Privacy Policy

Effective Date: May 13, 2026

Brainloot, operated by Neuro Pathmaker LLC (“Company,” “we,” “us,” or “our”), is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and disclose information when you use the Brainloot mobile application and related services (the “Service”).

1. Information We Collect

1.1 Account Information

When you sign in with Apple (Sign In with Apple), we receive your unique Apple user identifier and, if you choose to share them, your name and email address. We do not collect Apple ID passwords.

1.2 Health Information You Enter

You may choose to log symptoms, factors (sleep, food, mood, medications), events, and notes about yourself or a person you care for. This is health information you control. We treat it as confidential and store it under row-level access controls so only you (and care-team members you explicitly invite) can read it.

1.3 HealthKit Data

With your explicit permission, the Brainloot iOS app reads selected health metrics from Apple HealthKit (such as sleep duration, heart rate variability, resting heart rate, steps, and active energy). HealthKit data:

• Is read only when you authorize it on a per-category basis.
• Is not used for advertising, sold to third parties, or shared with data brokers.
• Is stored encrypted in our database alongside your other logs.
• Can be revoked any time from iOS Settings → Health → Data Access & Devices → Brainloot.

1.4 Transactional Email

We use Resend to send transactional email (account confirmation, password resets, care-team invitations). Email addresses are shared with Resend solely for the purpose of delivering that email.

1.5 Storage

Application data is stored in Supabase (PostgreSQL with row-level security) on infrastructure located in the United States. Backups are encrypted at rest.

2. How We Use Information

• To operate the Service and run pattern detection on your data.
• To generate the reports and exports you request (such as appointment prep PDFs).
• To send you transactional email related to your account.
• To meet legal obligations.

We do not use your health data to train third-party AI models. We do not sell your data. We do not run targeted advertising.

3. Sharing

We share information only in these limited cases:

• Care team members you invite can read the data you grant them access to.
• Service providers (Apple, Supabase, Resend, Vercel, Anthropic for AI-assisted features) process data on our behalf under contractual confidentiality obligations.
• Legal compliance: in response to valid legal process. We will tell you when permitted by law.

4. Your Rights

You can export your data, delete your account, or revoke care-team access at any time from within the app. Deletion is permanent after a 30-day grace period.

5. Children

The Service is intended for adults (parents and caregivers). Caregivers may track health information about minors in their care. The minor is not a user of the Service.

6. Not Medical Advice

Brainloot is an educational and tracking tool. It is not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of qualified healthcare providers.

7. Changes to This Policy

We will post any updates here with a revised effective date. Material changes will be communicated by email.

8. Contact

Questions: privacy@brainloot.com.