Account information: email address, username, password (stored as a salted hash), avatar, country/region, and any profile fields you choose to fill in.
Third-party login identifiers: if you sign in with Google, Apple, Facebook, or Instagram, we receive the basic profile data those providers share with us (name, email, profile picture, and a provider-issued user ID).
Ability preferences: the cognitive areas you select during onboarding (memory, focus, speed, etc.) used to recommend game levels.
User-generated content: friend requests, in-app messages you send to our support team, feedback you submit, and any content you submit through forms.
Payment information: if and when paid features are offered, payment is processed by a third-party payment processor; we do not store full card numbers on our servers.
Game data: game mode, difficulty, scores, reaction times, round-by-round results, win/loss records, streaks, and your BrainBlink Index.
Device pairing data: Bluetooth device name, MAC address, serial number (if available), firmware version, signal strength, pairing time, and pairing success/failure logs.
Technical data: IP address, mobile device model, operating system version, App version, language and time-zone settings, crash reports, and diagnostic logs.
Usage data: screens visited, features used, session duration, click events, and approximate timestamps.
Friends and opponents: when another user adds you as a friend, invites you to a match, or competes with you in a tournament, we associate the related event data with your account.
We do not collect precise GPS location.
We do not collect biometric data, neural data, or any physiological signal from the Device. The Device only exchanges game-related signals (LED patterns, button presses, firmware payloads) over Bluetooth.
We do not sell personal information to third parties.
We use the information described above to:
Create and maintain your account and authenticate logins.
Pair your mobile device with your BrainBlink Device and deliver firmware updates.
Run game sessions, calculate scores, compute your BrainBlink Index, and rank you on leaderboards and in tournaments.
Enable social features such as friend lists, multiplayer rooms, and matchmaking.
Recommend game modes and difficulty based on your ability preferences and performance history.
Send transactional notifications (match invites, tournament reminders, password resets) and operational announcements.
Detect, investigate, and prevent fraud, cheating, account abuse, and security incidents.
Comply with legal obligations, respond to lawful requests from authorities, and enforce our Terms.
Improve the Services through aggregated analytics and crash diagnostics.
We do not use your information for automated decision-making that produces legal or similarly significant effects on you.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal data under the GDPR are:
Performance of a contract — to provide the Services you signed up for.
Legitimate interests — to keep the Services secure, prevent abuse, and improve features.
Consent — for optional features such as marketing notifications. You may withdraw consent at any time.
Legal obligation — when we are required to retain or disclose data by applicable law.
We share information only as described below. We do not sell personal information.
RecipientPurposeData SharedOther BrainBlink usersSocial features (friends list, multiplayer, tournaments, leaderboards)Username, avatar, country/region, scores, BrainBlink Index, win/loss recordCloud infrastructure and hosting providersHosting databases and game servicesAll data necessary to operate the Services, under contractual confidentialityPush notification providers (Apple APNs, Google FCM, regional push services)Delivering notificationsDevice push token, message payloadThird-party login providers (Google, Apple, Facebook, Instagram)AuthenticationProvider-issued user ID and tokens we receive from youAnalytics and crash-reporting servicesDiagnostics and product improvementPseudonymous identifiers, device model, crash stack tracesCustomer support toolsResponding to your inquiriesAccount email, message content, ticket metadataLegal and regulatory authoritiesWhen required by law, subpoena, or to protect rights and safetyInformation strictly required by the requestSuccessors in a merger or acquisitionBusiness continuity in a corporate transactionSame protections continue to apply
Where the law requires, we sign data processing agreements with all service providers and require them to apply appropriate safeguards.
The Services are operated globally. Your information may be transferred to and processed in countries other than your country of residence. When we transfer personal data out of the EEA, the UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission, an adequacy decision, or another lawful transfer mechanism.
We keep your personal data only as long as necessary for the purposes described in this Policy.
Data CategoryRetentionAccount profileUntil you delete your accountGame records (solo, multiplayer, matchmaking)Recent 30 days are visible in-app; aggregated statistics may be retained longer for leaderboards and rankingsDevice pairing logs12 months from last pairing eventSupport tickets and feedback24 months after the ticket is closedCrash and diagnostic logs90 daysLogs required by law (security, tax, fraud)Up to the period required by applicable law
When you delete your account, we delete or anonymize your personal data within 30 days, except where longer retention is required by law or to resolve disputes and enforce our agreements.
Depending on where you live, you have some or all of the following rights:
Access — request a copy of the personal data we hold about you.
Correction — ask us to fix inaccurate or incomplete data.
Deletion — ask us to delete your personal data (subject to legal limits).
Restriction or objection — ask us to limit or stop certain processing.
Portability — receive your data in a structured, machine-readable format.
Withdraw consent — for processing based on consent, at any time.
Lodge a complaint — with your local data protection authority.
You can exercise the rights above by writing to hello@brainblink.io. We will respond within one month. You may also lodge a complaint with the supervisory authority in your country of residence.
If you are a California resident, you have the right to:
Know what categories and specific pieces of personal information we collect, use, disclose, and sell or share.
Request deletion of your personal information.
Correct inaccurate personal information.
Opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
Limit the use and disclosure of sensitive personal information. We do not use sensitive personal information for purposes that require this right to be offered.
Be free from discrimination for exercising these rights.
You may submit a verifiable consumer request to hello@brainblink.io. We will verify your identity using information already on file (such as your registered email and recent account activity).
In the App: go to Profile → Settings → Account Settings → Deactivate Account to delete your account, or Settings → Privacy Settings to change visibility.
By email: write to hello@brainblink.io with the subject line "Privacy Request" and describe your request.
You can delete your BrainBlink account and the personal data associated with it at any time, directly from within the App.
Open the BrainBlink App and sign in.
Go to Profile → Settings → Account Settings → Deactivate Account.
Confirm the action. We may ask you to re-enter your password as an additional verification step.
The App will return you to the login screen once the request has been recorded.
Deletion is immediate and final. There is no grace period and the account cannot be recovered once deletion is confirmed.
We delete or irreversibly anonymize the personal data associated with your account, including: profile information, email address, password hash, third-party login identifiers, friend relationships, in-app messages, support tickets, device pairing logs, game records, and the BrainBlink Index inputs tied to your identity. Deletion of live data is completed within 30 days of the request.
Aggregated, anonymous statistics that cannot be linked back to you may continue to be used (for example, anonymous leaderboard standings or service-wide analytics).
Certain records may be retained only where required by law or to resolve disputes (for example, transaction records for tax purposes, security and fraud-prevention logs). Such records are stored under restricted access and deleted as soon as the applicable retention period ends.
Your paired BrainBlink Device is released so it can be paired with a different account. You may also factory-reset the Device to remove any locally stored game data.
Encrypted backups containing your data are rotated out on our standard backup retention schedule (no longer than 90 days from the date of deletion).
It does not cancel any in-app purchases made through Apple App Store or Google Play. Refund requests for those purchases must be submitted through the platform that processed the payment.
It does not remove content created by other users that may reference you (for example, an opponent's match history). Where such references contain personal data about you, we will anonymize the identifying portion on request.
The Services are intended for users aged 13 and over (16 and over in the EEA where local law requires a higher age of digital consent). We do not knowingly collect personal data from anyone below those ages. If we learn that we have collected personal data from a child below the applicable age without verified parental consent, we will delete it promptly. Parents or guardians who believe their child has provided us with personal data may contact hello@brainblink.io.
We implement technical and organizational measures designed to protect your information, including encryption in transit (TLS), encryption at rest for sensitive fields, role-based access control, audit logging, and regular security reviews. No system is 100% secure; you are responsible for keeping your password confidential and for activities that occur under your account.
If you believe your account has been compromised, change your password immediately and contact hello@brainblink.io.
The mobile App does not use browser cookies. We use local storage on your mobile device to remember your login session and preferences. Our analytics and crash-reporting providers may use device identifiers; you can reset advertising identifiers in your phone settings.
The Services may contain links to third-party websites or services (for example, the privacy policies of Google, Apple, Facebook, or Instagram when you use third-party login). We are not responsible for the privacy practices of those third parties. Please review their privacy policies before providing them with personal information.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the App or by email at least 7 days before the changes take effect, and update the "Last Updated" date above. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy.
Email: hello@brainblink.io