# Brainiall Do Not Track Policy (DNT)
# Implementing the EFF DNT Policy spec
# https://www.eff.org/dnt-policy

# === SHORT VERSION ===
# Brainiall respects user privacy. We do NOT track users via cookies,
# fingerprinting, or behavioral analytics for advertising or third-party
# data sharing purposes.

# === FULL POLICY ===

# 1. Browser DNT signal
# When a user's browser sends the Do Not Track header (DNT: 1),
# Brainiall:
#   - Does NOT load Google Analytics, Facebook Pixel, or Microsoft Clarity
#   - Does NOT set non-essential cookies (only session + auth cookies)
#   - Does NOT share data with third-party advertising networks
#   - Does NOT use behavioral profiling for ad targeting

# 2. Default behavior (DNT: 0 or absent)
# When user has not opted into DNT:
#   - Brainiall MAY load Google Analytics for traffic analytics
#   - Brainiall MAY load Microsoft Clarity for UX heatmaps
#   - Brainiall MAY load Facebook Pixel for conversion tracking
# These are loaded only with user explicit cookie consent (cookie banner).

# 3. Functional cookies (always loaded)
# These are necessary for the service to function and are exempt from DNT:
#   - session ID (auth state)
#   - i18n locale preference
#   - cookie banner dismissal state
# These do NOT track users across sites or sessions.

# 4. Subprocessors
# We use Stripe for payments (their privacy policy applies for billing data).
# We use Resend for transactional email (subject to their policy).
# Full subprocessor list: https://chat.brainiall.com/subprocessors

# 5. Compliance frameworks
# This DNT policy is part of broader compliance with:
#   - GDPR Article 28 (DPA available at /dpa)
#   - LGPD (Brazilian data protection law)
#   - CCPA/CPRA (California consumer privacy)
#   - AI Act Article 50 (AI transparency disclosure)

# === CONTACT ===
# Questions about this DNT policy:
# Email: privacy@brainiall.com (or fabiosuizu@gmail.com)
# Last-Updated: 2026-05-02
# Version: 1.0
# Canonical-URL: https://chat.brainiall.com/.well-known/dnt-policy.txt