Privacy Policy — Brainfood Cloud, MediaSync.ai, Publio.ai, Cleon & Related Websites
Version: 1.0 · Last updated: 29 May 2026
This Privacy Policy explains how Brainfood Digital Media and Publishing Single-Member LLC (Μ.Ε.Π.Ε.) (“Brainfood”, “we”, “us”) processes personal data when you visit our websites (brainfoodcloud.com, mediasync.ai, publio.ai, cleon.tv, brainfoodmedia.gr) or use our products: Brainfood Cloud, MediaSync.ai, Publio.ai, and Cleon / Cleon.tv (the “Services”).
1. Controller and Contact Details
Controller: Brainfood Digital Media and Publishing Single-Member LLC (Μ.Ε.Π.Ε.) Registered seat: Empedokleous 28 & Souri 20, 12131, Peristeri, Athens, Greece. Email: privacy@brainfoodcloud.com.
2. Controller vs. Processor — Important for B2B Customers
We act in two distinct roles:
- As controller for: our websites, marketing, account registration, billing, support, and product analytics – covered by this Policy.
- As processor on behalf of our business customers for personal data contained in Customer Content they submit to the Services (e.g., articles, media files, AI prompts, end-user data from connected CMS, social, analytics, or advertising systems). That processing is governed by our Data Processing Agreement with the customer, not by this Policy. If your personal data was submitted to our Services by one of our customers, please contact that customer (the controller) first; we will support their response as their processor.
3. Categories of Personal Data We Collect
Category | Examples | Source |
Account data | Name, business email, job title, company, password (hashed), workspace settings | You |
Billing data | Billing contact, company details, VAT number, invoicing address, payment method tokens (held by our payment processor), transaction history | You / payment processor |
User & content activity data | Actions in the platform, content items created or edited, workflow assignments, publishing history | Your use of Services |
AI interaction data | Prompts, inputs, generated outputs, feedback on outputs | Your use of AI features |
Integration data – CMS | Content, metadata, author names, and account identifiers from CMS systems you connect | Systems you connect |
Integration data – social media | Connected page/profile identifiers, access tokens, post performance data | Platforms you authorise |
Analytics data | Device, browser, IP address, pages viewed, feature usage, diagnostics | Automatic |
Advertising & monetisation data (Cleon) | Publisher account information, inventory configuration, revenue reporting, ad delivery logs, ad request metadata (such as IP address, device and browser information, consent signals and technical identifiers required for ad serving). | Publishers / ad systems |
Cookies & tracking data | Third-party advertising partners may process their own identifiers, cookies or similar technologies in accordance with their respective privacy policies and consent frameworks. | Automatic (see Cookie Policy) |
Support communications | Messages, attachments, contact details in tickets or emails | You |
We do not intentionally collect special categories of personal data (Art. 9 GDPR) and ask that you do not submit them.
4. Purposes and Legal Bases (Art. 6 GDPR)
Purpose | Legal basis |
Providing the Services, account management, authentication | Contract (Art. 6(1)(b)) |
Billing, invoicing, accounting | Contract; legal obligation (Art. 6(1)(c)) (tax/accounting law) |
Operating AI features at your request | Contract |
Maintaining integrations you authorise (CMS, social, ad-tech) | Contract |
Security, fraud and abuse prevention, invalid traffic detection | Legitimate interests (Art. 6(1)(f)) — protecting our Services and partners |
Product analytics and service improvement | Legitimate interests; consent where required for cookies/tracking |
Marketing emails to business contacts | Legitimate interests (existing customers, soft opt-in) or consent; you can opt out at any time |
Marketing/advertising cookies | Consent (Art. 6(1)(a); ePrivacy) |
Support and communications | Contract; legitimate interests |
Compliance with law, legal claims | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have balanced those interests against your rights; you may object (Section 11).
5. Data Sharing
We share personal data only with:
- Service providers / subprocessors – Amazon Web Services (AWS) Service used: Amazon S3 cloud. Purpose: Secure storage and hosting of files, media, backups, or application data. Data processed: Customer files, uploaded content, metadata, logs, or other application data, depending on your use. Location: EU.
- Third-party platforms you connect – CMS, social networks, analytics, and advertising/demand partners, under their own privacy policies, only as needed to operate the integration you authorise;
- Advertising demand partners (Cleon) – ad-request data necessary to serve and measure advertising, subject to consent signals passed under applicable consent frameworks.
- Professional advisors, auditors, and authorities where required;
- Corporate transactions – a successor in a merger, acquisition, or asset sale, with notice where required.
We do not sell personal data.
6. International Transfers
Where personal data is transferred outside the EU/EEA (e.g., to providers the United States), we use appropriate safeguards: an adequacy decision (including the EU–US Data Privacy Framework where the recipient is certified) or the European Commission’s Standard Contractual Clauses, with supplementary measures where needed. You may request a copy of relevant safeguards via privacy@brainfoodcloud.com.
7. Retention
We retain personal data only as long as needed for the purposes above:
- Account data: for the life of the account and up to 12 months after closure;
- Billing/tax records: as required by Greek tax and accounting law (typically 5–10 years);
- AI interaction data: for the duration of the subscription unless deleted earlier by the customer;
- Customer Content processed as processor: per the customer’s instructions and the DPA;
- Support records: 24 months after resolution;
When retention ends, data is deleted or irreversibly anonymised.
8. Security
We apply appropriate technical and organisational measures, including encryption in transit, access controls and role-based permissions, logging and monitoring, environment separation, and staff confidentiality commitments. No system is completely secure; we will notify affected parties and authorities of personal data breaches as required by Articles 33–34 GDPR.
9. AI Features – Privacy Notes
AI prompts, inputs, and outputs are processed to provide the requested feature. They may be processed by third-party AI model providers under agreements that prohibit use of your data to train their models. We do not use your content or prompts to train foundation models without explicit agreement. Avoid including unnecessary personal data in prompts.
10. Cookies
See our Cookie Policy for details on cookies and similar technologies across our domains and how to manage consent.
11. Your Rights (GDPR)
You have the right to: access your personal data; rectify inaccurate data; erase data; restrict processing; data portability; object to processing based on legitimate interests, including direct marketing (absolute right to object to marketing); and withdraw consent at any time without affecting prior processing.
To exercise rights, contact privacy@brainfoodcloud.com. We respond within one month (extendable by two months for complex requests). We may need to verify your identity.
Supervisory authority: You may lodge a complaint with the Hellenic Data Protection Authority, www.dpa.gr, or with the supervisory authority of your habitual residence or place of work.
12. Children
The Services are B2B tools and are not directed to anyone under 18. We do not knowingly collect children’s data; if you believe a child’s data was provided, contact us for deletion.
13. Product-Specific Notes
MediaSync.ai – processes editorial content, workflow data, and AI prompts/outputs; content may include personal data of individuals mentioned in journalism, for which the publishing customer is controller (journalistic exemptions may apply at the customer level).
Publio.ai – processes connected social media account identifiers, tokens, scheduled content, and post-performance metrics received from platforms under your authorisation; revoking platform access stops further collection.
Cleon / Cleon.tv – processes publisher account information, inventory management data, revenue reporting data and technical ad-request metadata necessary for the delivery and measurement of advertising. Cleon does not itself operate a consent management platform and relies on consent signals provided by publisher properties. Any third-party advertising identifiers, cookies or similar technologies are controlled by the relevant advertising partners and subject to their respective privacy policies.
brainfoodmedia.gr – corporate/media site; processes visitor analytics and contact-form data only.
14. Changes to This Policy
We may update this Policy and will post the new version with its date; material changes will be notified by email or in-product notice.
15. Contact
privacy@brainfoodcloud.com · Empedokleous 28 & Souri 20, 12131, Peristeri, Athens, Greece.