Privacy Policy
Updated: 10 July 2026
This document explains what happens to the data you leave on the iBrain website when you fill in the contact form or write to us. There is a separate, more detailed policy about data handling inside the iBrain platform itself, available in your account.
Draft. This document is prepared for the website and is reviewed by a lawyer in the Kyrgyz Republic before publication. The entrepreneur's details replace the [TODO] markers.
1. Who processes your data
Data left on the website is processed by Individual Entrepreneur [TODO: full name] (Kyrgyz Republic), TIN [TODO: TIN], address [TODO: address]. Below we simply say "we" or "iBrain".
We operate under the law of the Kyrgyz Republic, primarily Chapter 11 of the Digital Code No. 178 of 31 July 2025, in force since February 2026.
2. What we collect through the form
Through the form on the website you may send us:
- your name, so we can address you properly;
- your email and phone number, so we can reach you about your request;
- the name of your organization or learning center, if you provide it;
- the message text and any details you write in the form yourself.
We do not ask through the website for passport details, date of birth, home address, or special categories of data (health, beliefs, religion). If you enter such data into a free field on your own, it is better not to: the request does not need it.
When the form is submitted, technical details are also stored automatically: a shortened (hashed) IP address and referral source markers. These are described in detail in the data and cookie document.
3. Why we need this data
The only purpose of collecting form data is to contact you about your own request. We answer your question, show you the platform, and help you get started. We do not use this data for marketing without your separate consent, and we do not share it for anyone else's advertising.
4. On what legal basis we do this
The legal basis for processing is your consent, which you give by submitting the form, together with steps taken on your request before a contract is concluded (Articles 79 and 80 of the Digital Code of the Kyrgyz Republic). By submitting the form you confirm that you have read this policy and agree to the processing of the listed data for the purpose of answering your request.
5. Who we share data with
We do not sell your data and do not hand it to ad networks or data brokers. Only our team that handles requests sees the data from the form.
To deliver emails and store requests we use technical subcontractor services (for example, an email delivery service and a cloud database). We have a data protection agreement with each of them. Their servers are located outside the Kyrgyz Republic, so submitting the form means a cross-border transfer of data under Article 89 of the Digital Code of the Kyrgyz Republic; by submitting the form you agree to that transfer. The full list of services and countries is in the data handling document.
6. How long we keep the data
We keep form data only as long as needed to communicate about your request, and no longer than [TODO: retention period, suggested 12 months] from the last contact. If the conversation goes nowhere, we delete or anonymize the data. If you become a client, your data then lives by the rules of the contract and the platform's own policy.
7. Your rights
Under Chapter 11 of the Digital Code of the Kyrgyz Republic you may at any time:
- find out what data of yours we hold and get a copy of it;
- ask us to correct an inaccuracy;
- ask us to delete the data;
- withdraw consent to processing. Withdrawal does not undo what was processed before it.
To use any of these rights, write to us at [TODO: data requests email] from the address you used in the form. We answer no later than [TODO: response time, suggested 30 days]. If you believe we have violated your rights, you may complain to the authorized personal data protection body of the Kyrgyz Republic. But it is better to write to us first: the matter is usually resolved directly.
8. How we protect the data
The form transmits data over a secure connection (HTTPS). Only staff who need it for work can access requests. No system offers a hundred percent guarantee, but we apply reasonable technical and organizational measures and respond to incidents quickly.
9. Changes to this document
We may update this policy, for example when the law or the set of services changes. The current version is always on this page with the update date at the top. If a change is significant, we note it in the revision date.
10. How to reach us
For questions about this policy and your data, write to [TODO: data requests email]. General questions: [TODO: general email]. Phone: [TODO: phone].