Privacy Policy

This “Privacy Policy” describes solely how our services through Website [hereinafter collectively referred to as: https://brama.work/, and other web pages under the same domain name structure], is a service of the multi-integration MCP hub – “Brama” (the “Platform”), which is developed, solely owned, and operated by “Bystrov Sp. z o.o. (NIP: 9512524202, legal address: ul. Adama Branickiego, nr 21, lok. U3 02-972 Warszawa, Poland)” (hereinafter - the “Bystrov”, “We”, “Our” and “Us”), may collect, use, and otherwise process personal data, and provides information about your rights in relation to such personal data (this “Privacy Policy”): This Privacy Policy applies where you provide personal data to Us by: (i) contacting Us through the Platform or via email at viktor@brama.work; and/or (ii) using the Platform – Hereinafter, such each person is collectively referred to as “User”. Depending on the circumstances, We act either as: (i) a “Data Controller” with respect to Bystrov’s personal data processed for Our own purposes; or (ii) a “Data Processor” with respect to Users’ personal data processed, including, without limitation, where a User: contacts Us through the Platform or via email at viktor@brama.work; and/or uses the Platform. Furthermore, We are required under data protection legislation to notify Our User(s) of the information contained in this Privacy Policy. This Privacy Policy does not in any way imply the conclusion of a principal cooperative agreement or any other contractual relationship between Us and the User(s). Thus, by using the Platform or providing any personal data, You acknowledge and agree that: (i.) You voluntarily provide all personal data and other data to Bystrov; (ii.) You are solely responsible for the accuracy, lawfulness, and completeness of all personal data or other data submitted or shared through the Platform; (iii.) Bystrov does not verify, monitor, endorse, or control the personal data, content, or materials You provide, and is not liable for any consequences (including legal or financial) arising from the use, submission, or disclosure of such data. (іv.) Bystrov does not store the contents of third-party API responses. Platform acts solely as a proxy: data is transmitted from the vendor to the User(s)’ AI agent and is not retained by Bystrov – for further details, please refer to Our Terms of Use [available at https://brama.work/uk/terms]. Note: Our Website may include links to external websites that are not operated by Us. If a User clicks on a third-party link, they will be redirected to that third party's website. We strongly advise all Users to read the privacy policies of any website they visit. We are not responsible for, and have no control over, the content, privacy policies, or practices of third-party websites or services outside Our Website.

The terms used, such as “controller”, “processor”, “third-party”, “personal data breach”, “personal data” or their “processing”, etc. refer to the definitions in Article 4 of the GDPR. The term “User(s)” covers all categories of persons affected by data processing. The terms used, such as “User(s)” are to be understood gender-neutral.

Any processing of Users’ personal data is performed strictly in accordance with this Privacy Policy and applicable data protection laws of the User’s country of residence, including but not limited to: (i.) EU, including, but not limited of this: (і.) the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJEU No L 119 of 4 May 2016) (hereinafter – the “General Data Protection Regulation” and the “GDPR”); and other relevant legislation. (іі.) UK, including, but not limited of this: the UK Data Protection Act of 2018 (hereinafter – the “UK DPA”). (ііі.) UA, including, but not limited of this: the Law of Ukraine of 01.06.2010 №2297-VI on Personal Data Protection (hereinafter – the “UPDP”). (iv.) PL, including, but not limited of this: Personal Data Protection Act of 10 May 2018; The Law on the Provision of Electronic Services of 18 July 2002. (v.) US: the User(s) has rights under the following state-specific law, where the User actually resides at the time of acquiring User status (the name of the document refers to the state) including but not limited to: (i.) the California Consumer Privacy Act of 2018 (hereinafter – the “CCPA”), (ii.) the Colorado Consumer Privacy Act (hereinafter – the “CPA”), (iii.) the Connecticut Data Privacy Act of 2023 (hereinafter – the “CTDPA”), (iv.) the Delaware Personal Data Privacy Act (hereinafter – the “DPDPA”), (v.) the Florida Digital Bill of Rights (hereinafter – the “FDBR”), (vi.) the Biometric Information Privacy Act (hereinafter – the “BIPA”), (vii.) the Consumer Data Protection Act (hereinafter – the “CDPA”), (viii.) the Iowa Consumer Data Protection Act (hereinafter – the “ICDPA”), (ix.) the Montana Consumer Data Privacy Act (hereinafter – the “MCDPA”), (x.) the Oregon Consumer Privacy Act (hereinafter – the “OCPA”), (xi.) the Nevada Privacy of Information (hereinafter – the “Senate Bill 220” or the “SB 220”), (xii.) the Utah Consumer Privacy Act (hereinafter – the “UTCPA”), (xiii.) the Tennessee Information Protection Act (hereinafter – the “TIPA”), (xiv.) the Texas Data Privacy and Security Act (hereinafter – the “TDPSA”), (xv.) the Virginia Consumer Data Protection Act (hereinafter – the “VCDPA”), etc. If You are a U.S. federal government end User, Our Service is a “Commercial Item” as that term is defined at 48 C.F.R. §2.101. Note: We process personal data of User(s) strictly in compliance with the applicable data protection regulations. Users’ personal data is processed only where an appropriate legal basis exists under the GDPR. In particular, such processing is carried out where: (i) the User has provided valid consent within the meaning of Article 6(1)(a) and Article 7 of the GDPR, including by using the Platform; (ii) processing is necessary for the performance of a contract or the implementation of pre-contractual measures pursuant to Article 6(1)(b) of the GDPR; (iii) processing is necessary for compliance with a legal obligation to which we are subject in accordance with Article 6(1)(c) of the GDPR; and/or (iv) processing is necessary for the purposes of our legitimate interests in accordance with Article 6(1)(f) of the GDPR, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the User.

IMPORTANT NOTE: Bystrov does not store the contents of third-party API responses. Platform acts solely as a proxy: data is transmitted from the vendor to the User(s)’ AI agent and is not retained by Bystrov – for further details, please refer to Our Terms of Use. The User(s) directly provide Us with most of the personal data We collect. We collect, process, etc., the following personal data: User Data: We DON'T collect data such as: account information (such as name, email address, etc.), credentials used to connect third-party integrations, operational logs required to operate and audit the services, error REPORTS, or similar information, UNLESS such data is provided in one of the following circumstances: (i) the User(s) voluntarily submit(s) such data during sign-up or through contact forms available on the Website or through Our official social media pages (for further details, please refer to the “Contact Us” section of this Privacy Policy); (ii) the User(s) provide(s) consent through a pop-up consent request on the Website by clicking the “Accept” button; (iii) the User(s) voluntarily complete(s) a questionnaire or survey at the User(s)’ sole discretion; (iv) the User(s) complete(s) a consent form on the Website to receive news, updates about Our Platform, marketing offers, and other information; (v) We receive such personal data from third parties in accordance with the procedures described herein; and/or (vi) the User(s) use(s) the Platform, including where personal data is provided or generated directly in the course of using the Platform, and such data is necessary for the performance, operation, maintenance, security, support, or improvement of the Platform. BY providing personal data in any of the foregoing circumstances, the User(s) hereby consent(s) to the collection and processing of such personal data, to the extent permitted by applicable law. We may use such personal data, among other things, to provide the Platform, improve the Website and the Platform, respond to the User(s)’ requests, and send promotional or informational emails regarding Our Platform. IF the User(s) do(es) not wish to receive such emails, an unsubscribe option will be included in the relevant email, or the User(s) may send a request to viktor@brama.work. In certain cases, We may also collect and process personal data that is publicly available in relation to a particular User(s) as part of Our research identification process on social networking platforms, such as LinkedIn, Facebook, and similar services. For this purpose, We may use technology and/or software to identify suitable client(s) based on search criteria, and such identification process may be automated. Non-personally identifiable data, if We deem it necessary, such as, but is not limited to: the type of browser, referring website, date, and time of each User request, and other log data. Our purpose in collecting such information is to better understand how Our Platform is used and to maintain its proper functionality and usefulness for each User(s). Other data about the User(s), which combines parts of each of the previous ones (if We deem it necessary): We collect other information that the User may provide to us when completing a survey from Us or participating in promotional/marketing offers, etc. Note: We in no way collect the User's personal data, such as bank data/requirements that the User uses when the User makes payments for Our services on the Website using the “Stripe” payment system web application, etc. (for more details, see the “APPLICABLE TERMS” section). You should visit their website and familiarize Yourself with the legal basis for this, as We are not responsible for the processing and transfer of Your personal data by such companies.

By submitting data and using the Platform, Users expressly agree and acknowledge that: (i.) All types of data submitted to Bystrov for the purpose of using the Platform are voluntary, at the User’s sole discretion, does not require any additional documentation, and is processed on the basis of this Privacy Policy. Users release Bystrov from any obligation to monitor, control, or verify submitted data or any subsequent use thereof. (ii.) Bystrov does not and will not verify, monitor, control, or validate any data, and any reliance on such data is at the User’s own risk; (iii.) Users bear full and exclusive responsibility for ensuring the legality, accuracy, and consequences of any data they submit or access via the Platform; (iv.) Users agree to indemnify, defend, and hold harmless Bystrov, its parent, subsidiary, and affiliated entities, as well as its and their respective directors, officers, shareholders, employees, agents, contractors, subcontractors, representatives, successors, and assigns from and against any and all claims, demands, liabilities, damages, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to: (i.) The User’s submission, provision, or sharing of any data; (ii.) Any unauthorized or unlawful use of the Platform; (iii.) Any breach by the User of their obligations under this Privacy Policy; (iv.) Any claims by third parties relating to any data. (v.) Users explicitly accept that their voluntary submission of data constitutes a binding acknowledgment that Bystrov has no obligation, duty, or liability regarding the User Data or its use in any manner; (vi.) Bystrov does not collect, store, or otherwise process any banking or financial information of the User used for payment of Our Platform through third-party payment processors, including but not limited to the (any) payment platform. All payment-related data are processed directly by such third-party providers in accordance with their own privacy policies and applicable data protection laws. Users are strongly advised to review the respective provider’s terms and privacy documentation to understand the legal basis and safeguards applied to such processing. Bystrov disclaims any responsibility or liability for the collection, processing, storage, or transfer of User data performed by such third-party payment processors. (vii.) Bystrov’s provision of the Platform on an “AS IS” and “AS AVAILABLE” basis constitutes the full extent of the Platform, and Users waive any claims or rights to demand further guarantees, validation, or supervision of User-submitted data.

When the User uses Our Website and uses the available systems (in particular, to create contact requests sent via the contact form), so-called “cookies”* are created when the User browses these web pages. *These are text files of small size that are stored in the User's device, through which the User browses the websites. They are commonly used to ensure the operation of websites and other services provided over the Internet, and to improve and develop these websites, which is done by reading the contents of these files. We collect information contained in “cookies”, such as the date of the User's connection to the Website or the IP-address of the device from which the User connects to the Website, which is data that shows how the User(s) use Our Websites. This information is used for administrative and statistical purposes and aimed at improving Our Website and enhancing User's user experience. In addition, this automatically processed data may be used to analyse the behaviour of the content User(s) on Our Website (e.g., time spent on the Website) or to personalise the content of the Website's web pages, in particular by providing online advertising. The User(s) are not obliged to accept cookies (the User(s) may agree to the use of cookies by clicking the appropriate button on our Website or by making the appropriate settings in your Web browser), but this may result in Our Website not functioning fully properly. Note: We also use social media buttons and/or plugins on the Website that allow you to connect with Our social network. In order for them to work, they set Cookies on Our Website that can be used to improve your profile on their website or to supplement the data they store for various purposes specified in their respective privacy policies and cookies policies. In addition to cookies, We may collect and process technical and usage-related information through internal logging and analytics systems when the User interacts with Our Website and Platform. Such data may include records of User actions, system events, and interactions with the functionality of the Website and Platform, including but not limited to: general usage events (e.g., page views, session activity); authentication-related events (e.g., login, logout, registration attempts); interaction with communication tools (e.g., chat messages, conversation creation or deletion); user actions within the system (e.g., search queries, copying content); administrative actions (e.g., creation, modification, or deletion of user accounts); document and file operations (e.g., uploads, exports, deletions); prompt and content management actions; system errors and API-related issues; account-related actions (e.g., account deletion requests or completion). This information is processed for the purposes of ensuring system security, maintaining service integrity, monitoring performance, improving functionality, and complying with legal obligations. Such data may be associated with a User account (where applicable), but is not used to directly identify Users beyond what is necessary for the provision of services.

The Platform are not intended for use by anyone under the age of 18 (hereinafter, “Children”). Bystrov does not knowingly solicit or collect personal data from Children. (i.) If a User is a parent or guardian and becomes aware that their Child has voluntarily submitted personal data to Bystrov, the parent or guardian must immediately contact Bystrov (see the “Contact Us” section). (ii.) Bystrov shall not be responsible or liable for any data submitted by Children. All responsibility for ensuring that Children do not submit personal data rests solely with the parent or guardian. (iii.) If Bystrov becomes aware that personal data of Children has been submitted without parental or guardian consent, Bystrov will take commercially reasonable steps to delete such data. (iv.) Users (including parents or guardians) acknowledge and agree that Bystrov bears no liability for any consequences arising from Children’s submission of personal data, and that all such risks are assumed solely by the parent or guardian.

We securely store your data in Our internal Customer Relationship Management system (hereinafter - the “CRM”), that includes Gmail (from Google Mail), in an encrypted format. The data retention period that we receive from the User(s) is calculated for each moment of cooperation individually in compliance with all relevant regulations, which are confirmed by this Privacy Policy. However, in general, the period is from 6 (six) months from the first collection of such data to the maximum period allowed by applicable law, taking into account such circumstances as whether the User continues to use Our services or whether We cooperate with the User, etc. Retention periods from other recipients (owners of other websites outside of Our Website) are set exclusively by them in their privacy policies. Note: In case the User(s) requests that We DON'T store personal data by sending Us a request to viktor@brama.work, We will take all reasonable measures to delete all personal data about such User(s). However, with the explicit consent of the User, we may retain a streamlined version of their profile, including their email address, for future purposes, enabling us to keep the User informed about our recruitment campaigns or marketing offers.

The User(s) have certain rights in connection with the processing of personal data by Bystrov. All provision of these rights is voluntary and exercised at the sole discretion and responsibility of the User(s). Bystrov acts (provides Platform) only upon request from the User(s) and assumes no responsibility for the accuracy, legality, completeness, or consequences of any data submitted by the User(s). (і.) Right of Access (e.g., Art. 15 GDPR) – You can request confirmation of whether Bystrov holds personal data about you and ask to receive a copy of that data. This right allows you to understand what data is collected, why it is processed, and who it may be shared with. (іі.) Right to Rectification (e.g., Art. 16 GDPR) – You can request correction of inaccurate or incomplete personal data. Bystrov may update your data upon verification of your request. (ііі.) Right to Erasure / Right to be Forgotten (e.g., Art. 17 GDPR) – You can request deletion of your personal data if there is no legal or operational requirement to retain it. Bystrov may retain certain data as required by law or necessary to protect legitimate interests. (iv.) Right to Restrict Processing (e.g., Art. 18 GDPR) – You can request temporary suspension of the processing of your personal data. Bystrov may approve or partially approve such requests, based on applicable law and operational feasibility. (v.) Right to Data Portability (e.g., Art. 20 GDPR) – You can request a copy of your personal data in a structured, commonly used, machine-readable format, and, where feasible, request its transfer to another service provider. (vi.) Right to Object (e.g., Art. 21 GDPR) – You can object to the processing of your personal data based on legitimate interests or direct marketing purposes. Bystrov will review and act on such objections where permissible by law. (vii.) Right to Withdraw Consent – You can withdraw consent for data processing at any time, without affecting processing that occurred prior to withdrawal. Fees and Timing. Requests are generally free of charge. Bystrov may charge a reasonable fee or refuse requests that are manifestly unfounded, excessive, or repetitive. We will respond to requests within a reasonable timeframe, typically within 30 (thirty) calendar days, unless the law allows an extension for complex requests. Verification and Security Measures: Bystrov may require information to verify the identity and entitlement of the User(s) requesting access or other rights. These measures are solely for Bystrov’s protection and shall not be interpreted as creating any additional liability or obligation. Important Note: All personal data provided to Bystrov by the User(s) is voluntary, at the sole discretion, and at the full risk of the User(s). Bystrov is not responsible for any direct, indirect, or consequential damages arising from the use, submission, or sharing of any personal data by the User(s). To exercise any of the above rights, please contact Bystrov in writing at viktor@brama.work.

The User's personal data is transferred to (or within) third countries if the Platform provided by Us will also be provided in the territory of a third country. The personal data of the User(s) may also be transferred to entities that provide tax, legal, and audit advice to Us if they operate in or outside the territory of a third country. In each of the above cases, We protect the processing of the User's personal data, in particular, by entering into confidentiality agreements and processing personal data in a manner that complies with the provisions of generally applicable EU and UK data protection laws, as well as on terms designed to ensure the security of the processing of the User's personal data. We DON'T transfer personal data of the User(s) to international organizations. We also DON'T transfer personal data of the User(s) to third countries, if such transfer is impossible or prohibited by generally accepted legislation. Any transfer of personal data to the United States of America and other countries outside the European Union (hereinafter – the “EU”) and the European Economic Area (hereinafter – the “EEA”) will be carried out on the basis of Standard Contractual Clauses (hereinafter – the “Standard Contractual Clauses” or the “SCC”) together with a Transfer Impact Assessment (hereinafter – the “TIA”) in accordance with Art. 46(2)(c) GDPR and with the consent of the User(s), e.g., if the User consents to the use of cookies, this will also be consent to the possible transfer of the User's personal data to the United States of America in accordance with Art. 49(1)(a) GDPR in connection with Art. 6(1)(a) GDPR. Any transfer of personal data to the EU and/or the EEA is carried out on the basis of a Data Protection Agreement (hereinafter referred to as “Data Protection Agreement” and/or the “DPA”), if necessary, together with a TIA, in accordance with Art. 28 GDPR, Art. 32 GDPR, etc., and with the consent of the User(s) (e.g., based on Art. 6(1)(a) GDPR). Note: By accepting this Privacy Policy, the User(s) explicitly acknowledge, agree, and voluntarily consent to the transfer of their data as described herein. The User(s) are solely responsible for the accuracy, legality, and completeness of any data they provide to Bystrov and for any consequences arising from such transfer. The User(s) may withdraw their consent to cross-border data transfers at any time by contacting Bystrov at viktor@brama.work. However, withdrawal may limit the User(s)’ ability to access or use certain Platform, and Bystrov shall not be liable for any effects resulting from such withdrawal.

Bystrov may engage with third-party companies, individual entrepreneurs, or other entities (collectively, “Service Providers”) to facilitate the operation of Our Platform, provide Platform on Our behalf, analyze and improve Our Platform, or otherwise assist Us in Our business operations. Such Service Providers may receive access to data of the User(s) solely for the purposes explicitly defined by Bystrov and are strictly prohibited from using or disclosing such data for any other purpose, except as explicitly provided in the applicable cooperation agreement, terms of use, or privacy policy governing their services. All cooperation with third-party Service Providers is formalized through legally binding documentation, including but not limited to master service agreements, non-disclosure agreements, terms of use (offer/user agreements), privacy policies, etc. By voluntarily providing data and interacting with Our Platform, the User(s) explicitly acknowledge, agree, and provide their consent that Bystrov is not responsible, including jointly or severally, for any unlawful or unauthorized use of data by such Service Providers. Users assume full responsibility for any consequences arising from their interaction with Service Providers. Each Service Provider independently manages data in accordance with its own terms of use and privacy policy. Bystrov does not control and assumes no liability for the actions of Service Providers beyond the measures described herein. For the purposes of improving Our Platform, marketing, analytics, and operational efficiency, Bystrov may integrate or cooperate with the following third-party tools. The User(s) acknowledge that their interactions with these tools are governed by the respective third-party privacy policies, and Bystrov disclaims any liability for such third-party practices: (і.) Google Analytics (Google LLС) is a web analysis service provided by Google Inc. Google utilizes the data collected to track and examine user behavior, to prepare reports, and share insights with other Google services. Google may use the data collected to contextualize and personalize the advertisements launched via Google’s advertising network. The service is subject to Google’s Privacy Policy (available at the link). (ii.) Google Tag Manager (Google LLС) is a web service designed to optimize the Google Analytics management process. The service is provided by Google Inc. and is subject to Google’s Privacy Policy (available at the link). (iii.) Google AdWords Tools (Google AdWords Conversion Tracking/ Dynamic Remarketing / User List / DoubleClick) (Google LLС) Google AdWords conversion tracking and other Google Ads services are analytic instruments, connect data from the Google AdWords advertising network with actions taken on our website. The services are provided by Google Inc. and are subject to Google’s Privacy Policy (available at the link). (iv.) Google AdWords (Google LLC) DoubleClick (Google Inc.) / DoubleClick Bid Manager / Google DoubleClick Google AdWords and Double Click are advertising services that enable efficient interaction with potential customers by suggesting relevant advertisements across Google Search, as well as Google’s partner networks. The services are provided by Google Inc. and are subject to Google’s Privacy Policy (available at the link). (v.) Google Forms (Google LLC) is an online tool that allows users to create surveys, questionnaires, and forms to collect responses and manage data efficiently. The service is subject to Google’s Privacy Policy (available at the link). (vi.) Google Drive (Google LLC) is a cloud-based storage and file management service that allows users to upload, store, and share documents, photos, videos, and other files via the internet. Google Drive is integrated with other Google services, such as Google Docs, Google Sheets, and Google Slides, enabling convenient real-time collaboration. Files are accessible from any internet-connected device. This service is provided by Google LLC and is subject to Google’s Privacy Policy (available at the link). (vii.) Stripe (Stripe, Inc.) is a payment processing platform that facilitates online payments, enabling businesses to accept credit card payments and manage transactions securely. The service is subject to Stripe’s Privacy Policy (available at the link). (vii.) ChatGPT (OpenAI) is an artificial intelligence-based conversational software service developed and provided by OpenAI. It enables users to generate and process natural language text, including answering questions, drafting documents, analyzing information, and supporting various professional and personal tasks through interactive dialogue. The service operates via cloud infrastructure and may be accessed through web and mobile interfaces, depending on availability and user configuration. ChatGPT may also support integration with additional tools and features depending on the applicable plan and deployment environment. The service is subject to OpenAI’s governing terms and policies, including the Privacy Policy (available at the link). (viii.) Claude (Anthropic) is an artificial intelligence-based conversational software service developed and provided by Anthropic. It is designed to assist users with natural language understanding and generation tasks, including drafting content, summarising information, answering questions, and supporting analytical and reasoning-based workflows through an interactive chat interface. Claude is delivered via cloud-based infrastructure and is accessible through supported web and application environments, subject to availability and configuration. The service is governed by Anthropic’s applicable legal terms and privacy framework, including its Privacy Policy (available at the link). (ix.) WHOOP (Whoop, Inc.) is a wearable health and fitness service developed and provided by WHOOP. It is designed to deliver continuous health insights and personalized coaching to help users improve how they sleep, train, and feel, and it measures metrics such as sleep, strain, recovery, and related health data through its wearable device and companion app. The service is provided on a subscription basis and is governed by WHOOP’s applicable legal terms and privacy framework, including its Privacy Policy (available at the link). (x.) Ringostat (Netpeak LTD) is a business communication and marketing performance platform developed and provided by Ringostat. It is designed to support inbound and outbound business communications, call tracking, telephony, CRM synchronization, call analytics, and related customer-interaction workflows, including by enabling businesses to track and analyze calls, messages, and marketing performance through a cloud-based platform and connected tools. The service is governed by Ringostat’s applicable legal terms and privacy framework, including its Privacy Policy (available at the link).

Bystrov is committed to maintaining the security and integrity of the Platform. If You believe that You have discovered a potential security issue or vulnerability within Our Platform that is within the scope of Our systems, You may report it to Bystrov by emailing viktor@brama.work. To ensure that We can address the report effectively, please provide, where applicable: (і.) A detailed description of the suspected vulnerability. (іі.) Full URLs or locations associated with the vulnerability. (ііі.) A Proof of Concept (POC) or detailed instructions, including screenshots, video, or other supporting materials, demonstrating how the vulnerability can be reproduced or exploited. (iv.) Entry fields, filters, or other input mechanisms involved in the vulnerability. (v.) Your assessment of the potential risk or exploitability. (vi.) Instructions for how We can reach You for follow-up questions or clarification. Offering potential solutions is encouraged, but not required. Lack of complete or detailed information may delay Our ability to investigate or remediate the reported vulnerability. By submitting a report, You acknowledge and agree that: (i.) Bystrov retains sole discretion over any investigation, response, or remediation measures, including whether any reported vulnerability constitutes a legitimate issue or security risk. (ii.) Bystrov is not liable for any consequences, claims, or damages arising from the reporting process, including but not limited to delays, partial reports, incorrect reproductions, or misuse of reported information. (iii.) You shall not exploit or publicly disclose any security vulnerability without Bystrov’s explicit written consent. Unauthorized access, testing, or use of Our systems beyond reporting a potential vulnerability may be considered a violation of applicable law, and Bystrov reserves all rights to pursue legal or other actions in such cases. Note: Reports are reviewed promptly, but submission of a report does not create any contractual relationship between You and Bystrov, nor does it guarantee any compensation, recognition, or bounty. Bystrov reserves the right to implement, modify, or decline any actions based on a submitted report.

Bystrov reserves the exclusive right to modify, update, amend, or supplement this Privacy Policy at any time in order. In the event of material changes to this Privacy Policy, We will make reasonable efforts to notify Users by posting a notice on Our Website or Platform prior to the effective date and updating the “Last Update” date at the top of the Privacy Policy. Notification may also be made via e-mail newsletter if the User has consented to receiving such communications. Users are solely responsible for reviewing and familiarizing themselves with any updates to this Privacy Policy, including in cases where Users have opted out of receiving email notifications. Bystrov may require Users to provide renewed consent to continue using the Platform following updates to the Privacy Policy. Unless otherwise stated, all changes shall become effective 30 (thirty) calendar days after publication of the revised Privacy Policy on the Website. Electronic or other stored copies of this Privacy Policy maintained by Bystrov shall be deemed the authentic, complete, valid, and enforceable version in effect at the time of any User’s interaction with Our Platform. By continuing to use or interact with Our Platform following any updates, Users explicitly acknowledge and accept the updated Privacy Policy. Bystrov shall not be liable for any consequences arising from a User’s failure to review or comply with changes to the Privacy Policy.

This Privacy Policy is written in English. If We provide any translation of this Privacy Policy for convenience, such translation is provided solely for the convenience of Users and has no legal effect; in the event of any inconsistency or conflict between the English version and any translated version, the English version shall prevail. If You use any automated or third-party translation tool (including browser translation tools) to view this Privacy Policy, You acknowledge and agree that Bystrov is not responsible for the accuracy, completeness, or quality of such translation. To the extent You do not understand the English language, You should seek an independent, certified translation or legal advice prior to accepting this Privacy Policy.

For any questions regarding this Privacy Policy – User(s) may contact Bystrov by sending an email to: viktor@brama.work. All inquiries will be addressed within 30 (thirty) calendar days, or within a longer period if reasonably justified, in accordance with applicable laws. Users are solely responsible for providing accurate and sufficient information to allow Bystrov to identify and address the inquiry.