Skip to main content
AI Autopilot delivered +6% throughput and $781K annual profit gain in a 25-day controlled pilot.See Pilot Results
BRAINIALL
  • Products
  • Sectors
  • Pilot Results
  • Why Us
Sign InGet Started
BRAINIALL
  • X
  • Li
  • GH
AI that runs the real economy. Mining. Industrial. Voice. Bootstrapped since 2019.
Products
  • AI Autopilot
  • Specialist AIs
Sectors
  • Industrial
  • Mining
  • Energy
  • Technology
Company
  • About
  • Why Choose Us
  • Pilot Results
  • Articles
  • Changelog
  • Contact Us
Resources
  • Pricing
  • Developer APIs
  • Docs
  • Integrations
  • Compare
  • Trust Center
  • DPA
  • MSA
  • Status

Stay updated

Specialist AI insights, delivered weekly.

© 2026 BrainiAll, Inc. All rights reserved.
Privacy PolicyTerms of Use
Trust Center

Security, Compliance & Transparency

How we protect customer data, which frameworks we align with, and where our certifications stand. Artifacts available under NDA for enterprise customers.

1. Security Posture

Data in transit is protected with TLS 1.3. Data at rest is encrypted with AES-256. All access to customer data is logged, scoped to least-privilege roles, and reviewed on a rolling basis.

Production systems require multi-factor authentication. Administrative access is gated by hardware security keys. Engineering access to production data is time-bound and audited.

Customer data used in JurAI Pro, Speech AI, and NLP endpoints is not used to train Brainiall models or any third-party models. Enterprise contracts include an explicit no-training clause.

2. Compliance & Certifications

Brainiall platforms are designed to comply with LGPD (Lei Geral de Proteção de Dados, Brazil), GDPR (EU), and CCPA (California) where applicable to the customer relationship.

SOC 2 Type II audit: in progress. Target report availability: Q4 2026. Observation period began Q2 2026. Letters of pre-audit engagement available under NDA.

ISO 27001 certification: roadmap target Q2 2027.

IEC 62443 (OT security) evaluation: in progress for AI Autopilot. IEC 61508 functional safety: Autopilot operates as advisory layer — does not replace certified safety instrumented systems (SIS).

A current-state compliance deck and a security whitepaper are available under NDA. Request via security@brainiall.com.

3. Data Residency

JurAI Pro: data indexing and inference run on servers located in Brazil (AWS São Paulo region). No customer-submitted prompts or cases leave Brazilian territory in the default deployment.

Speech AI and NLP endpoints: US and EU regions available. Customers may request region-pinning at contract time.

AI Autopilot: deployment options include customer cloud (any region), on-premise edge appliances, and air-gapped installations. No plant telemetry leaves the customer network without explicit configuration.

4. Sub-Processors

The following sub-processors support Brainiall operations as of the date of this page. A 30-day notice of new sub-processors is provided to enterprise customers under DPA.

Amazon Web Services (AWS) — compute, storage, managed database. Regions: São Paulo (sa-east-1), Virginia (us-east-1), Ireland (eu-west-1).

Vercel — static asset delivery for marketing pages (no customer PII).

Microsoft Azure — redundancy and selected inference workloads.

Latitude — AI gateway and observability layer (app.brainiall.com backend).

A current sub-processors list is available under NDA.

5. Responsible Disclosure

We welcome responsible security research. Report vulnerabilities to security@brainiall.com with reproduction steps and impact assessment.

Machine-readable security contact published at /.well-known/security.txt (RFC 9116). Current PGP key fingerprint available on request to security@brainiall.com — public key server publication targeted for Q3 2026.

Target triage time: 2 business days. Target remediation for critical issues: 30 days. A public bug bounty program is on the roadmap for 2026.

Please do not perform destructive testing, social engineering of Brainiall staff, or testing against production customer data. Testing against public demo environments and documented API surfaces is acceptable.

6. Access Controls & Customer Governance

Enterprise tenants support SSO via SAML 2.0 and SCIM provisioning. API keys are scoped to a project and can be rotated or revoked from the customer dashboard.

Role-based access control (RBAC) is available with granular permissions for admin, developer, and viewer roles. Customer-facing audit logs are exportable in JSON and CSV.

7. Business Continuity & Incident Response

Production services target 99.9% uptime (JurAI Pro, Speech AI, NLP). AI Autopilot targets 99.95% availability for advisory output; customer control systems remain the authoritative fallback.

Incident response is 24/7 on-call. Customers on enterprise plans are notified within 2 hours of confirmed incidents affecting their data or availability. Current status: see /status.

Backups: JurAI Pro corpus indexes are rebuilt daily from DataJud CNJ. Customer configurations and generated artifacts are backed up hourly with cross-region replication.

8. Contact

Security & trust: security@brainiall.com

Privacy & data protection (DPO / Encarregado): privacy@brainiall.com

Enterprise legal & contracts: legal@brainiall.com