Braintrust Nexus Privacy Policy

Updated March 12, 2026

1. Introduction

This Privacy Policy outlines how Braintrust Nexus ("we," "our," or "us"), a product of Freelance Labs Inc. operating as Braintrust, collects, uses, discloses, and protects personal information when users ("you" or "your") access or use our AI-powered workflow automation platform and related services (collectively, the "Service").

Braintrust Nexus builds custom AI agents and automated workflows that connect to the tools and services you already use — from recruiting and revenue operations to onboarding and customer service. The Service integrates with hundreds of third-party platforms via authenticated API connections to deliver its functionality.

By using the Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

Customer & User Data

  • Contact Information: Name, email address, and company name.
  • Account Credentials: Username and password for accessing the Service, or authentication tokens when signing in via a supported identity provider.
  • Professional Information: Job title, employer details, and workflow configuration preferences.
  • Payment Information: Billing address and payment method details.
  • Usage Data: Information about how you interact with the Service, such as IP addresses, browser types, access times, features used, and pages viewed.

Workflow & Operational Data

  • Workflow Configuration: The integrations, triggers, actions, and logic you define when building workflows in Nexus.
  • Execution Logs: Records of workflow runs, including timestamps, success/failure status, and error details.

Data from Connected Integrations

When you authorize Nexus to connect with third-party services, we may access the following categories of information depending on the integration and permissions you grant:

  • Authentication & Identity: Basic profile information (name, email address, profile photo) from identity providers for account creation and authentication.
  • Calendar & Scheduling: Calendar availability and event time slots (free/busy status) from connected calendar services to coordinate scheduling within workflows.
  • Email & Messaging: The ability to send messages on your behalf through connected email or messaging providers as part of automated workflows. We do not read, scan, or access the contents of your inbox or existing messages.
  • CRM & Business Tools: Records and fields from connected CRM, ATS, or productivity tools that your workflows are configured to read or update.
  • Integrated App Data: Data necessary to facilitate the specific workflow actions you've configured. This may include, but is not limited to, records from applicant tracking systems (ATS), customer relationship management (CRM) tools, communication platforms (e.g., Slack, Microsoft Teams), and human resources information systems (HRIS).
  • Metadata from Integrations: Information about the structure, schema, and available objects within your connected third-party accounts.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Providing and Improving the Service: To operate, maintain, and enhance the Service's functionality, including AI-powered workflow automation, agent execution, and integration management.
  • Authentication & Account Management: To manage user access via direct login or supported identity providers, prevent unauthorized access, and enforce security protocols.
  • Workflow Execution: To execute the automated workflows you configure, including reading from and writing to connected third-party services on your behalf.
  • Customer Support: To respond to your inquiries, provide technical assistance, and resolve issues related to the Service.
  • Communications: To send technical notices, updates, security alerts, and administrative messages.
  • Compliance & Security: To protect the rights, property, and safety of Braintrust and our users; to prevent fraud, abuse, and illegal activities; and to comply with applicable laws and regulations.

4. Third-Party API Compliance

Nexus uses authenticated API connections to interact with third-party services. We comply with the respective developer policies and privacy requirements of these platforms, including:

  • Google API Disclosure: Nexus's use and transfer to any other app of information received from Google APIs will adhere to the Google API Service User Data Policy, including the Limited Use requirements.
  • Slack & Microsoft Teams: When using Nexus with communication platforms, we only access data required to perform the specific automated actions (e.g., sending a message or creating a channel) as configured in your workflows.
  • General API Compliance: We do not use data obtained through these third-party APIs for advertising purposes or to build general-purpose large language models (LLMs).

5. Data We Do Not Access Beyond Your Authorized Scopes

Nexus strictly adheres to the principle of least privilege. We only request the minimum API scopes necessary for your configured workflows to function. We do not:

  • Access your data for independent marketing purposes.
  • Access sensitive personal data unless strictly required by the specific workflow you have authorized.
  • Scrape or crawl your connected accounts for data beyond the scope of defined triggers and actions.

6. Sharing Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who provide services like cloud hosting, payment processing, or customer support, subject to strict confidentiality agreements.
  • Legal Requirements: If required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, provided the receiving party agrees to the terms of this Privacy Policy.
  • With Your Consent: We may share information with third parties when you have explicitly authorized us to do so, such as through integration connections.

7. Data Security

We implement industry-standard security measures, including encryption of data in transit (TLS) and at rest (AES-256), to protect your information from unauthorized access, disclosure, or destruction. We regularly conduct security audits and vulnerability assessments.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data through the Service settings or by contacting us directly. We may retain certain data as required by law or for legitimate business purposes.

9. Your Rights and Choices

Depending on your location, you may have rights under applicable privacy laws (such as GDPR or CCPA), including:

  • The right to access, correct, or delete your personal data.
  • The right to object to or restrict processing.
  • The right to data portability.
  • The right to withdraw consent for data processing at any time.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on the Service and updating the "Updated" date.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@usebraintrust.com.