Privacy Policy for BrainBack

Last Updated: November 24, 2025

Thank you for using BrainBack ("we," "us," or "our"). This Privacy Policy explains how we collect, use, protect, and share information when you use our educational video platform available at https://brainback.top (the "Website"), our mobile applications (iOS and Android), and related services (collectively, the "Platform").

BrainBack is an educational video platform designed for teenagers (ages 13-18) that transforms screen time into learning time through bite-sized educational videos, interactive quizzes, AI tutoring, and gamification. We take the privacy of our users, especially minors, very seriously and are committed to compliance with the Children's Online Privacy Protection Act (COPPA) and the General Data Protection Regulation (GDPR).

By using the Platform, you agree to the terms of this Privacy Policy. If you do not agree with these practices, please do not use our Platform.

1. Information We Collect

1.1 Personal Information

We collect the following personal information:

• Account Information: Name, email address, date of birth (to verify age eligibility), username, and profile picture
• Payment Information: Billing details and payment card information for micro-course purchases (processed securely through Stripe; we do not store full payment card details on our servers)
• Parent/Guardian Information: For users under 13, we collect parent/guardian email addresses for verification and consent purposes
• Authentication Data: Information from third-party authentication providers (e.g., Google OAuth) when you choose to sign in through these services

1.2 Educational and Activity Data

• Learning Progress: Topics selected, videos watched, completion rates, quiz responses and scores, earned XP, streaks, badges, and skill progression
• AI Tutor Interactions: Questions asked to our AI tutor and conversation history to provide personalized assistance
• Content Interactions: Video likes, emoji reactions, saved videos, and video replies you create
• Learning Goals: Up to 3 topics you select to master

1.3 User-Generated Content

• Video Replies: Short video responses (up to 15 seconds) you create in reaction to educational content
• Profile Content: Profile information, avatar, and bio if you customize your profile

1.4 Technical and Usage Data

• Device Information: Device type, operating system, browser type, unique device identifiers, mobile network information
• Usage Analytics: Pages visited, videos viewed, time spent on platform, navigation patterns, feature usage, error logs
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance user experience, analyze trends, and personalize content recommendations
• IP Address and Location: General location data (city/country level) to provide localized content and comply with regional regulations

1.5 Parental Dashboard Data

For parents monitoring their child's account, we collect and make available:
• Learning metrics (minutes watched, topics explored, badges earned)
• Progress reports and course completion data
• Parent control settings and preferences

2. How We Use Your Information

We use collected information for the following purposes:

• Platform Operation: To provide, maintain, and improve our educational services
• Personalization: To customize your learning feed based on quiz performance, selected topics, and engagement patterns
• AI Tutoring: To provide personalized educational assistance and answer your questions
• Gamification: To track streaks, award badges, calculate XP, and maintain skill maps
• Communication: To send transactional emails (account verification, purchase confirmations), important platform updates, and safety notifications
• Payment Processing: To process micro-course purchases and manage subscriptions
• Safety and Moderation: To enforce our community guidelines, detect inappropriate content, and maintain a safe learning environment through AI and human moderation
• Parental Controls: To enable parents to monitor their child's learning and manage safety settings
• Analytics and Improvement: To understand platform usage, identify bugs, improve features, and develop new educational content
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and the safety of our users

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on:

• Contract Performance: Processing necessary to provide our Platform services
• Legitimate Interests: To improve our services, prevent fraud, and ensure platform safety
• Legal Obligations: To comply with applicable laws and regulations
• Consent: Where required, such as for marketing communications (which you can opt out of at any time)

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

4.1 Service Providers
• Payment Processing: Stripe for secure payment transactions
• Email Services: Resend for transactional emails (magic links, notifications)
• Database Hosting: MongoDB for secure data storage
• Authentication: NextAuth.js and Google OAuth for account authentication
• AI Services: OpenAI for AI tutor functionality
• Customer Support: Crisp for customer service chat

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Content Moderation
Educators' submitted content undergoes AI and human moderation review before publication.

4.3 Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of BrainBack, our users, or the public.

4.4 Business Transfers
If BrainBack is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Children's Privacy (COPPA Compliance)

BrainBack is primarily designed for teenagers ages 13-18. However, we recognize that younger children may be interested in educational content with parental supervision.

5.1 Users Ages 13-18
Teenagers ages 13-18 can create accounts independently. We collect only the information described in this Privacy Policy and use it solely for educational purposes.

5.2 Users Under Age 13
For children under age 13, we require verifiable parental consent before collecting any personal information. Parents must:
• Provide a valid email address for verification
• Confirm consent via email verification
• Access the Parent Dashboard to monitor their child's account

We collect only the minimum information necessary to provide educational services and enable parental oversight.

5.3 Parental Rights
Parents of users under 13 can:
• Review their child's personal information
• Request deletion of their child's account and data
• Refuse further collection or use of their child's information
• Access the Parent Dashboard at any time

To exercise these rights, contact us at bartzalewskidev@gmail.com.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
• Data Portability: Request your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing emails (note: you'll still receive essential transactional emails)
• Restrict Processing: Request limitation on how we use your data
• Object: Object to processing based on legitimate interests

To exercise any of these rights, contact us at bartzalewskidev@gmail.com. We will respond within 30 days.

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure authentication via NextAuth.js with JWT tokens
• PCI-DSS compliant payment processing through Stripe
• Regular security audits and monitoring
• Access controls limiting employee access to personal data
• AI and human moderation for content safety

However, no system is completely secure. If you become aware of any security breach, please contact us immediately.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

• Account Data: Retained until account deletion requested
• Learning Progress: Retained for the lifetime of the account
• Video Replies: Retained until you delete them or delete your account
• Payment Records: Retained for 7 years for tax and legal compliance
• Cookies: Vary by type (session cookies expire when you close your browser; persistent cookies as specified)

Upon account deletion, we will delete or anonymize your personal information within 90 days, except where retention is required by law.

9. International Data Transfers

BrainBack operates globally. Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) for GDPR compliance
• Ensuring service providers meet data protection standards

10. Third-Party Links

Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. Safety Features and Content Moderation

To maintain a safe learning environment:

• No Text Comments: Users cannot post text comments; only emoji reactions and short video replies are allowed
• AI Moderation: All user-generated content is screened by AI for inappropriate material
• Human Review: Flagged content is reviewed by human moderators
• Age-Gated Content: Content is filtered based on age appropriateness
• Reporting Tools: Users and parents can report inappropriate content or behavior
• Parental Controls: Parents can adjust content filters and safety settings

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. We will notify you of significant changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying an in-app notification upon your next login

Continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy.

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of sale of personal information (note: we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at bartzalewskidev@gmail.com.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: bartzalewskidev@gmail.com
Website: https://brainback.top

For parental consent verification or exercising parental rights, please include "COPPA Request" or "Parental Rights" in your email subject line.

15. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at:
Email: bartzalewskidev@gmail.com

By using BrainBack, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.