Effective as of May 7th 2026
Bragi GmbH, a German limited liability company with its address at Sendlinger Straße 7, Angerblock, 2. OG, 80331 Munich, Germany ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your data when you use our Services.
This Privacy Policy applies to the information we collect about you in the course of our business, including through Bragi websites, Bragi enabled products, services, and mobile applications offered by or on behalf of Bragi, and through the Bragi Partner Portal at partner.bragi.com.
1. Definitions
• "Services": Refers to all products, mobile applications, websites, and platforms provided by Bragi GmbH, including the Bragi Partner Portal at partner.bragi.com.
• "User": Any individual or entity using the Services.
• "Content": All materials accessible through the Services, including firmware, software, updates, and other media.
• "Partner": A business user of the Bragi Partner Portal, typically a brand, System-on-Chip (SoC) vendor, Original Design Manufacturer (ODM), Independent Design House (IDH), or similar company evaluating or working with Bragi technology.
2. Information We Collect
• Information You Provide: Contact details, business contact data at Partner Portal sign-up (first name, last name, business email, company, role, country), and support inquiries.
• Automatically Collected Data: For example, aggregated analytics data such as device information, usage data, and crash reports.
• Device Information: Device type, operating system, app version, unique device identifiers, and IP address.
• Usage Data: Logs of interactions with the App or the Portal, such as downloads, installations, updates, and session durations.
• Crash Data: Reports on crashes or errors for debugging and improving app performance.
• Data from Third Parties: Information from third-party integrations (e.g., social logins) if you choose to connect them to your account.
• Third-Party Providers: We may use third-party analytics services on our Services (e.g., Google Analytics). These service providers may set and access their own cookies, pixel tags, and similar technologies on our Services and on third-party services to collect information that can be used to track users over time and across services. These analytics services help us understand how users arrive at and use our Services.
• Voice and Audio Data: When you use our AI-powered audio features, we may process short snippets of your voice input to generate responses. Unless otherwise stated, these snippets are processed in real time and are not stored beyond the session, except where you have explicitly consented to retention for service improvement.
• Information You Provide via Forms: When you complete forms on our website or apps (for example, to request support, sign up for newsletters, register for events, or provide feedback), we collect the information you choose to provide, such as your name, email address, company, and message content.
• Session replay and behavior data: on our websites, we use a session replay and heatmap tool to record interactions on the page (mouse movements, clicks, scrolls, page navigation). Sensitive form inputs are masked. This only takes place if you accept analytics cookies.
3. Cookies and Similar Technologies
We use cookies and similar technologies such as pixels, tags, SDKs, and local storage (collectively referred to as “cookies”) to operate, personalize, and improve our Services. Cookies help us recognize you, remember your preferences, understand how you use our Services, and measure the effectiveness of our communications.
Types of Cookies We Use
• Essential Cookies: These are necessary for the operation of our Services, enabling basic functions such as page navigation, secure login, and remembering your consent preferences. Without these cookies, the Services may not function properly.
• Performance and Analytics Cookies: These cookies help us understand how users interact with our websites and applications, which allows us to improve usability and performance.
• Functional Cookies: These remember your settings and preferences, such as language, region, and accessibility options.
• Marketing and Advertising Cookies: These are used to deliver relevant advertisements and to measure the effectiveness of marketing campaigns.
Legal Basis for Using Cookies
We use essential cookies based on our legitimate interest in ensuring the proper functioning and security of our Services. All other cookies (analytics, marketing, or personalization) are used only with your consent, which you can provide or withdraw at any time through our cookie settings.
Managing and Withdrawing Consent
You can manage or withdraw your consent for cookies at any time by clicking “Cookie Settings” at the bottom of our website or within our apps. You can also modify your browser settings to block or delete cookies. Please note that disabling essential cookies may impact the availability or functionality of some features.
Third-Party Cookies
Some cookies are placed by third parties that provide analytics, advertising, or other integrations on our behalf (for example, Google Analytics or advertising networks). These third parties may collect information about your online activities over time and across different websites. These tools include website analytics and session replay providers; sensitive fields are masked and these cookies are set only with your consent. We encourage you to review their respective privacy policies for further information about their processing and opt-out options.
Retention
• Session cookies are deleted automatically when you close your browser or app.
• Persistent cookies remain on your device until they expire or you delete them through your browser settings. We retain cookies only as long as necessary for the purposes for which they were set.
When you visit our websites or use our Services for the first time, you will be presented with a cookie banner that allows you to accept, reject, or customize your cookie preferences. Your consent choices are stored securely and can be modified at any time. If you have questions about our use of cookies or your preferences, you can contact us at dpo@bragi.com.
4. How Bragi Uses Your Information
Bragi may utilize the information we collect to enhance your experience and provide our services effectively. Specifically, we may use your data in the following ways:
• Delivering Requested Services: To fulfill your requests, such as completing purchases, providing subscriptions, offering customer support, or integrating with your chosen streaming services, and to provide Partner Portal access.
• Communicating with You: To keep you informed about your transactions, shipments, software or product updates, and any changes to our terms, policies, or conditions.
• Marketing and Promotions: To share information about new products, special offers, promotions, and upcoming events that may interest you
• Personalizing Your Experience: To tailor our services to your preferences by delivering relevant content, saving settings, offering product recommendations, and maintaining wish lists.
• Enhancing Our Services: To identify and resolve issues, improve usability, understand user interactions, perform research, and develop new products and features.
• Operational and Security Needs: To manage your account, address concerns or complaints, ensure security, prevent fraud, and comply with legal obligations such as detecting and addressing malicious or illegal activities.
• Unified User Experience: To recognize and connect your interactions across various touchpoints (e.g., devices, browsers, or services) using details like usernames, IP addresses, and device identifiers. This allows us to provide a seamless, personalized experience.
• With Your Consent: For specific purposes communicated to you, where your consent is sought in compliance with applicable legal requirements.
5. Legal Basis for Processing Your Information
Bragi processes your data in accordance with legal requirements and uses the following grounds under Article 6 of the General Data Protection Regulation (GDPR):
• Contractual Obligations (Art. 6(1)(b)): When processing is necessary to fulfill our commitments, such as providing requested services, adhering to our terms of use, or providing you with Partner Portal access.
• Legitimate Interests (Art. 6(1)(f)): When necessary to support our operations, ensure service security, process payments, defend legal rights, and prevent fraud. For each use of this basis, we balance our interests against your rights and expectations.
• Legal Compliance (Art. 6(1)(c)): When required to meet legal obligations, such as record-keeping for tax or audit purposes, responding to binding orders, or complying with export control and sanctions laws.
• Consent (Art. 6(1)(a)): When you provide explicit consent for a particular purpose
To enhance your experience, we may combine data collected through our services with information obtained from other online or offline sources. This aggregated information will be managed in line with this Privacy Policy.
6. How Bragi Shares Your Information
To deliver and enhance our services, we may share your information in the following ways:
• Service Providers: We collaborate with trusted third-party vendors to support our operations and provide our services. These partners assist us with tasks such as cloud hosting and infrastructure, customer relationship management, electronic signature, email delivery and support ticketing, web analytics, hosting, payment processing, shipping, marketing, customer support, data storage, security, fraud prevention, legal services, and product development. These service providers are authorized to use your information solely to perform their contracted services or comply with legal obligations. A current list of our material sub-processors is available on request from dpo@bragi.com.
• Integrated Platforms and Services: In certain cases, your information may be shared with third-party platforms, applications, or services that you connect with Bragi. These integrations enable features and functionality to operate seamlessly across different services, always in compliance with applicable laws and agreements.
• Compliance with Legal Obligations: We may disclose your information to law enforcement, government authorities, or other third parties when required by law, regulation, or legal process.
• Business Transactions: If Bragi undergoes a business transaction, such as a merger, acquisition, or sale of assets, your information may be transferred as part of that process. In such events, we will ensure that your data remains protected and used in accordance with this Privacy Policy.
7. International Data Transfers
To provide our Services, we may transfer your data to countries outside the European Economic Area ("EEA"). These countries may have data protection laws that differ from those in your jurisdiction. However, when we transfer your personal data internationally, we ensure adequate safeguards are in place to protect your information, including:
• Standard Contractual Clauses (SCCs): Ensuring contractual obligations for data protection are adhered to in line with GDPR requirements, supplemented where relevant by a Transfer Impact Assessment and supplementary measures such as encryption in transit and at rest.
• Adequacy Decisions: Transferring data only to countries approved by the European Commission as providing an adequate level of data protection.
• People's Republic of China: For transfers from China, we rely on the Standard Contract for Outbound Transfer of Personal Information issued by the Cyberspace Administration of China, together with separate consent from you. See Section 20 for details.
You can request a copy of these safeguards by contacting us at dpo@bragi.com.
8. Children's Privacy
Our Services are intended for general audiences and are not directed at or intended for children. If we become aware that we have collected data without legally valid parental consent from children under an age where such consent is required, we will take reasonable steps to delete it as soon as possible.
We do not knowingly collect personal data from individuals under the age of 16 (or under 13 where permitted by local law) without verified parental consent.
9. Your Data Rights
Under GDPR, you have the following rights:
• Right to Access: Obtain a copy of your personal data.
• Right to Rectification: Request corrections to inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data under specific conditions.
• Right to Restriction: Restrict the processing of your data under certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.
• Right to withdraw consent: When the processing is based on your consent, you can withdraw your consent in the App settings or by contacting dpo@bragi.com.
To exercise any of these rights, contact dpo@bragi.com. We will respond within one month of receiving your request (extendable by two months for complex requests).
10. App-Specific Data Practices
Bragi AI Enabled Application
• The App offers firmware updates and device optimization for Bragi-enabled products as well as AI-powered audio recommendations tailored to your user preferences.
• The App offers real-time device control through adaptive features.
• The App may request access to your device's microphone, location, and other sensitive data to deliver specific functionalities (e.g., real-time device control or AI-powered recommendations). These permissions will only be used as described and require your explicit consent.
• You can manage, modify, or revoke these permissions at any time through your device settings. Revoking certain permissions may limit the availability of specific features or functionalities but will not affect your general ability to use the App.
• The App offers customizable controls for tailored functionality. Detailed information about how these permissions are used is available in the Privacy Policy.
11. Retention of your information
The duration for which we retain your information depends on the specific purposes outlined in this Privacy Policy. We will securely delete or anonymize your data when it is no longer needed for those purposes unless a longer retention period is required by applicable laws or regulations.
In certain situations, technical or operational constraints may prevent complete deletion or anonymization of your information. In such cases, we implement appropriate safeguards to ensure that your data is no longer actively processed or used for any purpose.
The following retention schedule applies:
Category Retention period
App or Portal account data While the account is active; deleted or anonymized 3 years after account closure (Section 195 BGB)
Authentication and security logs 90 days
Crash reports 12 months
Marketing consent records 5 years from withdrawal, to demonstrate lawful basis
Voice or audio input for AI features Processed in real time; not stored unless you have opted in to retention
CRM records and partner interactions 5 years from last meaningful contact
Commercial documents (contracts, invoices) 6 to 10 years (HGB §257, AO §147)
Data subject request records 3 years after closure of the request
12. Security and Data Breaches
We use technical and organizational measures to safeguard your personal data, including encryption in transit and at rest, strict access controls, and regular security audits. In the event of a data breach, we will notify the competent supervisory authority within 72 hours where legally required (Art. 33 GDPR) and, if the breach poses a high risk to your rights and freedoms, we will notify you directly under Art. 34 GDPR without undue delay.
13. Changes to our Privacy Policy
We may periodically revise this Privacy Policy to reflect changes in laws, our data practices, service features, or technological advancements. We encourage you to review this policy regularly. You can determine if the Privacy Policy has been updated by checking the “Last Updated” date at the top of the document.
By continuing to use our services, you acknowledge that you have reviewed and understood the most recent version of this Privacy Policy. For significant updates, we will notify you through our services or other appropriate channels, ensuring you have the opportunity to review the changes before they take effect, as required by applicable laws.
14. Automated Decision-Making and Profiling
Currently, Bragi does not engage in automated decision-making that produces legal or similarly significant effects.
If we engage in profiling or automated processing that significantly affects you, we will provide clear notice and ensure safeguards are in place. You may request human review, challenge the decision, or opt out where legally permissible.
15. Governing Law and Jurisdiction
This Privacy Policy is governed by the laws of Germany without regard to its conflicts of law principles. You are encouraged to contact us first for informal resolution at dpo@bragi.com.
Disputes not resolved informally shall be initiated and conducted in the courts of Munich, Germany, and you and Bragi consent to the exclusive jurisdiction of such courts.
However, if you are an international user, you may be entitled to additional protections under the mandatory consumer protection or data privacy laws of your jurisdiction. For users residing outside Germany, any disputes related to the Services will be resolved under the laws of your local jurisdiction where such protections are mandatory and override this agreement's governing law.
16. AI-Powered Audio Features
Our Services include AI-powered features that process voice or audio inputs. Please note:
• AI responses are generated automatically and may not always be accurate or reliable.
• Bragi and its partners, are not liable for decisions or actions taken based on AI outputs.
• These features are intended for convenience and personalization only, not professional advice.
• Users must not input or use the Services to transmit illegal, offensive, or harmful content.
• By enabling these features, you acknowledge the limitations of AI technology and agree to use them responsibly.
Audio inputs used for AI features are processed in real time and not stored beyond the session. In limited cases, and only with your explicit consent, audio inputs may be retained or anonymized for service improvement or troubleshooting purposes. We do not process voice data for biometric identification of individuals; no special category data under Art. 9 GDPR is processed for that purpose.
17. Contact Information
Bragi GmbH, Sendlinger Str. 7, Angerblock / 2. OG, 80331 Munich, Germany. General contact: contact@bragi.com. Data protection contact: Email: dpo@bragi.com.
18. Partner Portal (partner.bragi.com)
This Section applies when you are a business user of the Bragi Partner Portal (the "Portal"), including brands, SoC vendors, ODMs, IDHs and similar partners.
What we process
• Business contact data: first name, last name, business email, job title, company, country, phone (optional).
• Account and authentication data: login credentials, authentication tokens, account status.
• Portal usage data: pages viewed, downloads (e.g., SDK or technical documentation), session timestamps, IP address, device or browser basics.
• Communications: messages, requests, support interactions.
• Commercial data at commitment: billing contact, company legal details, VAT ID.
Purposes and legal bases
Activity Purpose Legal basis
Sign-up and Portal access Provide Portal access and Content Art. 6(1)(b): pre-contractual or contractual necessity
Security and abuse prevention Protect the Portal and other partners Art. 6(1)(f): legitimate interests
CRM and partner management Qualify partners, manage communications Art. 6(1)(f): legitimate interests
E-signature for commercial
agreements Execute licence agreements at commercial commitment Art. 6(1)(b) and 6(1)(c)
Analytics and Portal improvement Understand and improve Portal use Art. 6(1)(a): consent (via cookie banner)
Export control and sanctions
screening Comply with trade control laws Art. 6(1)(c): legal obligation
Recipients
We share Partner data only with the categories in Section 6 and only as needed. Processors acting on our behalf under written data processing agreements include cloud hosting and infrastructure providers, CRM providers, electronic signature providers, email and support ticketing providers, and web analytics providers (only where you consent).
International transfers
Portal data is primarily processed in the EEA. Transfers outside the EEA rely on the mechanisms in Section 7. Transfers from the People's Republic of China are additionally governed by Section 20.
Retention
See the retention schedule in Section 11. Portal account data is deleted or anonymized 3 years after account closure.
19. Notice for California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you specific rights.
• Categories of personal information collected in the last 12 months: identifiers (name, email, phone, device ID, IP), commercial information (company, role), internet or network activity (pages viewed, app and portal usage, downloads), geolocation (country level), audio information (voice input for AI features, session-only unless you opt in), and inferences drawn from the above.
• Purposes of collection: to provide our Services, personalize and improve them, respond to your requests, secure our Services, and comply with legal obligations.
• Sale or sharing: Bragi does not sell your personal information and does not share it for cross-context behavioral advertising. You can still exercise your "Do Not Sell or Share My Personal Information" right by contacting dpo@bragi.com.
• Sensitive personal information: we do not use sensitive personal information for purposes that would require an explicit right-to-limit.
• Your rights: know, delete, correct, limit use of sensitive personal information, opt out of sale or sharing, and non-discrimination for exercising your rights.
To exercise your California rights, email dpo@bragi.com. We will verify your request against the information we hold for you.
20. Notice for Users in the People's Republic of China (PIPL)
If you are located in the People's Republic of China (PRC) or if your personal information is transferred from the PRC to Bragi, the following applies under the Personal Information Protection Law (PIPL).
• Recipient of your personal information: Bragi GmbH, Sendlinger Strasse 7, 80331 Munich, Germany. Contact for PIPL matters: dpo@bragi.com.
• Categories transferred: as described in Sections 2 and 18, depending on which Service you use.
• Purposes: to provide the Services, manage your account or partner relationship, and comply with legal obligations.
• Legal basis and mechanism: separate consent under PIPL Art. 39, relied on together with the Standard Contract for Outbound Transfer of Personal Information issued by the Cyberspace Administration of China.
• Rights under PIPL: access, copy, correct, supplement, delete, or restrict your personal information, withdraw your consent, request an explanation of our processing rules, or designate someone to exercise your rights after your death. You may also lodge a complaint with the competent authority in the PRC.
Where we ask you for a separate consent (for example at sign-up for the Partner Portal or when enabling certain AI features), you can withdraw that consent at any time by contacting dpo@bragi.com. Withdrawal will mean we can no longer provide you with the related functionality.
