← Back

Privacy Policy

Effective: June 2026 · Beta

1. Overview

Brains (“we”, “us”, “our”) operates the Brains personal wiki and memory service at usebrains.app. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and your rights. By using Brains you agree to this policy.

2. Data We Collect

We collect only what is necessary to operate the service:

  • Account information: email address and authentication credentials (managed via Supabase Auth).
  • Wiki content: pages, notes, and structured data you store in your Brains wiki.
  • Usage data: tool invocations, page read/write counts, and error logs for debugging and performance monitoring.
  • OAuth tokens: access and refresh tokens generated when you connect an AI assistant (Claude, ChatGPT) to your wiki.

We do not collect payment card numbers, government IDs, health records, or any sensitive personal data beyond what is listed above.

3. How We Use Your Data

  • To authenticate you and secure your account.
  • To store, retrieve, and serve your wiki content.
  • To respond to MCP tool calls from connected AI assistants acting on your behalf.
  • To monitor service health and debug errors.
  • To communicate service updates (no marketing without explicit consent).

4. Third-Party Services

Brains relies on the following third-party services to operate:

  • Supabase: database and file storage. Your wiki data is stored in Supabase-managed infrastructure. See supabase.com/privacy.
  • Railway: cloud hosting for the Brains API server. See railway.app/legal/privacy.
  • Anthropic Claude / OpenAI ChatGPT: when you connect an AI assistant, queries and tool results are transmitted to that provider under their terms. We do not control how those providers handle query data.

We do not sell, rent, or share your data with any other third parties.

5. Data Storage & Retention

Your wiki content is retained for as long as your account is active. OAuth access tokens expire after 60 minutes; refresh tokens expire after 30 days. You can delete your account and all associated data at any time by emailing hello@usebrains.app. We will permanently delete your data within 30 days of a verified deletion request.

6. Security

All data in transit is encrypted via HTTPS. OAuth tokens are stored encrypted at rest. We validate OAuth client credentials and rotate tokens on every refresh. We apply principle of least-privilege access controls throughout. Despite these measures, no system is perfectly secure — use Brains accordingly.

7. Your Rights

You have the right to:

  • Access: request a copy of the data we hold about you.
  • Correction: update inaccurate account information.
  • Deletion: request permanent deletion of your account and all associated data.
  • Portability: export your wiki content at any time using the Brains export tool.

To exercise any of these rights, email hello@usebrains.app.

8. Children

Brains is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us personal data, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy. Material changes will be communicated by email or in-app notice at least 14 days before they take effect. The “Effective” date at the top reflects the latest revision.

10. Contact

Privacy questions or requests? Email hello@usebrains.app.