Privacy Policy

Entity Responsible: Brainy AI Ltd, DIFC (Dubai), UAE

Registered Address: DIFC – AI Campus, Innovation Hub, Level 3

Contact: privacy@gobrainy.ai

1. Introduction

Brainy (“we,” “our,” or “us”) provides a mobile application (“App”) available on iOS and Android. This Privacy Policy explains how we collect, use, store, and share personal data when you use our App or website at https://gobrainy.ai/.

We are committed to compliance with:
- The Dubai International Financial Centre (DIFC) Data Protection Law and UAE Federal PDPL
- The General Data Protection Regulation (EU) 2016/679 (GDPR)
- The UK GDPR and Data Protection Act (where applicable)
- The EU AI Act transparency principles
- The Apple App Store and Google Play Data Safety requirements

2. Who We Are

Brainy AI Ltd is incorporated in DIFC (Dubai), UAE.
For privacy matters, contact: privacy@gobrainy.ai.

We do not currently maintain an EU or UK representative, as Brainy is globally available but not actively targeted at those jurisdictions. Users in the EU/UK may still exercise their rights under GDPR as described in this Policy.

3. Data We Collect

Account & Authentication:
- Name, username, display photo (optional)
- Email address
- Account ID (internal identifier)
- Password hash, authentication tokens (managed via Supabase secure authentication)

Technical & Usage Data:
- Feature usage events, in-app actions
- Crash reports and performance diagnostics
- Search queries
- Device/browser metadata (not unique device identifiers)

We Do Not Collect:
- Phone numbers
- Contacts, calendar, or social graphs
- Camera, photos, microphone, or files
- Location data (precise or approximate)
- User-uploaded documents, notes, annotations, or chats (no UGC at this stage)
- Payment data (no in-app purchases or billing)

Sensitive Data:
We do not collect or require sensitive categories of data (health, biometrics, religion, politics, etc.). Our Terms of Service prohibit uploading such data.

4. How We Use Data

We use your data for the following purposes and under these legal bases:

• Create and manage user accounts — Contract

• Provide app functionality — Contract

• Personalization & content recommendations — Legitimate interests

• AI-powered summarization & explanations — Contract / Legitimate interests

• Security, fraud prevention, abuse detection — Legitimate interests

• Analytics and performance monitoring — Legitimate interests (consent where required)

• Regulatory compliance — Legal obligation

5. AI & Transparency

- We use OpenAI as a model provider.
- User data is not used to train or fine-tune our own or third-party AI models.
- Prompts and content are processed only for providing the service.
- Content provenance: sources of curated content are shown to users.
- No automated decision-making with legal or similarly significant effects.
- All content available in the app is pre-reviewed and approved by humans before publication.

6. Data Retention & Deletion

- Account data: Deleted immediately upon user request.
- Usage logs & telemetry: Retained for 12 months.
- Backups: Retained for 30 days rolling, then purged.

You may request deletion at any time via support@gobrainy.ai. Data will be deleted immediately, subject to backup system cycles.

7. International Transfers

- Primary hosting: Elestio servers in Germany (EU)
- Authentication & database: Supabase (EU servers)
- Analytics: PostHog self-hosted (EU)
- AI model inference: OpenAI (US, default region)
- FireCrawl (US) may process publicly available source content.

Transfers outside the EU are protected under Standard Contractual Clauses (SCCs) and equivalent safeguards under DIFC/UAE PDPL.

8. Security Measures

We implement industry-standard security:
- TLS 1.2+ encryption in transit
- AES-256 encryption at rest
- Role-based access control (RBAC) and least privilege access
- Monitoring, logging, and vulnerability patching
- Periodic audits and penetration tests

9. Cookies & Tracking

Our website uses:
- Strictly necessary cookies (required for function)
- Analytics cookies (only with user consent in EU/UK)

We do not use marketing, targeting, or advertising cookies.
Consent banners are displayed in jurisdictions where legally required.

10. Your Rights

Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Request a machine-readable export (JSON/CSV)
- Object to certain processing (e.g., personalization)
- Withdraw consent (where consent was the legal basis)

To exercise rights: email support@gobrainy.ai. We respond within 30 days. Verification may require confirming your email.

11. Children’s Privacy

- The service is not available to children under 16 in the EU/UK and under 13 elsewhere.
- We do not knowingly collect data from minors. Accounts created in violation will be terminated.

12. Disclosures & Law Enforcement

We only disclose data:
- To service providers acting under contract (hosting, analytics, AI inference, email delivery, crash reporting)
- When required by law, after verifying legal basis and scope
- To protect rights, security, and integrity of the service

We notify affected users where legally permissible.

13. Sub-Processors

We use trusted vendors to provide our service, including:
- Elestio (EU) – hosting
- Supabase (EU) – authentication and database
- PostHog (EU) – analytics
- OpenAI (US) – AI inference
- FireCrawl (US) – content parsing
- SendGrid or equivalent (US/EU) – transactional email
- Sentry/Firebase Crashlytics (EU/US) – crash diagnostics

This list may be updated; the latest version will be maintained on https://gobrainy.ai/.

14. Platform-Specific Disclosures

Apple App Store:
- We do not track users across apps or websites.
- We do not share data with third-party data brokers.

Google Play:
- Data is encrypted in transit and at rest.
- Users may request deletion at any time.
- No optional data collection toggles are required, as no sensitive data is collected.

15. Updates to This Policy

We may update this Privacy Policy from time to time.

- Material changes will be notified by in-app notice, email (where available), and on our website.
- The updated policy will take effect upon publication, unless otherwise stated.

16. Contact Us

For questions, requests, or complaints:
Email: privacy@gobrainy.ai
Support: support@gobrainy.ai

Supervisory authorities (EU/UK/UAE) may also be contacted directly if you believe your rights have been violated.

Summary for Users

We collect only the minimum data necessary to create an account and operate Brainy.
We do not track you across other apps, show ads, or use your data for AI training.
You are in control of your data and can request deletion at any time.