BRAINZONE
Legal · Privacy Rights

Data & Compliance

Last updated: June 16, 2026

This page is a plain-language companion to our Privacy Policy and Terms of Service. It explains, in one place, exactly what personal data BrainZone collects, why, who processes it, how long it is kept, and the concrete controls you have — including deleting your account, clearing the Soleil AI assistant's memory, disconnecting Google Calendar, and exporting your data.

Contents
  1. 1. Data We Collect
  2. 2. Why We Use Your Data
  3. 3. AI & Soleil Processing
  4. 4. Google Calendar Data
  5. 5. Payments Data
  6. 6. Lecture Recordings, Transcripts & Summaries
  7. 7. Data Retention
  8. 8. Your Rights & Controls
  9. 9. EU / EEA / UK (GDPR) Rights
  10. 10. California (CCPA / CPRA) Notice
  11. 11. We Do Not Sell Your Personal Information
  12. 12. Security & Breach Response
  13. 13. Contact & Requests

1. Data We Collect

BrainZone collects only the data needed to run your personal planning and learning system. By category:

Account & identity

  • Your email address (for sign-in and essential service notices).
  • If you choose Google Sign-In: your name and profile picture as provided by Google. We never receive or store your Google password.
  • Optional profile details you enter: display name, language (English, Hebrew, Italian), country, university, and similar preferences.

Planning & learning content (created by you)

  • Tasks, to-do items, and their status.
  • Goals, milestones, and progress notes.
  • Weekly and daily planning sessions and reflections.
  • Calendar events you create inside BrainZone.
  • Courses, chapters, and study notes.
  • Focus sessions and brain-dump notes.

Soleil AI assistant data

  • Your chat history with Soleil.
  • Memory Soleil builds about you — learned facts, a compact profile snapshot, in-app activity context, preference and feedback signals, and dismissed/queued nudges. You can clear all of this at any time (see Section 8).

Google Calendar (optional, only if you connect it)

  • OAuth access and refresh tokens, stored in your account record solely to sync events.
  • Calendar event data synced into BrainZone at your request.

Subscription & payment status

  • Subscription status, your payment provider's subscription ID, and the date/status of your last payment.
  • We do not store card numbers or full payment details — those are handled exclusively by PayPal.

Lecture recordings (only if you use the recording feature)

  • Audio you record, the resulting transcript, AI-generated organized notes/summaries, and your recording usage/quota.

Technical information

  • Our hosting provider (Vercel) collects standard server logs — IP address, request paths, timestamps — for security and reliability. These are not linked to your BrainZone profile.

2. Why We Use Your Data

We use your data to:

  • Provide, operate, and maintain BrainZone.
  • Sync your data across your devices and sessions.
  • Power the Soleil AI assistant using your BrainZone-native content (tasks, goals, notes, plans).
  • Enable optional Google Calendar synchronization that you explicitly request.
  • Transcribe and organize lecture recordings when you use that feature.
  • Process and confirm subscription payments.
  • Send essential service communications (account or billing notices).
  • Detect and prevent abuse, fraud, and unauthorized access.

We do not use your personal data to serve advertisements, and we do not use your content to train AI or machine-learning models. BrainZone integrates no third-party advertising networks or behavioral-analytics trackers.

3. AI & Soleil Processing

The Soleil assistant is powered by Anthropic(Claude). When you chat with Soleil, the relevant BrainZone content needed to answer — your tasks, goals, notes, and plans — is sent to Anthropic's API to generate a response. Soleil does not receive your Google Calendar data.

For lecture recording, audio is sent to Groq (Whisper speech-to-text) to produce a transcript, and the transcript is then sent to Anthropic to organize it into structured notes/summaries.

These providers process content under their own terms solely to deliver the feature you requested. We do not use this content to train our own models, and we do not authorize these providers to use your content to train their models beyond what their applicable enterprise/API terms allow. You can delete everything Soleil has learned about you at any time (Section 8).

4. Google Calendar Data

Google Calendar is entirely optional. If you connect it, BrainZone requests OAuth permission to read and write your calendar events so it can display and sync them inside the app. Google user data is used only for this user-facing feature — never for advertising, profiling, unrelated analytics, or AI training.

You can disconnect Google Calendar at any time from Settings → Soleil & integrations → Google Calendar, which deletes the stored OAuth tokens from your account. You may also revoke access from your Google Account permissions page. Our full Google API Limited Use disclosure is in Section 10 of the Privacy Policy.

5. Payments Data

Subscriptions and any recording-hour purchases are processed by PayPal. BrainZone receives confirmation of your payment status via a secure webhook and stores your subscription status, the PayPal subscription/transaction identifiers, and the date and status of your last payment. Card numbers and full payment details never reach BrainZone — they are handled entirely by PayPal under PayPal's own privacy policy.

6. Lecture Recordings, Transcripts & Summaries

Lecture recording is being rolled out in BrainZone. Where it is available to you, it works as follows: you record audio in the app; the audio is sent to Groq (Whisper) to produce a transcript; and the transcript is organized into study notes by Anthropic (Claude). The transcript and generated notes are tied to your account.

Raw audio retention. BrainZone uses your raw audio only to create the transcript — there is no audio playback in the app, so the raw audio is not needed once the transcript exists. Our policy is to retain raw audio no longer than necessary to produce the transcript, and to purge failed or abandoned uploads shortly after. Any audio that is temporarily stored lives in BrainZone's private cloud storage (Supabase, EU region), is never public, and is deleted when you delete your account — at which point your recordings, transcripts, and generated notes are removed as well (Section 7).

7. Data Retention

We retain your account and content for as long as your account is active or as needed to provide the service. When you delete your account in the app, your sign-in credentials and associated app data — profile, tasks, goals, plans, courses, notes, brain dumps, Soleil conversations and memory, lecture recordings/transcripts/notes, and your Google Calendar tokens and synced mappings — are removed, and your uploaded audio files are deleted from cloud storage.

Some records are kept or anonymized after deletion where necessary:

  • Financial / accounting records (subscription and payment history, commission entries) required by law. We remove the link to your account (your user ID), but these may still contain provider-side payment identifiers (e.g. PayPal subscription or transaction IDs) needed for accounting and dispute resolution. Those identifiers are not removed, so these specific records are retained rather than fully anonymized.
  • Referral / attribution records, which we keep in anonymized form — your user ID and device identifiers (such as the recorded user agent) are stripped so the records no longer identify you.
  • Payment records held by PayPal, governed by PayPal's own policies and stored outside BrainZone.

Where we are permitted to delete records entirely, we do so within 30 days of the deletion request.

8. Your Rights & Controls

BrainZone gives you direct, in-app controls for most of these rights:

  • Access — Request a copy of the personal data we hold about you (see Contact below).
  • Correction — Edit your profile and content directly in the app, or ask us to correct inaccurate data.
  • Delete your account — Permanently delete your account and associated data yourself from Settings → Account & security → Delete account. A standalone summary is at /account-deletion.
  • Delete Soleil's memory — Clear everything the Soleil assistant has learned about you — chat history, learned facts, snapshots, context, and preference signals — without deleting your account or any other data, from Settings → Personalize Soleil.
  • Disconnect integrations — Disconnect Google Calendar at any time from Settings → Soleil & integrations.
  • Export your data — Download a complete, machine-readable JSON export of your account data — profile, tasks, goals, plans, courses and notes, Soleil conversations and memory, lecture records, integration status, and usage — from Settings → Legal & privacy → Download my data. A local-only JSON backup of your on-device data is also available at Settings → Data & backup → Download backup. For security, the export excludes secrets such as OAuth tokens. If you cannot sign in, you can request an export by contacting us.

9. EU / EEA / UK (GDPR) Rights

If you are in the European Economic Area or the United Kingdom, you have the rights to access, rectify, erase, restrict, and object to the processing of your personal data, and the right to data portability. The legal bases on which we process your data are:

  • Performance of a contract — to provide the core service you signed up for.
  • Consent — for optional features you explicitly enable, such as connecting Google Calendar or recording lectures. You may withdraw consent at any time.
  • Legitimate interests — to keep the service secure and prevent fraud and abuse.
  • Legal obligation — to retain financial and accounting records.

Your data is stored on Supabase infrastructure in the EU (Frankfurt). Some processors (e.g. Anthropic, Groq, PayPal, Vercel) may process data outside the EEA under appropriate safeguards. You also have the right to lodge a complaint with your local data protection authority. To exercise any GDPR right, contact us using the details below.

10. California (CCPA / CPRA) Notice

If you are a California resident, you have the right to know what personal information we collect and why (described in Sections 1–2), the right to request deletion of your personal information, the right to correct inaccurate information, and the right not to be discriminated against for exercising these rights.

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we do not process it for cross-context behavioral advertising. You can exercise your deletion right directly in the app, or submit any request via the Contact section below.

11. We Do Not Sell Your Personal Information

BrainZone does not sell your personal information, and does not share it for advertising or behavioral profiling. The only third parties that receive your data are the service providers needed to run the app — our database and hosting (Supabase, Vercel), the AI providers that power Soleil and lecture transcription (Anthropic, Groq), the payment processor (PayPal), and Google (only if you use Google Sign-In or connect Google Calendar). Each acts as a processor under its own terms and is listed in our Privacy Policy.

12. Security & Breach Response

Your data is encrypted in transit (TLS) and encrypted at rest by our hosting provider. Access is enforced by Row Level Security policies so users can only reach their own records, and administrative access is limited and authenticated. Card data is never stored by BrainZone.

No system is completely immune to vulnerabilities, and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will investigate promptly, take steps to contain and remediate the incident, and notify affected users and any relevant supervisory authorities where required by applicable law and within the timeframes the law prescribes.

13. Contact & Requests

For any privacy request — access, correction, deletion, export, or a question about this page — contact our privacy support at:

support@brainzone.space

We aim to respond to all requests within 14 business days.

← Back to BrainZone·Privacy Policy·Terms of Service