BrainRetain Privacy Policy
Data we collect
- Account — your email and a password (stored only as a hash by Supabase, never in plain text), or your Google/Apple sign-in identity. Plus a display name, an internal account id, and your plan (free or pro).
- Content you save — the links, pasted text, and photos/screenshots you submit, the audio transcribed from media you share, and the quizzes, summaries, flashcards, answers, scores, and feedback generated from them.
- Reading history (only if you turn it on) — for the daily recap, a log of links and titles you read or watch, auto-deleted after 90 days. If you connect YouTube, Spotify, or Pocket, we store an encrypted access token for that account.
- Usage analytics (PostHog) — page views and product events tied to your account id and email after sign-in. We never send the content of what you save. Opt out any time in Settings. Session recording is off.
- Device and technical — a push token if you enable reminders, and short-lived server logs (timestamp, IP, path) for debugging and abuse prevention.
How your content gets processed
To build a quiz, your text and transcripts go to Anthropic (Claude) for analysis and question generation, photos you submit are read by the same service, and audio you share is transcribed by Groq (with OpenAI as a fallback only if Groq is briefly unavailable). Their API terms prohibit using API-submitted content to train their models.
Third-party services
- Supabase — accounts, content storage, sync.
- Fly.io — app hosting (US-East).
- Anthropic Claude — generates quizzes and flashcards from your text, transcripts, and images.
- Groq (and OpenAI as fallback) — transcribes audio you share.
- PostHog — usage analytics. Opt-out in Settings.
- Apple — processes payments and powers Sign in with Apple.
- RevenueCat — tracks your subscription status (receives your account id, not card data).
- Google — Sign in with Google, and YouTube data if you connect it for recaps.
- Spotify / Pocket — recent activity, only if you connect them for recaps.
- Expo — delivers push notifications.
Payments
- Apple handles payments through the App Store, so we never see or store your card details.
- We use RevenueCat to know whether your subscription is active, and on our side we keep only your plan tier.
Sharing a card with someone
- You choose what's shared. Nothing is public unless you tap Share on a specific card. When you do, we create a private link and a copy of that one card (its question, answer, explanation, and source).
- Anyone with the link can see that card. The link is hard to guess, but it isn't password-protected, so treat it like any link you send a friend. Don't share a card that contains anything private.
- We record attempts. When someone opens your link and answers, we record whether the answer was right, so you can see how your card did. We don't collect the name, email, or account of someone who isn't signed in.
- Links expire and can be turned off. A share link stops working after 90 days, and you can stop sharing a card at any time, which removes its page.
- Report a card using the link at the bottom of any shared page, or email us, and we'll review it.
What we do NOT do
- We do not sell your data. Ever.
- We do not show third-party ads.
- We do not train AI models on your saved content.
Keeping and deleting your data
- Delete your account (Settings → Delete account) permanently removes your account and everything tied to it — cards, quizzes, history, reading log, feedback, and connected-account tokens.
- Clear your saved content from Settings without deleting your account.
- Reading-history entries are deleted automatically after 90 days; server logs are short-lived.
- You can opt out of analytics and turn off reading-history tracking in Settings.