1. How This Works
Every material change to a Brainpercent legal document is recorded on this page with the date, the document affected, the type of change, and a one-paragraph summary. This is an append-only record — historical entries are never edited or removed.
Material changes (changes to fees, dispute resolution, your core rights, or substantive disclosure obligations) trigger a 30-day advance email notice to all registered users plus a persistent dashboard banner. Non-material changes (clarifications, typographical corrections, new optional features) are effective on posting and recorded here without separate notice.
2. 2026 Changes
Initial publication. Disclosed processor categories with link to /legal/subprocessors. GDPR Art. 13 rights enumerated. SCC reliance for cross-border transfers. Retention table. 72-hour breach notification commitment.
Initial publication. 14-day cooling-off refund window. Service-failure 72h pro-rated refund. AI-output ownership flow-through. Acceptable-use list. Delaware governing law + AAA arbitration with class-action waiver. EU/UK/Swiss/CA/AU consumer carve-outs. 12-month liability cap.
Initial publication of the Brainpercent affiliate program terms. 20% recurring commission, 12-month attribution window, monthly Stripe Connect payouts, $50 minimum, 7-day new-account cooldown.
Initial publication. 14 named subprocessors across payments, infrastructure, AI providers, communications, and analytics.
Initial publication. EU AI Act Art. 4 (AI literacy) and Art. 50 (transparency) compliance. List of AI models used, known limitations, verification guidance, prohibited high-risk uses.
Initial publication. GDPR Art. 28 DPA pre-signed by Brainpercent. Annex 1 (processing details + types of data + sub-processors) + Annex 2 (technical and organizational security measures). SCC reliance for cross-border transfers, 72h breach notification, 90-day post-termination deletion, audit rights.
All v2.0 / v1.0 legal documents promoted to production at https://brainpercent.app. Cookie banner now actively gates Google Analytics and Microsoft Clarity via Consent Mode v2 (Clarity loads only on explicit grant). Age + Terms checkboxes enforced in signup. GDPR Art. 15 data export shipped (24-hour SLA, 7-day signed URL, JSON archive). Daily breach-detection cron live with Discord webhook alerting.
Server-side product analytics instrumented (analytics_events table, append-only, RLS admin-only). Lifecycle events recorded: signup, signin, first_chat_message, project_created, first_article_generated, first_social_generated, first_publish, purchase_completed, subscription_started, subscription_canceled, credit_purchased. GDPR Art. 17 erasure handled by ON DELETE SET NULL on user_id (events survive as anonymous aggregates).
All legal pages now render localized chrome + body content in 12 non-EN locales (he/ar/ru/es/fr/de/pt/it/zh/ja/ko/hi). Middleware rewrites /{locale}/legal/* + /{locale}/privacy + /{locale}/terms transparently. The amber "English version is authoritative" disclaimer banner shows on every non-EN visit. Per-page hreflang alternates + WebPage/BreadcrumbList JSON-LD added for AI engine indexing.