:
    • Such data is explicitly provided by you with your consent for a specific purpose; or
    • It is necessary to comply with legal obligations or to exercise or defend legal claims.

4. Sources of Training Data

  • Training data may originate from various sources, including:
    • Data voluntarily and explicitly provided by users during interactions with our systems or services.
    • Datasets obtained from trusted third-party providers.
    • Publicly available information collected in accordance with applicable laws.
  • When third-party or publicly available data is used, we take reasonable steps to verify the data's reliability and ensure compliance with relevant legal and ethical standards.

5. Data Minimization and Safeguards

We apply data minimization principles, ensuring that only the necessary amount of data is processed to achieve the intended purpose. Additionally, technical and organizational measures are implemented to protect the data used for training, including encryption, access controls, and anonymization or pseudonymization where feasible.

How We Disclose Personal Information

We may share personal information with the following individuals or entities. We have identified the lawful basis under Article 6 of the GDPR for each disclosure below:

Service providers. Companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services). Lawful basis: Performance of a contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)), namely our interest in using third-party service providers to efficiently operate and deliver our Services.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us. Lawful basis: Legitimate interests (Art. 6(1)(f)), namely our interest in obtaining professional advice to effectively manage our business and legal obligations; Compliance with a legal obligation (Art. 6(1)(c)), where applicable.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above. Lawful basis: Compliance with a legal obligation (Art. 6(1)(c)); Legitimate interests (Art. 6(1)(f)), namely our interest in protecting our rights, privacy, safety, or property, and that of our users or third parties.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, our business (including, in connection with a bankruptcy or similar proceedings). Lawful basis: Legitimate interests (Art. 6(1)(f)), namely our interest in conducting or facilitating corporate transactions that are in the interest of our business and stakeholders.

Your Choices and Rights

Opt-out of marketing communications. You may opt out of marketing-related emails and other communications by following the opt-out or unsubscribe instructions in the communications you receive from us or by contacting us as provided in the “How to Contact Us” section below. You may continue to receive Services-related and other non-marketing emails.

Cookies. Most browser settings let you delete and reject cookies placed by websites. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, you may not be able to use all functionality of the Service and it may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Your Rights Under the GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and applicable local data protection laws with respect to your personal data. These include:

  • Right of access (Art. 15). You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, to request access to that personal data, including the categories of data processed, the purposes of processing, and the recipients or categories of recipients to whom the data has been or will be disclosed.
  • Right to rectification (Art. 16). You have the right to request the correction of inaccurate personal data concerning you, and to have incomplete personal data completed.
  • Right to erasure (Art. 17). You have the right to request the deletion of your personal data where, among other things, the data is no longer necessary for the purposes for which it was collected, you withdraw consent on which the processing is based, or the data has been unlawfully processed. This right is also known as the “right to be forgotten.”
  • Right to restriction of processing (Art. 18). You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data, where the processing is unlawful but you oppose erasure, or where we no longer need the data but you require it for the establishment, exercise, or defense of legal claims.
  • Right to data portability (Art. 20). You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where the processing is based on consent or a contract and is carried out by automated means.
  • Right to object (Art. 21). You have the right to object, on grounds relating to your particular situation, to the processing of your personal data that is based on our legitimate interests (Art. 6(1)(f)). We will cease processing your data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time, and we will cease processing your data for such purposes.
  • Right not to be subject to automated decision-making (Art. 22). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such decision is necessary for entering into or performing a contract, is authorized by applicable law, or is based on your explicit consent.
  • Right to withdraw consent. Where we rely on your consent as the lawful basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
  • Right to lodge a complaint. You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of your personal data violates the GDPR.
  • Right to be informed (Arts. 13–14). You have the right to receive clear and transparent information about how we collect and use your personal data, which we aim to provide through this Privacy Policy.
  • Right to notification (Art. 19). Where we have disclosed your personal data to third parties and you exercise your right to rectification, erasure, or restriction of processing, we will notify those recipients of such actions unless doing so proves impossible or involves disproportionate effort.

Exercising Your Rights

To exercise any of the rights described above, please contact us as provided in the “How to Contact Us” section below. We will respond to your request within 30 days of receipt. If your request is particularly complex or you have made multiple requests, we may extend this period by an additional two months, in which case we will inform you of the extension and the reasons for the delay within the initial 30-day period. Requests are handled free of charge. However, where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested, or we may refuse to act on the request.

We may need to verify your identity before processing your request. If we are unable to verify your identity, we may request additional information from you. If we are unable to fulfill your request, we will provide you with an explanation.

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. This Privacy Policy does not apply to such third-party sites or services.

Security

We use reasonable organizational, technical, and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration, and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.

Retention

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer.

Job Applicants

When you visit the careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resumé. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, to monitor recruitment statistics, and to respond to surveys. We may also use this information to provide improved administration of the Services and as otherwise necessary (i) to comply with relevant laws or to respond to subpoenas or warrants served on us, (ii) to protect and defend our or others’ rights or property, (iii) in connection with a legal investigation and (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy or our terms.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Where we do so, we will update the date of this Privacy Policy and post it on the website. If we make material changes to this Privacy Policy, we will let you know.

How to Contact Us

Contact us. If you have any questions or comments about this Privacy Policy, please email us at admin@bem.ai

Data Protection Officer

Our Data Protection Officer is:
Gary Forrest, Head of Platform Engineering
gary@bem.ai
Tel +1 (303) 396-2961

Our EU Representative

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.
Adam Brogden contact@gdprlocal.com
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin
K78 X5P8
Ireland

Our UK Representative

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:

GDPR Local Ltd.
Adam Brogden contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton
England

Privacy Policy | bem