Privacy Policy

1. Who We Are

Brain47 ("we", "us", "our") operates the brain47.com website and application. We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection laws including the EU GDPR and California Consumer Privacy Act (CCPA).

2. Data Controller

Brain47 is the data controller for the personal data we collect through our service. For data protection enquiries, contact us at support@brain47.com.

3. Information We Collect

Account information: Email address, display name, and authentication data (including Google OAuth profile data if you sign in with Google).

Usage data: Stocks you track, portfolio holdings you import, reports you generate, scanner usage, and interaction preferences (risk tolerance, investment goals).

Technical data: Browser type, device type, IP address, timezone, and access logs collected automatically when you use our service.

Financial data: If you import portfolio data (e.g. Trading 212 CSV), we process transaction history including stock symbols, share quantities, and cost basis. We do NOT access your brokerage account directly and we do NOT store login credentials for any third-party brokerage.

4. How We Use Your Data

We process your data for the following purposes under the following lawful bases:

• Contract performance: To provide the Brain47 service, generate AI reports, run stock analysis, and deliver notifications you have opted into.
• Legitimate interest: To improve our service, fix bugs, monitor performance, prevent fraud, and conduct internal analytics.
• Consent: To send marketing communications (you can withdraw consent at any time).

5. Data Storage and Security

Your data is stored securely on Supabase (hosted on AWS infrastructure). Data is encrypted in transit (TLS 1.2+) and at rest. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

6. Third-Party Services

We use the following third-party services that may process your data:

• Supabase: Database hosting and authentication
• Vercel: Application hosting and deployment
• Google: OAuth authentication (if you sign in with Google)
• OpenAI: AI report generation (your investment profile data may be included in prompts sent to OpenAI for report generation; OpenAI does not use API data for training)
• Google Gemini: Market data retrieval and stock analysis
• Resend: Transactional email delivery

We do not sell your personal data to any third party. We do not share your data with third parties for their own marketing purposes.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g. fraud prevention, financial record-keeping).

8. Your Rights

Under UK GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Restriction: Request restriction of processing
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at support@brain47.com. We will respond within 30 days.

9. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party services (Supabase, Vercel) may set their own essential cookies for functionality.

10. International Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, including the United States (where Supabase, Vercel, OpenAI, and Google operate). These transfers are protected by appropriate safeguards including Standard Contractual Clauses and adequacy decisions.

11. Children

Brain47 is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children under 18.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of Brain47 after changes constitutes acceptance of the updated policy.

13. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk, or your local supervisory authority.

14. Contact

For any privacy-related questions or to exercise your data rights, contact us at support@brain47.com.