Privacy policy

Braain is a shared-brain app for households and small teams. This page explains what we collect, why, who we share it with, and the controls you have over it.

Plain-English summary: we collect the content you put into Braain so the app works, we use a small set of well-known service providers to run on, we don't sell your data, we don't show you ads, and you can delete everything at any time.

Who we are

"Braain", "we", "us" refers to the operator of the Braain app, contactable at support@braain.app. Braain is based in Australia and operates under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where you're based outside Australia, your local privacy law may also apply; the rights set out below are offered to all users.

What we collect, and why

Account information

Your name, email address, and (optionally) profile photo, collected when you sign up. We use these to authenticate you, attribute your messages and content within shared spaces, and send transactional emails (sign-in links, invitations).

Content you put in

• Things you create: tasks, schedules, reminders, notes, instructions, people, items.
• Messages you send in Braain chats (one-to-one, group, and AI agent threads).
• Files and photos you attach to a brain-dump or item.
• Voice recordings: when you speak to Braain via the voice bar, the audio is sent to Deepgram (with OpenAI Whisper as a fallback) for transcription. The audio file is discarded after transcription; only the resulting text is stored.

This content is the substance of the app — without it, Braain can't operate. It's visible only to you and the members of the space you put it in.

AI features

Braain is an AI assistant. To understand and organise what you share, the content you put in — the messages you type, voice you record, files you upload, and the people, events, tasks, and notes you add — is sent to third-party AI providers to generate the assistant's responses, transcribe voice, and power search. The specific providers and their roles are Anthropic (the AI agent's responses and actions), OpenAI (search embeddings and fallback voice transcription), and Deepgram (voice transcription) — detailed under "Who processes your data on our behalf" below.

Before any of your content is sent to these providers, Braain shows an in-app disclosure naming them and asks for your explicit agreement. You can withdraw at any time by deleting your account, which disables Braain's AI features. These providers process your content under API terms that prohibit them from using it to train their models, use it solely to deliver Braain's features, and are bound to protect it to a standard at least equal to this policy. We never sell your data.

Device calendar and reminders

If you grant Braain permission, we sync events and reminders from your device calendars and reminder lists to your Braain account so they appear alongside the things Braain creates. You choose which calendars to include. Synced events are stored against your account only and are not shared with other users unless you explicitly add them to a space.

Connected Google and Microsoft accounts

You can connect a Google (Gmail / Google Calendar) or Microsoft (Outlook) account to Braain. We request only the permissions needed for the features you turn on, each is granted separately, and you can disconnect at any time.

• Calendar two-way sync (Google Calendar / Microsoft Calendars.ReadWrite). With your permission, Braain reads events from the calendars you choose so they appear alongside your Braain items, and writes events back when you or Braain's assistant create, change, or delete an event in Braain. For Google this uses two narrow permissions working together: calendar.calendarlist.readonly so Braain can show you the list of calendars to pick from, and calendar.events so it can read and write events on the calendars you select.
• Email sending (Google gmail.send / Microsoft Mail.Send), only if you turn it on. Braain uses this permission solely to send individual emails that you have written and explicitly approved in the app, from your own address. Braain does not read, import, store, or access your inbox, existing emails, drafts, or any other mailbox content. Every message is shown to you for review before it is sent; nothing is sent automatically.

The access and refresh tokens for these connections are stored securely on our servers only. They are never shared, sold, or used outside Braain. You can disconnect at any time from Calendars & permissions in the app, which deletes the stored token — and, for Google, revokes Braain's access to your account.

Braain's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Location (place-based reminders)

Braain lets you attach a place to a reminder — "remind me when I get to the pharmacy", or "remind me when I leave here". To make these fire, Braain uses your device's location, only if you grant permission:

• Foreground and background location. With your permission, the operating system watches for when you enter or leave the places you've attached to reminders — including when Braain is closed or not in use, which is the only way a location reminder can fire while you're not in the app. We request "Always" (background) location for this reason, and show a plain-English explanation in the app before the system asks.
• Matched on your device. Your live position is compared against your own reminders by the operating system, on your device. Your continuous location is never streamed to, logged by, or stored on our servers.
• What we store. We store only the place you deliberately attach to a reminder — its name and coordinates (for example "Coles Booragoon", or your current location at the moment you create a "leave here" reminder) — as part of that reminder. Deleting the reminder deletes it.
• What we don't do. We don't use location for advertising, analytics, or profiling, and we never sell or share it. It's used solely to fire the reminders you set.

You can turn location off at any time in your device Settings; existing location reminders simply won't fire until you re-enable it.

Photos and camera

If you add a profile photo, attach an image to a brain-dump or item, or capture a document, Braain accesses your camera and/or photo library — only when you initiate that action and grant permission. We store only the specific images you choose to attach; we don't browse or upload your photo library.

Contacts (invite flow only)

If you use the in-app invite picker and grant Contacts permission, Braain reads your address book locally on the device so you can pick a person to invite. Only the email address of the contact you choose is sent to our servers, and only for the purpose of sending that invitation. Your full contact list never leaves the device.

Subscription and billing

If you subscribe to Braain+, Apple or Google handles the actual payment. We receive a transaction identifier and entitlement status from RevenueCat so we know whether to unlock paid features. We never see your credit card or bank details.

Diagnostics

We collect crash logs and basic diagnostic information (app version, device model, OS version) when Braain crashes or hits an unhandled error. These are not tied to your identity beyond the random installation ID assigned by the operating system. We use them solely to find and fix bugs.

What we don't collect

• We don't show advertising, don't use any advertising SDKs, and don't use an advertising ID.
• We don't track you across other apps or websites.
• We don't collect financial, biometric, or government-ID information.
• We don't gather health or fitness data from device health APIs, sensors, or wearables. Anything health-related you type in yourself — for example a medication reminder — is stored as ordinary content you put in (described above), not collected automatically.
• We don't sell your data.

Who processes your data on our behalf

Braain runs on a small set of established service providers. Each one only handles the data needed for its role and is bound by its own privacy and security obligations.

• Supabase — primary database, authentication, and file storage. Hosts your account, content, chat messages, and attachments.
• Deepgram — speech-to-text transcription. Audio you record in Braain is sent to Deepgram, transcribed, and discarded.
• OpenAI — content embeddings used for the AI agent's understanding of your content, and a fallback transcription provider (Whisper) used only if Deepgram is unavailable.
• Anthropic — runs the AI agent that responds in chat and helps with tasks. Receives the messages and context needed for each response.
• RevenueCat — subscription management. Knows your entitlement status, not your billing details.
• Expo Application Services (EAS) — build pipeline and OTA updates. Collects basic crash reports.
• Resend — sends transactional emails (sign-in links, invitations).
• Cloudflare — hosts this marketing site and CDN-fronts our APIs.

None of these providers is given permission to use your data for their own purposes. In particular, the AI providers above — Anthropic, OpenAI, and Deepgram — process your content solely to deliver Braain's features, under API terms that prohibit using it to train their models, and each is contractually bound to protect your data to a standard at least equal to this policy. We don't share your data with any other third party, except where required by law (e.g. in response to a valid court order) or to protect the safety of users.

Where your data lives

Braain's databases and file storage are hosted in regions chosen for proximity and availability — currently primarily in the Asia-Pacific region. Some processors above (notably OpenAI and Anthropic) operate primarily out of the United States, which means relevant requests are routed there. By using Braain you consent to your data being transferred to and processed in these regions.

Security

All data is encrypted in transit (TLS) between your device and our servers, and between our servers and our processors. Stored data is encrypted at rest by each of the providers above. Access to production data is restricted to a small number of authorised personnel and audited.

Your rights and controls

You can, at any time:

• Access the personal information we hold about you — email support@braain.app.
• Correct your account profile in-app (Profile → Edit), or by email for anything that isn't editable in-app.
• Delete your account and all data — see braain.app/delete-account. Full deletion completes within 7 days, backup propagation within 30.
• Revoke permissions (Contacts, Calendar, Microphone, Photos) at any time in your device Settings.
• Cancel a subscription directly in the App Store or Play Store; cancellation takes effect at the end of the current billing period.
• Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we've mishandled your data and we haven't resolved it.

Retention

We keep your content for as long as your account is active. When you delete your account, content is removed from production within 7 days and from backups within 30 days, with two narrow exceptions:

• Billing records (invoices, transaction IDs) — retained for 7 years, as required by Australian tax law.
• Anonymised security logs — retained for 30 days, for fraud and abuse detection.

Children

Braain is intended for users aged 13 and over. We don't knowingly collect personal information from children under 13. If you believe a child under 13 has signed up, email us at support@braain.app and we will delete the account.

Changes to this policy

We may update this policy as Braain evolves. The "Effective" date at the top of this page reflects the most recent change. For material changes (new categories of data collected, new processors with materially different roles, changes that reduce your rights), we'll notify you in-app or by email before the change takes effect.