BrainSync
Back
BrainSync

Privacy Policy

Last updated: May 28, 2026

This Privacy Policy describes how BrainSync ("we", "our", or "us") collects, uses, and shares information when you use our mobile and web applications (collectively, the "Service") available at brainsync.pro and on the Google Play Store (package com.brainsync.app).

By using BrainSync, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account information

When you sign in with Google, we receive your email address, name, and profile picture from your Google account. We do not request access to your contacts, calendar, or any other Google service data.

1.2 Content you save

When you save a bookmark, we store the URL you submit, the metadata we fetch from that URL (title, thumbnail, description, author, publish date), and the AI-generated summary, tags, and entity data we produce. For media content (YouTube, Facebook, Instagram, TikTok), we may transcribe the audio in order to generate the summary. Transcripts are stored alongside the bookmark.

1.3 Usage data

We log basic interaction events (bookmark saves, searches, shares, subscription changes) to operate the Service and improve features. We do not use third-party analytics SDKs that track users across apps.

1.4 Payment information

We do not store credit-card details. Payments are processed by Stripe and RevenueCat. We store a customer identifier returned by these processors and your current subscription tier.

1.5 Device and log data

Our servers log standard request information (IP address, user-agent, timestamp, path) for security and debugging. Logs are retained for 30 days and are not used for advertising.

2. How We Use Your Information

  • To authenticate you and maintain your session
  • To process the URLs you save and generate AI summaries, tags, and entity extractions
  • To deliver the Service features you request (search, sharing, recommendations)
  • To process subscriptions and bill you for Premium tiers
  • To improve the AI prompts and quality (using aggregate, de-identified usage patterns only)
  • To respond to your support requests
  • To detect and prevent abuse, fraud, or security incidents

3. AI Processing Disclosure

When you save content, we send the page content and/or media transcript to large-language-model providers (currently Anthropic Claude for summarization and OpenAI Whisper for transcription) to generate the AI summary, tags, and entity data. These providers process the content under their own privacy terms and do not, per their policies, use API data to train their public models.

We do not sell your content to any third party and we do not use your bookmarks to train any model other than internal quality / prompt tuning using aggregate, de-identified samples.

4. Sharing

We share your information only with the following categories of service providers, each bound by a data-processing agreement:

  • Google — authentication (Google Sign-In)
  • Anthropic — Claude API for summarization and entity extraction
  • OpenAI — Whisper API for audio transcription
  • Stripe — payment processing
  • RevenueCat — subscription state management
  • Emergent — hosting and object storage for media thumbnails / transcripts
  • MongoDB Atlas — primary database
  • Cloudflare — CDN and DDoS protection

We also share information when required by law, when necessary to enforce our Terms, or to protect the rights, property, or safety of BrainSync, our users, or others.

We do not sell your personal information.

5. Public Sharing of Bookmarks

BrainSync lets you mark bookmarks and collections as Unlisted (anyone with the link can view) or Public (anyone can find them). Content you mark as Private is only visible to your account. When you share a link via the in-app share sheet, the bookmark is automatically upgraded to Unlisted. You can change the visibility back to Private at any time from the bookmark's Share menu.

6. Data Retention

  • Bookmarks and AI-generated data — kept until you delete the bookmark or your account
  • Request logs — 30 days
  • Backups — 30 days
  • Payment-processor data — per Stripe and RevenueCat retention policies (typically 7 years for tax records)

7. Your Rights & Account Deletion

Depending on your jurisdiction, you have the following rights:

  • Access — download a copy of your data
  • Deletion — request permanent deletion of your account and content
  • Correction — update inaccurate information
  • Portability — export your bookmarks in Markdown or JSON
  • Opt-out — disable optional features (AI processing on save, public sharing)

How to delete your BrainSync account

You can request deletion of your account and all associated data using either method:

  1. In-app (fastest):
    1. Sign in to BrainSync (web or Android).
    2. Tap your avatar in the top-right of the dashboard.
    3. Choose Settings.
    4. Scroll to the Danger Zone and tap Delete my account.
    5. Type your email to confirm. Deletion is immediate.
  2. By email: Send a request from your account's registered email to privacy@brainsync.pro with the subject “Delete my account”. We respond within 30 days as required by GDPR and CCPA.

What is deleted

  • Your profile, email address, password hash, and login credentials
  • All saved bookmarks, notes, categories, and tags
  • All AI chat history (per-bookmark and library-wide)
  • Reminders, in-app notifications, and personalised recommendations
  • Active sessions and device push tokens (you are signed out everywhere)
  • Email verification codes, login attempts, and password-reset tokens
  • Subscription record on our side (Stripe and RevenueCat continue to hold their own copies — cancel via Stripe to avoid future charges)

What is kept (and why)

  • Payment-transaction records are anonymised (your user ID is replaced with “deleted”) but retained for up to 7 years to satisfy tax, accounting, and refund-audit obligations. Stripe and RevenueCat are the systems of record for financial data.
  • Aggregated, non-identifying analytics (e.g. “number of bookmarks saved this month”) may remain in our metrics — these contain no personal data.
  • Server backups are rotated within 30 days; any residual copies of your data are purged on that cycle.

Partial data deletion (without deleting your account)

You don't have to delete your whole account to remove specific data. From any bookmark detail page you can delete individual bookmarks, notes, AI chat threads, or categories. Deleted items are removed immediately and are not recoverable.

8. Children's Privacy

BrainSync is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it.

9. Security

We use industry-standard measures to protect your information: TLS 1.3 in transit, encryption at rest on our database and object storage, scoped session cookies (HttpOnly, Secure, SameSite=Lax), rate-limited APIs, and audit logging of administrative actions. No system is perfectly secure; if you discover a vulnerability, please email security@brainsync.pro.

10. International Transfers

BrainSync is operated from infrastructure located in the United States and the European Union. By using the Service, you consent to transfer of your data across borders for the purposes described in this policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or an in-app banner before they take effect. The current version is always available at brainsync.pro/privacy.

12. Contact

Questions, complaints, or requests: privacy@brainsync.pro

← Back to BrainSync