BRAIN DUMP

Legal

Privacy Notice

Last updated: May 11, 2026

This Privacy Notice explains how Mubarak Mohammed Al Zadjali ("we", "us", the "Seller") collects, uses, shares, and protects your personal data when you use Brain Dump (the "Service"). We act as the data controller for personal data processed through the Service.

1. Data we collect

  • Account data — email address, hashed password (or OAuth identifier for Google sign-in), account creation date.
  • User content — voice recordings you submit, transcripts generated from them, and the AI-sorted output.
  • Usage data — number of dumps per day, feature interactions, error logs.
  • Device & technical data — IP address, browser type, operating system, approximate location derived from IP.
  • Subscription data — plan, status, renewal date, and identifiers linking your account to Paddle (we do not see or store your card details).
  • Support messages — anything you send us via email or in-app support.

2. Why we use it

  • Create and operate your account (contract performance).
  • Provide the core Service: transcribe and sort your dumps (contract performance).
  • Enforce free-tier limits and unlock Pro features (contract performance).
  • Prevent abuse, fraud, and security incidents (legitimate interests).
  • Improve product quality and fix bugs from aggregate usage data (legitimate interests).
  • Provide customer support (contract performance).
  • Send essential service emails (legal obligation / contract performance).
  • Send marketing emails only with your consent (consent — you can withdraw at any time).
  • Comply with legal obligations (legal obligation).

3. Who we share it with

  • Paddle.com, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, fraud prevention, and invoicing.
  • Service providers / subprocessors we rely on to run the Service: cloud hosting (Lovable Cloud / Supabase), AI model providers used for transcription and sorting, email delivery, error monitoring, and analytics tooling.
  • Professional advisers (legal, accounting) where strictly necessary.
  • Authorities where required by law, regulation, or valid legal process.

We do not sell your personal data.

4. International transfers

Some of our service providers operate outside your country, including in the United States and the European Economic Area. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Retention

  • Account data: while your account is active and for up to 12 months after deletion (for backups and abuse prevention).
  • Voice recordings: deleted shortly after transcription; transcripts and sorted results are retained while your account is active and removed on deletion.
  • Subscription & billing records: kept by Paddle and by us for as long as required by tax and accounting law (typically up to 7 years).
  • Support messages: up to 24 months after the issue is resolved.

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent at any time. To exercise any of these, email us at the address shown in your account. You also have the right to complain to your local data protection authority. We will respond within one month of a verified request.

7. Security

We use appropriate technical and organisational measures including encryption in transit and at rest, role-based access controls, password hashing, and regular review of our subprocessors. No system is perfectly secure — please use a strong, unique password and tell us immediately if you suspect unauthorised access.

8. Cookies

The Service uses essential cookies and local storage to keep you signed in and remember your preferences (e.g. your latest sort result). We may also use limited analytics cookies to understand aggregate usage. You can manage cookies in your browser settings; disabling essential cookies may break parts of the Service.

9. Children

Brain Dump is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we'll delete it.

10. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be highlighted in the Service or sent by email.

11. Contact

Data controller: Mubarak Mohammed Al Zadjali. For privacy questions or to exercise your rights, contact us at the email shown in your account. For payment-related data held by Paddle, you can also contact Paddle directly via paddle.net.