Privacy Policy

Cookie Consent Management

We use CookieYes, a cookie consent management platform, to help you control which cookies and tracking technologies are active on our website. When you visit brightmind.club, you'll see a cookie consent banner that allows you to:

• Accept all cookies — Enable all analytics and advertising features
• Reject non-essential cookies — Only allow necessary cookies for basic functionality
• Customize preferences — Choose specific cookie categories you want to allow

You can change your cookie preferences at any time by clicking the cookie settings link in our website footer or by clearing your browser cookies and revisiting the site. CookieYes stores your consent preferences to remember your choices on future visits. (CookieYes Privacy Policy)

Cookie categories we use:

• Necessary: Essential cookies required for the website to function properly. These cannot be disabled.
• Analytics: Help us understand how visitors interact with our website through tools like Google Analytics and Microsoft Clarity.
• Advertisement: Used for advertising and measuring ad performance, including Reddit Pixel tracking.

What we collect

• Waitlist emails (website only). If you sign up for our waitlist, we collect your email address to notify you when the app becomes available and send updates about BrightMind. We do not share your email with third parties and keep it private.
• No accounts in app. We don't ask for name, email, or passwords in the mobile app itself.
• Voice sessions (app). When you speak, your audio is transmitted in real time to our processors to transcribe, generate a response, and speak back. We do not store your audio on our servers, but we do store anonymized conversation transcripts and AI responses to improve our service by analyzing where BrightMind falls short. This includes the text content of your messages, AI responses, and function calls made during sessions.
• Integration data (app). When you connect third-party productivity services (such as Todoist, TickTick, and other task management platforms), we process data from these integrations to provide personalized coaching and task-related functionality. This data is processed in transit with our AI partners to deliver relevant insights and responses, but is not permanently stored on our servers or exported to external parties beyond the processing necessary to provide the service. Integration data may include task information, project details, and related metadata from your connected accounts.
• Website analytics (landing page only). We use Vercel Web Analytics (cookie-less; sessions discarded after 24 hours) and Microsoft Clarity for session recording and heatmaps. Clarity may collect interaction data (e.g., page views, clicks, scrolls, mouse movement), device/browser metadata, and similar usage information to help us understand usability. Clarity may use cookies or similar technologies. (Vercel, Microsoft Privacy, Clarity FAQ)
• Advertising & measurement (landing page only). We use Reddit Ads Pixel and Conversions API to measure and improve ad performance. This may collect online identifiers (e.g., IP address, user agent, screen dimensions), your Reddit ad click ID from the URL (rdt_cid) which we store in a first‑party cookie (reddit_click_id, up to 30 days), page views and conversion events (e.g., waitlist signup), and—where available—customer‑provided identifiers such as the email you enter on the page (auto‑advanced matching). Reddit normalizes/hashes identifiers as described in their documentation. (Reddit Pixel)

Processors we use (and typical retention)

We choose privacy-forward defaults and enable zero-data-retention where available. These processors handle data in transit to deliver our services, including processing voice sessions and integration data from connected productivity platforms.

• LiveKit (real-time media transport): processes audio/video in transit; may log IP and API/server events. (LiveKit)
• Deepgram (speech-to-text): retains personal data as needed to provide the service; usage logs are typically limited (e.g., Deepgram has stated a 90-day log storage for customers). We configure "no training" options. (Deepgram, developers.deepgram.com)
• OpenAI (LLM): processes conversation and integration data in transit to generate AI responses and provide personalized coaching; may retain API inputs/outputs up to 30 days to operate the service and prevent abuse; offers Zero Data Retention on eligible endpoints, which we enable where feasible. (OpenAI, OpenAI Community)
• Cartesia (text-to-speech): supports Zero Data Retention mode; when enabled, they do not store customer audio, transcripts, or outputs. (cartesia.ai)
• Vercel Analytics (website only): cookie-less, anonymized analytics; session data is not stored permanently and is discarded after 24 hours. (Vercel)
• Microsoft Clarity (website only): session recording and heatmaps to understand usability; may collect interaction data and device/browser metadata. See Microsoft’s privacy and FAQ for details. (Microsoft Privacy, Clarity FAQ)
• Reddit Ads (website only): Pixel & Conversions API to attribute ad performance and deduplicate events between browser and server. Receives identifiers such as IP, user agent, click ID, and (where available) email entered on our site. (Reddit Ads)

Note: Providers may keep limited security/abuse-prevention logs or retain data if required by law. See their policies linked above.

Cookies and similar technologies (website)

Our website uses cookies to provide functionality, analytics, and advertising. These cookies are controlled by our CookieYes consent management platform, which allows you to manage your preferences. Below is a detailed list of cookies we use:

• CookieYes consent cookies — stores your cookie consent preferences; necessary for the website to remember your choices.
• reddit_click_id — first‑party cookie set by us when you arrive with a Reddit click ID (rdt_cid) in the URL; used solely for ad attribution and deduplication; expires in up to 30 days. Category: Advertisement
• Google Analytics — may set cookies to track page views, user behavior, and conversions. These are blocked until you consent to Analytics cookies. Category: Analytics
• Microsoft Clarity — may set cookies or use local storage to enable session analytics and heatmaps on the landing site. Blocked until you consent to Analytics cookies. Category: Analytics
• Reddit Pixel — may set cookies to track ad conversions and user behavior for advertising purposes. Blocked until you consent to Advertisement cookies. Category: Advertisement
• Vercel Web Analytics — does not set cookies; uses cookie-less tracking.

Legal bases (GDPR)

• Consent (Art. 6(1)(a)): for waitlist email collection and sending updates about app availability.
• Performance of a contract (Art. 6(1)(b)): to provide real-time coaching (transcription, generation, and speech).
• Legitimate interests (Art. 6(1)(f)): to keep the service secure and reliable (e.g., anti-abuse), store conversation history for service improvement and analytics, and provide session summaries to users.
• Ads/measurement: in the EEA/UK we rely on your consent where required for the Reddit Pixel and related identifiers; elsewhere we may rely on legitimate interests to measure ad performance, subject to your right to object.

International data transfers

Our processors may process data in the U.S. and elsewhere. They use GDPR mechanisms like DPAs and Standard Contractual Clauses. (LiveKit)

Data retention

• Waitlist emails: We retain your email address until you unsubscribe or request deletion. You can unsubscribe at any time using the link in our emails.
• App conversation history: While in beta we store conversation transcripts, AI responses, and session analytics indefinitely to provide service features and improvements. You can request deletion of your conversation history by contacting us.
• Integration data: Data from connected productivity services (Todoist, TickTick, etc.) is processed temporarily to deliver personalized coaching but is not permanently stored on our servers. This data is only retained in transit during processing and is not archived or exported to external systems.
• Third-party processors: Providers retain only as described above (e.g., OpenAI up to 30 days; Deepgram usage logs commonly up to ~90 days; Vercel Analytics website sessions ≤24 h). (OpenAI, developers.deepgram.com, Vercel)
• Reddit Ads: We store the click ID cookie for up to 30 days. Reddit's own retention of conversion events and identifiers is governed by Reddit's policies.

Your choices (ads & measurement)

Cookie consent banner: The easiest way to control cookies is through our CookieYes consent banner. You can accept, reject, or customize which cookie categories are active on our website. Your preferences will be saved for future visits.

Browser settings: You can also control browser‑based tracking by adjusting your browser settings, using content blockers, or enabling Do Not Track (where honored). If you are in the EEA/UK and do not consent to advertising cookies/identifiers, you can reject them via our cookie banner or contact us to opt‑out of server‑side matching. You can also object to processing at any time by emailing stan@brightmind.club.

Your rights (GDPR)

You can access, export, rectify, object, or delete your data. Email stan@brightmind.club. You can also complain to the Polish DPA (UODO). (UODO)

Children & teens

• EU/Poland: The digital age of consent is 16. Users under 16 must have verifiable parental/guardian consent for processing. (Linklaters, White & Case, gdprhub.eu)
• Outside EU: We follow local laws; where consent age is 13–16, under-age users need parental consent. (GDPR)

If we learn a child used the app without required consent, we'll disable use and work to delete related data (subject to provider logs/legal requirements).

Security

Transport encryption (TLS). We select reputable providers with documented security programs; we don't store app session content.

Changes & contact

We may update this Policy; material changes will be posted with a new effective date.
Contact: stan@brightmind.club.