Privacy Policy

1. Introduction

Welcome to Bwain.app ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our Progressive Web Application (PWA) and related services.

By using Bwain.app, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information from Google OAuth

When you sign in with Google, we collect:

• Google User ID: A unique identifier from Google
• Email Address: Your Google account email
• Name: Your display name from Google
• Profile Picture: Your Google profile image URL
• OAuth Tokens: Access and refresh tokens for authentication

2.2 Productivity Data You Create

When you use Bwain.app features, we store:

• Tasks: Task descriptions, due dates, completion status
• Lists: List names, items, and completion states
• Notes: Note content and tags
• Reminders: Reminder messages, times, and recurrence settings
• Budget Data: Transaction amounts, categories, and descriptions
• Schedule Events: Event titles, dates, times, and descriptions

2.3 Automatically Collected Information

• Usage Data: Features accessed, frequency of use
• Device Information: Browser type, operating system, screen size
• Log Data: IP address, access times, error logs (stored temporarily for debugging)

2.4 Information We Do NOT Collect

• Passwords (we use Google OAuth exclusively)
• Payment information (we do not process payments)
• Precise geolocation data
• Biometric data
• Third-party service credentials

3. How We Use Your Information

We use your information for the following purposes:

• Authentication: To verify your identity and manage your account
• Service Delivery: To provide productivity features (tasks, lists, notes, etc.)
• Data Synchronization: To sync your data across devices
• Reminders: To send notifications at scheduled times (with your permission)
• Service Improvement: To analyze usage patterns and improve features
• Technical Support: To diagnose and fix technical issues
• Security: To detect and prevent fraud, abuse, and security incidents

4. Google API Services

Bwain.app uses Google OAuth 2.0 for authentication and may request access to additional Google APIs in the future. Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 Current Google API Usage

• Google Sign-In: OAuth 2.0 authentication (openid, email, profile scopes)

4.2 Potential Future Google API Integrations

With your explicit consent, we may request access to:

• Google Calendar: To sync your schedule with your Google Calendar
• Google Drive: To attach files to tasks and notes
• Gmail: To send reminder emails
• Google Tasks: To sync tasks between Bwain.app and Google Tasks
• Google Contacts: To share tasks with your contacts

Important: You will be asked for explicit permission before we access any additional Google services. You can revoke these permissions at any time through your Google Account settings.

5. Data Storage and Security

5.1 Where We Store Your Data

• Backend Database: Your productivity data is stored in a secure SQLite database hosted on Fly.io servers (United States)
• Browser Storage: Session tokens are stored in secure httpOnly cookies
• Service Worker Cache: Static assets are cached locally for offline functionality (no personal data)

5.2 Security Measures

• Encryption in Transit: All data is transmitted over HTTPS/TLS
• OAuth 2.0: Industry-standard authentication protocol
• Token-Based Authentication: Short-lived access tokens with automatic refresh
• Database Isolation: All user data is isolated by Google User ID
• Regular Security Audits: We regularly review our security practices
• No Password Storage: We never store passwords (Google handles authentication)

5.3 Data Retention

We retain your data for as long as your account is active. You can request deletion of your account and all associated data at any time (see Section 8).

6. Data Sharing and Disclosure

We do not sell your personal information to third parties.

We may share your information only in the following limited circumstances:

• Service Providers: We use Fly.io for backend hosting and Vercel for frontend hosting. These providers have access to data only to perform tasks on our behalf and are obligated to protect it.
• Google: Your Google OAuth tokens are shared with Google only for authentication purposes.
• Legal Compliance: We may disclose information if required by law, subpoena, or legal process.
• Security: We may disclose information to protect against fraud, abuse, or security threats.

7. Your Rights and Choices

7.1 Access and Portability

You can access all your data directly through the Bwain.app interface. You can export your data at any time (feature coming in V1.1).

7.2 Correction and Deletion

You can edit or delete any of your productivity data (tasks, lists, notes, etc.) directly in the app. To delete your entire account, contact us at privacy@bwain.app.

7.3 Google Account Permissions

You can revoke Bwain.app's access to your Google account at any time by visiting your Google Account Permissions.

7.4 Cookies and Local Storage

You can clear cookies and local storage through your browser settings, but this will log you out and may affect functionality.

7.5 Notifications

You can enable or disable push notifications through your device settings or browser permissions.

8. Children's Privacy

Bwain.app is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@bwain.app, and we will delete such information from our systems.

9. International Users

Bwain.app is operated from the United States. If you are accessing our services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using our services, you consent to this transfer.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have the following additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@bwain.app. We will respond within 30 days.

11. CCPA Compliance (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell your data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@bwain.app.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Sending you an email notification (for material changes)
• Displaying an in-app notification

Your continued use of Bwain.app after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: