Legal

Privacy Policy

Last updated: April 23, 2026

Contents

1. About BrainZone
2. Information We Collect
3. How We Use Your Information
4. Data Storage & Security
5. Third-Party Services
6. Your Rights
7. Data Retention
8. Changes to This Policy
9. Contact

1. About BrainZone

BrainZone is a personal learning and planning system designed to help individuals organize their goals, tasks, study materials, and weekly schedules in one place. The service is accessible at brainzone.space and via the BrainZone web application.

This Privacy Policy explains what personal information BrainZone collects, how it is used, and the choices you have with respect to that information. By using BrainZone, you agree to the collection and use of information as described here.

2. Information We Collect

Account Information

When you create an account, we collect your email address and, if you choose to sign in with Google, your name and profile picture as provided by Google. We do not store your Google account password. Authentication is handled by Supabase Auth using industry-standard OAuth 2.0 and email/password flows.

Planning & Learning Data

BrainZone stores the content you create within the application, including:

Tasks, to-do items, and their status
Goals, milestones, and progress notes
Weekly and daily planning sessions
Calendar events you add to BrainZone
Courses, chapters, and study notes
Focus sessions (duration and intention)
AI conversation history within the Soleil assistant

This content belongs to you. It is used solely to provide the service and is never sold or shared for advertising purposes.

Preferences & App State

We store your language preference (English, Hebrew, or Italian), onboarding completion state, and other in-app configuration so your experience is consistent across sessions and devices.

Google Calendar (optional)

If you explicitly choose to connect your Google Calendar, BrainZone requests OAuth access to read and write calendar events on your behalf. We store the OAuth access token and refresh token securely in your account record solely to enable calendar synchronization. This connection is entirely optional. You can revoke it at any time from BrainZone Settings or directly from your Google account permissions page. We do not access any Google data other than your calendar events.

Subscription & Payment Status

If you subscribe to BrainZone, we receive confirmation of your subscription status from PayPal via a secure webhook. We store your subscription status (active, cancelled, etc.) and the date of your last payment. We do not store payment card numbers or full payment details — these are handled exclusively by PayPal.

Technical Information

Our hosting infrastructure (Vercel) may collect standard server logs including IP addresses, request paths, and timestamps as part of normal application operation. This data is used for security, error monitoring, and service reliability purposes and is not linked to your BrainZone profile.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the BrainZone service
Sync your planning data across your devices and sessions
Power the Soleil AI assistant with context from your own data
Enable optional calendar synchronization with Google Calendar
Process and confirm subscription payments
Send essential service communications (e.g., account or billing notices)
Detect and prevent abuse, fraud, or unauthorized access
Improve and debug the application

We do not use your personal data to train AI models, serve advertisements, or sell information to third parties.

4. Data Storage & Security

Your data is stored on Supabase, a cloud database platform hosted on AWS infrastructure in the EU (Frankfurt region). All data is encrypted in transit using TLS and encrypted at rest by the hosting provider.

Access to your data is controlled by Row Level Security policies in our database, which ensure that users can only access their own records. Administrative access is limited and subject to authentication requirements.

While we implement reasonable security measures, no system is completely immune to vulnerabilities. We cannot guarantee absolute security of your data.

5. Third-Party Services

BrainZone uses the following third-party services. Each service has its own privacy policy:

Supabase — Authentication and database storage. supabase.com/privacy
Vercel — Application hosting and edge infrastructure. vercel.com/legal/privacy-policy
Anthropic — Powers the Soleil AI assistant. Messages sent to Soleil are processed by Anthropic's API. Anthropic's data handling policies apply to content processed through their API. anthropic.com/privacy
PayPal — Subscription payment processing. paypal.com/privacy
Google — OAuth sign-in and optional Calendar integration. Applies only if you use Google sign-in or connect Google Calendar. policies.google.com/privacy

We do not use third-party advertising networks or behavioral analytics trackers.

6. Your Rights

You have the right to:

Access — Request a copy of the personal data we hold about you.
Correction — Request that we correct inaccurate or incomplete data.
Deletion — Request deletion of your account and associated data. You can delete your account by contacting us (see below). Upon confirmed deletion, your data will be removed from our systems within a reasonable period, except where retention is required by law.
Portability — Request an export of your planning data in a structured format where technically feasible.
Revoke connected services — Disconnect Google Calendar at any time from BrainZone Settings.

To exercise any of these rights, contact us at the address below.

7. Data Retention

We retain your account and planning data for as long as your account is active or as needed to provide the service. If you request account deletion, we will delete your data within 30 days, except for records we are required to retain for legal or financial compliance purposes (such as payment records).

OAuth tokens for Google Calendar are stored until you disconnect the integration or revoke access via Google.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. If changes are material, we will make reasonable efforts to notify you (for example, by posting a notice within the application). Continued use of BrainZone after changes are posted constitutes acceptance of the revised policy.

9. Contact

For privacy-related questions, requests, or concerns, please contact us at:

support@brainzone.space

We aim to respond to all requests within 14 business days.