How secure is myBrain?

We get asked a lot of questions on security for myBrain, so thought we’d put all our responses into one place.

Published on:

Do not index
Do not index
We pride ourselves on ensuring that your data is kept safe, and remains your data, not ours or anybody else’s.
If you have any questions about the security of myBrain that aren’t covered here, reach out to us at

Is it secure? (TLDR)

Yes, to keep your data secure (and cover off the main things we get asked about):
  • We automatically delete your files after they’ve been added to your myBrain (uploaded to OpenAI), unless you explicitly tell us not to
  • All uploaded content is stored in isolated containers
  • All data is encrypted at rest (AES-256) and in transit
  • Your data is never used for any reason other than servicing API calls or customer support at your request only
  • Your uploaded (embedded) content (vectors) and reference content (text, author, links, etc.) are stored and encrypted on Pinecone, which is run on Google Cloud Platform (GCP) and located in The Dalles, Oregon, USA (us-west1-gcp). See more here:

Your Content

Do you store my documents?

We automatically delete your files after they’ve been ‘embedded’ (uploaded to OpenAI), however content from them is kept so we can return references to your myBrain answers, unless you explictly give us permission to store your document for reference purposes.
This content is encrypted and stored in an isolated container.

Who sees my documents?

No one else can see your documents or anything you’ve uploaded. The only way other people can see your content is if you share access to your myBrain via the share URL, embedding on a website or providing access through our API.
If you ask us to investigate an issue with your myBrain then we’ll be able to see your content and settings. We’ll only do this if you ask us to.

Where is information stored?

Content you upload is securely stored with Pinecone once it’s been processed by OpenAI (who don’t store it or anything shared via API with them - see here for more: We only store the text from your documents and webpages and not the actual file itself.

Where are your servers located?

Our servers are in the US and EU (mainly US).

Your Data

Who owns the data that is uploaded?

The content and data you upload to the site is yours and only yours, it is not used by us for any other purpose than providing you with the myBrain service or helping to answer any customer support queries you have and obviously is deleted when you delete it in the UI,

What do you use my data for?

We only use your data to allow you to access your myBrain and to improve the product, we do not pass it onto any 3rd parties for marketing purposes.
You can see full details of our Privacy Policy here:

Your myBrain

Who can access my myBrain?

Only people who you share your myBrain link with will be able to access your myBrain.
myBrain’s are not discoverable unless someone has your link.

How can I limit the number of questions asked by users?

There are no ways of limiting questions asked to your myBrain directly however there are a number of things you can do to control your costs if it is a concern:
  1. Controlling access to your myBrain by putting your myBrain behind a password-protected login (available on all Pro plans and above)
  1. Controlling access to your myBrain by putting your embedded myBrain behind a password-protected login
  1. Controlling access to your myBrain by consuming the responses via API and putting limits on its usage
  1. Monitoring usage of your question limits within your myBrain dashboard

Can I password-protect my myBrain?

Yes, you can, this will prevent anyone else from asking questions of your myBrain without the password. You can turn this feature on, on any paid account from Customize/Settings.

Can I restrict the embed or domain to my website?

Yes you can. If you go to Customize/Settings at the bottom you will see an option to enter a ‘Restricted domain’, this will ensure that the only page the embed code will work on is the one you have entered and will prevent others from using your myBrain elsewhere.


Does OpenAI use my model to train its model?

No. OpenAI no longer uses other people’s data for their training for use via the API (and hasn’t since 1 March). You can learn more about their data retention policy here:

Do I need to add an OpenAI key?

No, unless you are on an Enterprise plan and choose to use your own key.

Can OpenAI access documents?

No. OpenAI doesn’t store any of your content. Your content is processed by them, to convert the text into searchable numbers (vectors), but it isn’t actually stored by them. All content storage is with Pinecone (


Is myBrain GDPR compliant?

We meet the following core principles of GDPR as outlined here:
  1. We process your data in a transparent, fair and lawful way. We outline how we process your content, where it’s stored and who has access to it. We follow local laws on personal data storage as well.
  1. We only collect data required for our service and that’s required for you to use myBrain. We don’t share your data with any 3rd party that isn’t core to our service, e.g. Pinecone (Secure data storage for your uploads), OpenAI (AI models used to process your uploads and answer questions on your content), Google Analytics (allows us to improve our services). We only keep this data for as long as you want us to and we anonymise it wherever possible.
  1. We make every effort to keep all your data up to date and to make it as easy as possible for you to update, amend or remove any data we hold about you or your account.
  1. We keep information about you and your account until you ask us to delete it. We’ll only keep this information for as long as you’re a customer and using our service. If you’d like us to export or delete any data about you, you can always email us.
  1. We use the latest security standards both when your data is in transit (through an API call, for instance) and at rest (when it’s stored in our database). We use bank-grade encryption for all data storage. We also use access and authorisation controls to ensure only you can access your data and you have control over who else can access it.

Do you have a SOC-2?

We do not currently have a SOC-2 report, but if this is an issue for you, let us know ( and we may be able to help.

Are you HIPAA compliant?

We cannot currently demonstrate HIPAA compliance, but if this is an issue for you, let us know ( and we may be able to help.

Can I use myBrain ‘on-premise’ or self-hosted?

Unfortunately not at this time. We can provide a dedicated Pinecone database instance for your company and use your company's dedicated OpenAI key. This ensures you own the data storage infrastructure and that your data is almost entirely flowing through services you are the owner of.

Join other 3200+ marketers now!

Ready to take the next big step for your business?