Privacy Policy

What we collect

• Waitlist emails (website only). If you sign up for our waitlist, we collect your email address to notify you when the app becomes available and send updates about BrightMind. We do not share your email with third parties and keep it private.
• No accounts in app. We don't ask for name, email, or passwords in the mobile app itself.
• Voice sessions (app). When you speak, your audio is transmitted in real time to our processors to transcribe, generate a response, and speak back. We do not store your audio on our servers, but we do store anonymized conversation transcripts and AI responses to improve our service by analyzing where BrightMind falls short. This includes the text content of your messages, AI responses, and function calls made during sessions.
• Website analytics (landing page only). We use Vercel Web Analytics, which is cookie-less and uses a short-lived hashed identifier; sessions are discarded after 24 hours. (Vercel)
• Advertising & measurement (landing page only). We use Reddit Ads Pixel and Conversions API to measure and improve ad performance. This may collect online identifiers (e.g., IP address, user agent, screen dimensions), your Reddit ad click ID from the URL (rdt_cid) which we store in a first‑party cookie (reddit_click_id, up to 30 days), page views and conversion events (e.g., waitlist signup), and—where available—customer‑provided identifiers such as the email you enter on the page (auto‑advanced matching). Reddit normalizes/hashes identifiers as described in their documentation. (Reddit Pixel)

Processors we use (and typical retention)

We choose privacy-forward defaults and enable zero-data-retention where available.

• LiveKit (real-time media transport): processes audio/video in transit; may log IP and API/server events. (LiveKit)
• Deepgram (speech-to-text): retains personal data as needed to provide the service; usage logs are typically limited (e.g., Deepgram has stated a 90-day log storage for customers). We configure "no training" options. (Deepgram, developers.deepgram.com)
• OpenAI (LLM): may retain API inputs/outputs up to 30 days to operate the service and prevent abuse; offers Zero Data Retention on eligible endpoints, which we enable where feasible. (OpenAI, OpenAI Community)
• Cartesia (text-to-speech): supports Zero Data Retention mode; when enabled, they do not store customer audio, transcripts, or outputs. (cartesia.ai)
• Vercel Analytics (website only): cookie-less, anonymized analytics; session data is not stored permanently and is discarded after 24 hours. (Vercel)
• Reddit Ads (website only): Pixel & Conversions API to attribute ad performance and deduplicate events between browser and server. Receives identifiers such as IP, user agent, click ID, and (where available) email entered on our site. (Reddit Ads)

Note: Providers may keep limited security/abuse-prevention logs or retain data if required by law. See their policies linked above.

Cookies and similar technologies (website)

• reddit_click_id — first‑party cookie set by us when you arrive with a Reddit click ID (rdt_cid) in the URL; used solely for ad attribution and deduplication; expires in up to 30 days.
• Vercel Web Analytics — does not set cookies.

Legal bases (GDPR)

• Consent (Art. 6(1)(a)): for waitlist email collection and sending updates about app availability.
• Performance of a contract (Art. 6(1)(b)): to provide real-time coaching (transcription, generation, and speech).
• Legitimate interests (Art. 6(1)(f)): to keep the service secure and reliable (e.g., anti-abuse), store conversation history for service improvement and analytics, and provide session summaries to users.
• Ads/measurement: in the EEA/UK we rely on your consent where required for the Reddit Pixel and related identifiers; elsewhere we may rely on legitimate interests to measure ad performance, subject to your right to object.

International data transfers

Our processors may process data in the U.S. and elsewhere. They use GDPR mechanisms like DPAs and Standard Contractual Clauses. (LiveKit)

Data retention

• Waitlist emails: We retain your email address until you unsubscribe or request deletion. You can unsubscribe at any time using the link in our emails.
• App conversation history: While in beta we store conversation transcripts, AI responses, and session analytics indefinitely to provide service features and improvements. You can request deletion of your conversation history by contacting us.
• Third-party processors: Providers retain only as described above (e.g., OpenAI up to 30 days; Deepgram usage logs commonly up to ~90 days; Vercel Analytics website sessions ≤24 h). (OpenAI, developers.deepgram.com, Vercel)
• Reddit Ads: We store the click ID cookie for up to 30 days. Reddit's own retention of conversion events and identifiers is governed by Reddit's policies.

Your choices (ads & measurement)

You can control browser‑based tracking by adjusting your browser settings, using content blockers, or enabling Do Not Track (where honored). If you are in the EEA/UK and do not consent to advertising cookies/identifiers, please refrain from submitting the waitlist form and contact us to opt‑out of server‑side matching. You can also object to processing at any time by emailing stan@brightmind.club.

Your rights (GDPR)

You can access, export, rectify, object, or delete your data. Email stan@brightmind.club. You can also complain to the Polish DPA (UODO). (UODO)

Children & teens

• EU/Poland: The digital age of consent is 16. Users under 16 must have verifiable parental/guardian consent for processing. (Linklaters, White & Case, gdprhub.eu)
• Outside EU: We follow local laws; where consent age is 13–16, under-age users need parental consent. (GDPR)

If we learn a child used the app without required consent, we'll disable use and work to delete related data (subject to provider logs/legal requirements).

Security

Transport encryption (TLS). We select reputable providers with documented security programs; we don't store app session content.

Changes & contact

We may update this Policy; material changes will be posted with a new effective date.
Contact: stan@brightmind.club.