Bragur.ai

Privacy Statement

Last updated: July 2026

This Privacy Statement (“Statement”) explains how personal data is processed when you visit the Bragur website (“Site”). Bragur (“we”, “us”) is an AI-powered donor-reporting platform for aid organisations, currently in pre-launch. This Statement covers the marketing website only, including the demo request form. The Bragur application itself is provided under separate agreements with customer organisations, and personal data processed in the application is governed by those agreements.

We process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). We may amend this Statement from time to time to reflect developments to the Site or our services. When we make changes, we post the revised Statement on the Site and update the “Last updated” date above.

Controller

Bragur is a service provided by BearingPoint Norway AS, which is the controller for data processing on this Site:

BearingPoint Norway AS (org. nr. 984 145 047 MVA)
Tjuvholmen allé 3
0252 Oslo, Norway

Purposes of Processing and Legal Bases

We currently collect personal data on this Site only through the “Book a demo” form, which prospective customers use to request a demonstration of Bragur. We use the information you submit for the following purposes:

The form asks for your name, work email address, and organisation name. You may optionally also provide your role, the volume of reports your organisation prepares, the donors you report to, how you heard about us, and a free-text message describing your needs. We do not intentionally collect any special categories of personal data through this form, and we ask that you do not include such information in your message.

Legal basis:

You are not obliged to provide any information to us, but without it we may be unable to respond to your request or arrange a demo.

Storage Duration

We retain the personal data you submit through the demo request form for as long as needed to follow up on your inquiry and manage our relationship with you, and in any case for no longer than 12 months. Data collected through this form is automatically deleted 12 months after submission.

Data Recipients

We only disclose personal data submitted through this Site to affiliated companies within our corporate group and to suppliers we engage to process data on our behalf, such as our hosting provider. We share personal data for our legitimate business purposes and to comply with legal obligations. Where we engage suppliers to process personal data on our behalf, we enter into data processing agreements in line with Article 28 GDPR.

Demo request submissions are stored in a database provided by Supabase, Inc. and hosted within the EU (Stockholm, Sweden). As Supabase is a US company, any transfer of personal data outside the EU/EEA that may occur in connection with this service, for example for support purposes, is safeguarded by the EU Standard Contractual Clauses.

Transfers to Non-EU Countries

We make efforts to ensure that personal data is processed within the EU/EEA whenever possible. Where we engage service providers located in countries without an adequacy decision, we put appropriate safeguards in place before transferring personal data, such as the EU Standard Contractual Clauses.

Hosting

This Site is hosted on infrastructure provided by Vercel Inc. Where personal data is transferred outside the EU/EEA in connection with hosting, this is done under the EU Standard Contractual Clauses.

Our hosting provider automatically collects and stores information in server log files, which your browser communicates to us automatically. This may include your IP address, browser type, and the time of your request. This data is processed on the basis of our legitimate interest in the secure and reliable operation of the Site (Article 6(1)(f) GDPR) and is not merged with other data sources.

To protect the demo request form against abuse, we also process your IP address briefly in server memory to limit the number of submissions from the same address. This is based on our legitimate interest in the security of the Site (Article 6(1)(f) GDPR); the IP address is not stored.

Cookies and Analytics

This marketing site sets no tracking cookies and uses no consent manager, because none is needed. If you sign in to the Bragur application, we set strictly necessary authentication cookies only.

If you use the light/dark theme toggle, your preference is stored in your browser’s local storage. This is strictly necessary to honour your choice on later visits and is not used for tracking or shared with anyone.

We use privacy-preserving, cookie-less analytics (Vercel Web Analytics) to understand how visitors use this Site. This service stores nothing on your device and uses a daily-rotating anonymous identifier, so visitors cannot be tracked across days or across sites.

Data Security

We implement appropriate technical and organisational measures to protect the personal data you provide through this Site against unauthorised access, disclosure, use, alteration, or destruction. Please note, however, that no method of transmission over the internet or method of electronic storage is completely secure.

Your Privacy Rights and Contact

All personal data that we as a controller store or process should be accurate and kept up to date. You may have certain rights related to your personal data, depending on your location and the applicable data protection laws. Subject to any applicable exceptions or limitations, these rights may include:

You can submit a Data Subject Rights Request to us by completing our short Microsoft Forms questionnaire, a service provided by our data processor Microsoft Ireland Operations Ltd., using the following link: https://forms.cloud.microsoft/e/9JggvbkEfX.

If you prefer not to use the online form, you may also submit a written request by mail to:

BearingPoint Data Protection Department
Group Compliance Officer BearingPoint Berlin
Invalidenstraße 73
10557 Berlin

To ensure the security and confidentiality of personal data, we may require you to provide identity verification information before processing your data subject request.

Personal data provided when completing the Data Subject Request Form is retained in accordance with applicable statutory retention periods and as long as it is necessary to fulfil the purpose for which it was provided.

If you have any general questions or concerns about how we process personal information, please contact us at datasubject-request@bearingpoint.com.