Privacy policy

Last updated: 2026-05-22

1. Data we collect

We collect data you provide (email, encrypted password, profile, cognitive test results, habit logs) and technical data (logs, device type) necessary to deliver the service.

2. Purposes

Your data is used to: create and secure your account, run the tests, produce your personalized insights, manage your subscription, and improve service quality.

3. Legal basis (GDPR)

Performance of contract (art. 6.1.b GDPR) to deliver the service, your consent for non-essential cookies (art. 6.1.a), and our legitimate interest in security and fraud prevention (art. 6.1.f).

4. Hosting and processors

Your data is hosted in the European Union. We rely on processors for hosting (Supabase / Lovable Cloud), payments (Stripe) and email delivery. Each processor is bound by a GDPR-compliant data processing agreement.

5. Retention

Your data is kept as long as your account is active. Upon deletion, it is erased within 30 days, except for legal obligations (billing: 10 years).

6. Your rights

You have rights of access, rectification, erasure, restriction, portability and objection. You may also set post-mortem instructions and lodge a complaint with your data protection authority.

Contact

To exercise your rights or for any question: privacy@mybrainstack.com.