Privacy Policy
Last updated: March 31, 2026
1. Introduction
BrainyBuddy is an AI-powered academic platform designed to help students and professors plan, study, and teach more effectively. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service, in compliance with the General Data Protection Regulation (GDPR) and applicable Spanish and European Union data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
- Name: Sergio Verdugo
- Email: sverdugorub@gmail.com
- Location: Spain, European Union
3. What Data We Collect
We collect the following categories of personal data:
Account Information
Email address, name, and profile picture obtained via Google OAuth during account registration.
Study Data
Tasks, courses, study blocks, calendar events, and scheduling preferences you create and manage within the platform.
Course Materials
Uploaded PDFs, documents, and images that you provide for course-related features. These are stored securely on Supabase infrastructure.
AI Interaction Data
Chat messages, and AI-generated content including flashcards, practice exams, study notes, and presentations.
Usage Data
Credit consumption, feature usage metrics, and login timestamps.
Technical Data
Browser type, device information, and IP address collected for security and service reliability purposes.
4. How We Use Your Data
We process your personal data for the following purposes:
- Service delivery and improvement: Providing core platform features including AI scheduling, study tools, and content management.
- AI features: Powering course-aware chat, exam generation, grading, flashcard creation, and scheduling via Google Gemini models.
- Calendar synchronization: Two-way sync with Google Calendar API and ICS feed imports.
- Authentication: Verifying your identity via Supabase Auth with Google OAuth.
- Communication: Sending essential notifications about your account and service changes.
5. Third-Party Services
We use the following third-party services to operate BrainyBuddy:
- Supabase — Authentication and database hosting. Infrastructure located within the European Union.
- Google — OAuth authentication, Gemini AI models for content generation, and Calendar API for synchronization.
- Render — Application hosting and deployment infrastructure.
- Sentry — Error monitoring and performance tracking (optional, used for service reliability).
6. Cookies and Local Storage
BrainyBuddy uses the following cookies and local storage:
| Type | Purpose | Required |
|---|---|---|
| Essential | Supabase authentication session token | Yes |
| Functional | Theme preference (light/dark), cookie consent choice | No |
| Analytics | None currently active | No |
You can manage cookies through your browser settings. Please note that disabling essential cookies may prevent the application from functioning correctly.
7. Data Retention
- Your personal data is retained for as long as your account remains active.
- You can request deletion of your data at any time by contacting us.
- Upon receiving a deletion request, your data will be removed within 30 days.
- Automated backups may retain copies of your data for up to 90 days after deletion.
8. Your Rights Under GDPR
As a data subject in the European Union, you have the following rights:
- Right of access — Request a copy of the personal data we hold about you.
- Right to rectification — Request correction of inaccurate or incomplete data.
- Right to erasure — Request deletion of your personal data (“right to be forgotten”).
- Right to data portability — Receive your data in a structured, commonly used, machine-readable format.
- Right to restrict processing — Request limitation of how we process your data.
- Right to object — Object to the processing of your personal data.
- Right to withdraw consent — Withdraw your consent at any time where processing is based on consent.
- Right to lodge a complaint — File a complaint with the Agencia Española de Protección de Datos (AEPD), the Spanish Data Protection Agency, at www.aepd.es.
To exercise any of these rights, please contact us at sverdugorub@gmail.com. We will respond to your request within 30 days.
9. Data Security
We implement industry-standard security measures to protect your personal data, including SSL/TLS encryption for all data in transit, secure authentication mechanisms, and access controls. While no system is completely secure, we are committed to protecting your information and regularly review our security practices.
10. International Data Transfers
Some of our third-party processors, particularly Google, may transfer your data outside the European Economic Area (EEA). Where such transfers occur, they are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.
11. Children's Privacy
BrainyBuddy is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us at sverdugorub@gmail.com and we will take steps to delete such information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. For material changes, we will notify you via email at the address associated with your account. We encourage you to review this page periodically for the latest information.
13. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: sverdugorub@gmail.com
© 2026 BrainyBuddy