Back

Privacy Policy

Privacy Policy for BrainMax
Effective Date: October 30, 2025

Welcome to BrainMax! Your privacy is extremely important to us. This Privacy Policy explains how we collect, use, and protect your information when you use our mobile application BrainMax (the "Service").

Our mission is to help users transform their files into engaging audio podcasts and study materials — clearly and securely — without compromising your privacy.

By using BrainMax, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following types of information:

a. Personal Data
We may collect the following personal information:
- Your Email Address (required for account creation and authentication)
- Your Display Name (optional, for personalisation)
- Your Profile Photo URL (optional, if you choose to use a profile picture)
- Payment Information (processed securely through third-party providers for subscriptions and in-app purchases)
- Onboarding Information (optional), including:
  * Your name
  * Your occupation and occupation details
  * Your hobbies and interests
  * Your country
  * Language learning preferences and goals
  * Topics and themes of interest
  * Timezone and notification preferences

b. User Content
When you use our app to create audio content and study materials:
- Files you upload (PDFs, text files, website URLs, YouTube video links)
- Generated transcripts and audio files
- Created flashcards, quizzes, and study materials
- Your library of created content
- Metadata associated with your content (titles, descriptions, categories, duration)

This content is stored in your account on our cloud servers (Firestore) for syncing across devices and backup purposes.

c. Usage Data
We may collect anonymized app usage data, such as:
- Which features are used most frequently
- Performance metrics and error logs for debugging
- Device information (device type, operating system version)
- App version and usage patterns

This data does not identify you personally and is only used to improve the app.

d. Authentication Data
- Firebase Authentication tokens and user identifiers
- RevenueCat identifiers (for subscription management)

2. How We Process Your Content

We use external AI and text-to-speech services to process your uploaded files and generate audio content. Here's how we protect your data:

- 📄 Files are uploaded securely to our servers
- 🤖 Content is processed by trusted third-party AI providers for transcript generation
- 🔊 Audio is generated using secure text-to-speech services
- 💾 Your generated content (transcripts, audio files, study materials) is stored securely in your account
- 🔒 All data transmission is encrypted via SSL/TLS

3. Third-Party Providers

We work with trusted third-party services to enable content processing, audio generation, and subscription management:

- Firebase (Google): Authentication, cloud database (Firestore), analytics, crash reporting
- RevenueCat: Subscription and in-app purchase management
- AI Services: Content processing and transcript generation
- Text-to-Speech Services: Audio generation

All third-party providers are bound by strict data protection agreements and comply with applicable privacy regulations.

4. Why We Collect Data

We collect data for the following purposes:

- To provide and maintain our Service
- To process your file uploads and generate audio content
- To create flashcards, quizzes, and study materials
- To sync your content across devices
- To process subscriptions and in-app purchases
- To improve performance and detect bugs
- To provide customer support
- To send important service updates and notifications (with your consent)
- To comply with legal obligations

5. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data based on the following legal bases:

- Contractual necessity: To provide the Service you have requested
- Legitimate interests: To improve our Service, ensure security, and prevent fraud
- Consent: For optional features like onboarding data and marketing communications
- Legal obligation: To comply with applicable laws and regulations

6. Data Sharing and Selling

We do **not** sell your personal data to third parties.

We may share your data only in the following circumstances:

- With third-party service providers who assist us in operating our Service (as listed in Section 3)
- When required by law or to respond to legal processes
- To protect our rights, privacy, safety, or property
- In connection with a business transfer (merger, acquisition, etc.)

7. Data Security

We take your security seriously:

- All data transmission is encrypted via SSL/TLS
- Payment information is handled by PCI-compliant processors (RevenueCat, Apple, Google)
- User data is stored securely using Firebase security rules
- We implement appropriate technical and organisational measures to protect against unauthorised access, alteration, disclosure, or destruction
- We regularly review and update our security practices

8. Data Retention

We retain your personal data for as long as necessary to provide our Service or as required by law:

- Account information: Retained while your account is active
- User content: Retained until you delete it or your account is deleted
- Usage data: Retained in anonymized form for analytics purposes
- Payment records: Retained as required by UK tax and accounting laws (typically 7 years)

You can delete your content at any time through the app, or request account deletion by contacting us.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

- Right of Access: Request a copy of your personal data we hold
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data (subject to legal limitations)
- Right to Restrict Processing: Request limitation of how we use your data
- Right to Data Portability: Request transfer of your data to another service
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for optional features at any time

To exercise these rights, please contact us at contact@brainmax.app.

10. International Data Transfers

Your data may be processed and stored outside the UK/European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

- Standard Contractual Clauses approved by UK data protection authorities
- Adequacy decisions by the UK government
- Other legally recognised transfer mechanisms

11. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you become aware that a child has provided us with personal data, please contact us immediately.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:
- Maintain your login session
- Remember your preferences
- Analyze app usage and performance

You can control cookies through your device settings, though this may affect app functionality.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Effective Date" at the top
- Sending you an email notification (if you have provided your email)
- Showing a notice in the app

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have any questions, concerns, or wish to exercise your rights regarding your personal data, please contact us at:

Email: contact@brainmax.app

For data protection matters, you also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Website: https://ico.org.uk
Phone: 0303 123 1113

Thank you for using BrainMax!