Consent to data and cookie processing
Updated: 10 July 2026
Here we honestly explain what small technical data the iBrain website itself collects, why it is needed, and how to turn it off. This is about the marketing website; there is a separate policy for data inside the platform in your account.
Draft. This document is prepared for the website and is reviewed by a lawyer in the Kyrgyz Republic before publication. The entrepreneur's details replace the [TODO] markers.
1. What we collect on the website
The website collects a minimum of data and only for two tasks: to understand where you came from and to protect the contact form from spam. We do not place third-party ad trackers and do not follow you across sites.
2. Cookies and attribution
When you arrive on the site via a link from an ad, an email, or social media, the address often contains source markers (called UTM). We save them to understand which channels work and not waste budget. We remember the first referral source (first-touch) and the last one before the request (last-touch).
For this, the following data is used on your device:
| What is stored | Why | Retention |
|---|---|---|
| UTM tags and referral source (first-touch and last-touch) | To understand which channel brought you to the site and measure ad effectiveness | [TODO: period, suggested 90 days] |
| The site's own technical cookies | Correct page operation and remembering your chosen language | Until the session ends or browser data is cleared |
Advertising and third-party analytics cookies are not used on the site.
3. Hashed IP against spam
When you submit the form, we store not the IP address itself but its irreversible hash (a mathematical fingerprint from which the original address cannot be restored). It is used only to limit the rate of submissions and filter out spam bots. The hash cannot identify you or your location. We keep it for [TODO: period, suggested 90 days], then delete it.
4. Where the data goes
The technical services that help the site run are located outside the Kyrgyz Republic, so there is a cross-border transfer here too (Article 89 of the Digital Code of the Kyrgyz Republic). We have a data protection agreement with each service. The list:
- Supabase, Inc. (USA, Amazon Web Services infrastructure): storing requests and site data;
- Vercel, Inc. (USA, hosting region Frankfurt, EU): hosting and delivering the site;
- [TODO: email delivery service, e.g. Resend or Brevo]: delivering emails about your request.
5. How to withdraw consent and delete data
The easiest way to withdraw consent to cookies and attribution markers is through your browser: clear the site data or open the site in a private window. Then the saved markers are deleted and new ones will not be collected.
To have us delete the data from your request or the shortened IP, write to [TODO: data requests email] from the address you used in the form. We answer no later than [TODO: response time, suggested 30 days]. More about your rights is in the privacy policy.
6. Changes
We may update this document when the set of services or legal requirements change. The current version is always on this page with the date at the top.