Privacy Policy
BrushPass Privacy
Effective May 22, 2026. This privacy notice is a product-ready draft for private beta and should be reviewed by counsel before public launch.
Scope
This policy explains how Primeta AI, Inc. processes information for BrushPass. BrushPass is used by organizations to run monitored engineering work sessions. Organizations decide who participates, what tasks are assigned, and what data is reviewed.
Data We Process
BrushPass may process account details, candidate names and emails, task instructions, terminal commands, AI prompts and responses, file metadata, diffs, README content, IP addresses, connection metadata, verification results, and review artifacts.
Account And Billing Data
We process organization names, user names, emails, authentication events, subscription status, billing metadata, invoices, usage records, and support communications.
Session Data
Session data may include candidate portal activity, SSH connection metadata, workspace lifecycle events, shell commands, AI requests and responses, token counts, estimated AI cost, file snapshots, git status, line change summaries, exposed port metadata, verification results, and handoff documentation.
How Data Is Used
Data is used to provision workspaces, operate AI proxy access, record engineering activity, support review workflows, secure the service, calculate usage, and improve product reliability.
AI Provider Keys
Organizations may bring their own provider keys. Keys are encrypted and used to proxy authorized AI requests for sessions. Raw provider keys are not intentionally exposed to candidates.
Service Providers
We may use infrastructure, database, email, analytics, payment, source control, monitoring, security, and AI providers to operate BrushPass. These providers process data only as needed to provide their services to us.
Candidate Notice
Organizations using BrushPass should inform candidates that workspace activity is monitored and reviewable. This may include terminal activity, AI prompts and responses, generated files, connection metadata, and submitted documentation.
Cookies And Authentication
BrushPass may use cookies, session storage, magic links, and similar technologies for authentication, security, preferences, analytics, and product operation.
Retention
Session telemetry and artifacts are retained for customer review and audit unless deleted under customer-controlled retention settings, teardown workflows, or support workflows. Disposable workspaces may be destroyed before all generated files are preserved.
Security
We use technical and organizational safeguards such as encrypted credentials, short-lived session tokens, access controls, activity logs, and disposable infrastructure. No internet service can guarantee perfect security.
Legal Requests And Compliance
We may process or disclose information when required by law, to protect rights and safety, to prevent abuse, to enforce agreements, or as part of a corporate transaction.
Your Choices
Account users may request access, correction, export, or deletion by emailing [email protected]. Candidate requests may need to be routed through the organization that created the session.
Changes
We may update this policy as BrushPass changes. Material updates will be reflected on this page with a new effective date.