Privacy Policy

Effective: January 2026

This Privacy Policy explains how BrainPills ("we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our neural interface technology and research program. Please read this policy carefully.

1. Information We Collect

1.1 Personal Information

We collect information that identifies you personally, including:

Contact Information: Email address, name, and phone number when you register for an account or contact support
Payment Information: Billing address and payment card details - processed securely through Stripe, Inc. (PCI-DSS Level 1 certified)
Account Credentials: Username, password, and security questions for account authentication
Communication Records: Correspondence through email, support tickets, or chat logs

1.2 Research Data

As part of our neural interface research program, we collect:

Neural Pattern Data: Anonymized data from your neural interface sessions, including pattern recognition metrics, response times, and cognitive performance indicators
Usage Patterns: timestamps, session duration, feature usage frequency, and interaction patterns with the neural interface
Feedback Data: User-provided ratings, comments, and survey responses about their experience

Important: All neural data is collected through non-invasive EEG-based methods. No surgical implants or invasive procedures are used.

1.3 Automatically Collected Information

Device Information: Device type, operating system, browser type, and unique device identifiers
Usage Data: Pages visited, time spent on pages, link clicks, and referring/exit URLs
Connection Data: IP address, internet service provider, and approximate location (country/region level only)

2. How We Use Your Information

2.1 Service Delivery

Process and maintain your subscription
Provide access to the neural interface system
Authenticate your identity and prevent unauthorized access
Communicate important account and billing information
Provide customer support and respond to inquiries

2.2 Research and Development

Analyze neural pattern data to improve interface performance
Develop new features and capabilities based on user feedback
Conduct scientific research into brain-computer interfaces
Publish anonymized research findings in academic journals

2.3 Legal and Compliance

Comply with applicable laws and regulations
Process billing disputes and chargebacks
Respond to legal requests from government authorities
Enforce our Terms of Service

3. Information Sharing and Disclosure

3.1 Third-Party Service Providers

We share information with service providers who assist with:

Payment Processing: Stripe, Inc. processes all payment card information - we never store your full card details
Cloud Infrastructure: Microsoft Azure hosts our servers and databases with enterprise-grade security
Email Communications: SendGrid delivers transactional emails on our behalf

3.2 Information We Do NOT Sell

We do NOT sell, rent, or trade your personal information to:

Advertising networks
Data brokers
Third-party marketing companies
Other organizations for commercial purposes

3.3 Legal Exceptions

We may disclose information when required by law, such as:

Responding to a subpoena, court order, or government request
Protecting our rights, property, or safety
Preventing fraud or illegal activity

4. Data Security

4.1 Technical Measures

Encryption: All data in transit is encrypted via TLS 1.2+. Data at rest is encrypted using AES-256
Access Controls: Role-based access limiting employee access to personal data
Network Security: Firewalls, intrusion detection, and DDoS protection
Regular Audits: Third-party security assessments conducted quarterly

4.2 Data Retention

Account Data: Retained while account is active plus 3 years for legal compliance
Transaction Records: Kept for 7 years per financial regulations
Research Data: Anonymized data may be retained indefinitely for research purposes
Neural Patterns: Can be deleted upon request

5. Your Rights

5.1 GDPR Rights (EEA/UK Residents)

Right to Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing: Request limitation on how we use your data
Right to Data Portability: Request your data in a machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

5.2 CCPA Rights (California Residents)

Right to Know: Request disclosure of categories and specific data collected
Right to Delete: Request deletion of personal data
Right to Opt-Out: Opt-out of sale of personal data (we do NOT sell data)
Right to Non-Discrimination: Equal service regardless of privacy choices

5.3 Exercising Your Rights

To exercise any of these rights, contact us at: orders@brainpills.ai

We will respond to your request within 30 days. You may also file a complaint with your local data protection authority.

6. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you become aware that a minor has provided us with personal data, contact us immediately.

7. International Data Transfers

Your data may be processed on servers outside your country of residence. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions where applicable
Additional security measures for international transfers

8. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email at least 30 days before they take effect. The "Effective" date at the top of this page indicates when the current policy took effect.

9. Contact Information

For questions about this Privacy Policy or to exercise your data rights:

Email: orders@brainpills.ai

Mail: BrainPills Support, Available upon request