Brote 1.0 — Available now · 14 days free, no card →
Brote

Last updated: May 12, 2026

Privacy Policy

At Brote we respect your privacy and your customers'. This document describes what information we collect, how we use it, how we protect it, and how you can exercise your rights. It applies to all accounts created on brote.ai and to the third-party integrations you activate.

Information we collect

We collect three categories: (1) information you provide directly when creating an account or configuring your organization (name, email, phone, company data); (2) data generated by your use of the product (messages, conversations, usage metrics, AI agent events); (3) data from third-party services you authorize via OAuth (Google Sheets / Drive, Shopify, Mercado Pago, Google Calendar, WhatsApp Business). In each case we only access data strictly necessary for the functionality the user activates.

How we use information

We use information exclusively to: (a) operate the product and deliver the functionality you or your organization activate; (b) generate AI agent responses based on your catalog and rules; (c) write leads and contact data to the destinations you configured (sheets, CRMs); (d) process payments through the integrations you authorized; (e) communicate with you about the service. We do NOT use your information to train general-purpose AI models, we do NOT sell it, we do NOT share it with third parties for advertising.

Google API Services — Limited Use

Brote's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Concretely: (1) we access your Google Sheets and Drive metadata ONLY when you authorize the Google Sheets integration inside the app and select a specific spreadsheet; (2) we use that data only so the AI agent can read your catalog or write leads to the sheet you chose; (3) we do NOT transfer that data to third parties except as necessary to provide the functionality you requested, comply with applicable laws, or as part of a merger / sale of the company with prior user notice; (4) we do NOT use the data to display advertising; (5) we do NOT use it to train AI models. You can revoke Brote's access to your Google data at any time from the product settings or at https://myaccount.google.com/permissions.

Data retention and deletion

We keep your data while your account is active. When you disconnect an integration (e.g. Google Sheets), we revoke the refresh token with the provider and delete stored tokens immediately. When you delete your account or organization, we erase your data within 30 days, except for data we must retain for legal obligations (e.g. invoices, tax records). You may request deletion of specific data before that window by writing privacy@brote.ai.

How we protect information

We apply: TLS 1.3 encryption in transit, organization isolation via Row Level Security at the database level, least-privilege access, audit logs of sensitive changes, OAuth 2.0 for all third-party integrations (we never store external service passwords), access tokens encrypted at rest, encrypted backups, and anomalous activity monitoring. Our infrastructure runs on Oracle Cloud with Supabase as a managed database.

Your rights

You have the right to: access data we hold about you, rectify it if inaccurate, request deletion, port it to another provider, object to processing, and revoke previously given consents. You can exercise these rights at any time at privacy@brote.ai. We respond within 30 days.

Sub-processors

To operate Brote we rely on sub-processors: Supabase (database and authentication), Oracle Cloud Infrastructure (hosting), OpenRouter / Anthropic / Google AI (generative AI models), Resend (transactional email), Polar (subscription processing), Mercado Pago (payment processing for your end customers), Evolution API (WhatsApp gateway), Unipile (OAuth connections to calendars and social). Each sub-processor operates under its own privacy agreements and accesses only data strictly necessary for its function.

Changes to this policy

If we change this policy we will notify you at least 15 days in advance by email or via a visible notice in the product before changes take effect.

Contact

For any privacy inquiry, rights exercise or incident reporting write us at privacy@brote.ai. Legal entity: Brote Labs SpA, La Serena, Coquimbo, Chile.