PRIVACY

at

brainful

Revised the 21st of May, 2024 | 📢 concerns

Privacy should not be gray and convulated. Due to the nature of our personalised services, it is inevitable that you are entrusting us with highly sensitive data. We take this responsibility very seriously and go to great lengths to securely, safely, and transparently process your data. This privacy policy outlines who we are, what we collect, why we need it, how we use it, and what you can do about it.


Who we are



'brainful', 'we', 'us', 'our', refers to the brainful team and its affiliates. When you access the 'brainful.ai', 'brainful.io', or 'brainful.dev' web domains, you are accessing the brainful application and including any mobile and desktop brainful clients officially served from our website, or the platform's respective app store. This privacy policy universally applies to all of our services obtained through any of the above.


What we and third-parties collect



As a privacy-first organisation, we are not in the business of selling or sharing data. We only collect information that directly helps us provide our services to you.


Account Information: Since we handle authentication, we temporarily collect all metrics available to us for you the sole purpose of secure authentication and identification. This includes but is not limited to IP address, browser, operating system, device, and location. We promptly delete most data after authentication is complete, however, for you to be able to manage active sessions, we store session identifiers that helps facilitate login. You can manage and manually delete this data from your account settings at any time. We will never disclose your account information to anyone unless we are legally mandated to do so by law enforcement.


Third-Party Services: To improve your user experience and our development, we offer several optional non-invasive add-ons with select third-parties that the user must manually enable in options. We do not share your data with anyone unless you explicitly enable these third-party services outlined below or we are legally mandated to do so.

These include but are not limited to:

The latest updates to these services are available in the app's options menu.


Communication: We may collect and keep a record of any personal information that you provide to us in your communications with us in forms or email for the duration of your account use and for a period of 30 days after account deletion.


Whilst we do require the handling of your personal data to provide our services, you can completely avoid third party involvement by not enabling services any third party addons which are explicitly displayed in the options menu and turned off by default. Also, you are welcome to use an alias with non-direct means of communications when raising concerns or contacting us. To completely eliminate the possibility of third-party access, using the 'vault' node type for highly confidential data ensures that only you have the key to your data and that it cannot be accessed by anyone, including us.


We do not natively collect nor have services in place that automatically collect information in the nature of error logs, security services, usage analytics, and device trackers. We do not collect, track, or store any usage or analytics data nor do we use or offer third party software that do so.


Securing your data



We handle the end-to-end process of authenticating to securely storing your data which is encrypted on Google Cloud servers hosted in the EU. We have our own systems to detect suspicious activity and protect your data. This means we have the liberty to prevent any potential third party vulnerability from comprising your data. We do not retain or copy any of your data once it has been permanently deleted from the app after a 30-day server data retention and recovery period.


Whilst your data is replicated across various locations to be recoverable in the event of a server failure, we cannot completely guarantee that your data may not be compromised in the event of a security breach. We strongly recommend using our export tool to backup a copy of your data regularly.


Collecting data from minors



We do not knowingly collect, process, or store data from minors under the age of 16.


Your rights




brainful for beta testers and developers



We strongly rely on your support to ensure that the end product is bug-free and maintains our quality and security standard. Therefore, you are automatically enrolled in the logging group and increased tracking, which cannot be disabled. This means that Sentry may include the potential transmission of PII. Whilst this strictly concerns server errors and it is strongly recommended to not store or use sensitive authentication credentials on the development build.


There is an elevated risk to the loss of user data. Do not store critical data on this build as we cannot assure data recovery.