Effective Date: 17:11:2024
TOBY & ABI LTD, MyBrainPill and its subsidiaries or affiliates (collectively,
“MyBrainPill”, “we”, “us”, and “our”) takes your privacy seriously. This Privacy Policy
explains how we collect, use, and share Personal Information when you use our brain training
mobile application (“App”) or visit our website (“Site”) (collectively, the “Services”).
Data Controller Information
The data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:
TOBY & ABI LTD
Email: kayode@mybrainpill.com https://www.mybrainpill.com
Table of Contents
What Information Do We Collect?
How Do We Use Your Information?
Legal Basis for Processing
How Do We Share Your Information?
Data Storage and Security
International Data Transfers
Data Retention
Your Rights Under GDPR
Your Rights Under CCPA (California Residents)
Children’s Privacy
Cookies and Tracking
Third-Party Services
Device Permissions
Changes to This Policy
Contact Us
What Information Do We Collect?
Information You Provide Directly
Account Information
Username/display name (optional)
Email address (for account recovery and communication)
Age range (for age-appropriate content)
Unique user ID (generated automatically)
Training Data
Game scores and performance metrics
Training session duration and frequency
Cognitive assessment results
Progress tracking data
Training preferences and settings
Device and Technical Information
Device type and model (iPhone, iPad, Android device)
Operating system and version
App version
Language settings
Country/region where app was downloaded
IP address (for security and fraud prevention)
Advertising identifiers (Google Advertising ID, Apple IDFA/IDFV)
Optional Information
Feedback and support requests
Survey responses
User-generated content (if applicable)
Information Collected Automatically
Usage Analytics
App opens and session duration
Button clicks and page views
Feature usage patterns
Training completion rates
Time spent on different activities
Crash reports and error logs
How Do We Use Your Information?
Core App Functionality
Provide personalized brain training experiences
Track your cognitive progress and performance
Deliver customized daily workouts
Sync data across your devices
Provide customer support
Service Improvement
Analyze app performance and user engagement
Develop new games and features
Fix bugs and technical issues
Conduct research to improve cognitive training effectiveness
Communication
Send important service updates
Provide customer support responses
Deliver push notifications (with your consent)
Send marketing communications (with your consent)
Legal and Business Operations
Comply with legal obligations
Prevent fraud and abuse
Protect our rights and property
Business transfers (with notice)
Legal Basis for Processing
Under GDPR, we process your data based on:
Consent (Art. 6(1)(a)) : For marketing communications, optional features, and advertisingContract Performance (Art. 6(1)(b)) : To provide our services and app functionalityLegal Obligations (Art. 6(1)(c)) : To comply with applicable lawsLegitimate Interests (Art. 6(1)(f)) : For analytics, security, fraud prevention, and service improvement
How Do We Share Your Information?
We do not sell your personal information. We may share your information in the following circumstances:
Service Providers
Cloud hosting services (AWS, Google Cloud)
Analytics providers (Firebase, Google Analytics)
Customer support platforms (Zendesk)
Payment processors (Google Play, Apple App Store)
Legal Requirements
Law enforcement agencies when legally required
Regulatory authorities for compliance
Legal proceedings and court orders
Business Transfers
In connection with mergers, acquisitions, or asset sales
You will receive 2 weeks’ notice and can delete your account before transfer
Aggregated Data
We may share anonymized, aggregated statistics that cannot identify you
Data Storage and Security
Data Protection Measures
Encryption of data in transit and at rest
Regular security assessments and vulnerability testing
Access controls and authentication measures
Secure cloud infrastructure with AWS/Google Cloud
Data Location
Primary servers located in the EU/UK/US
Backup servers may also be located in the US (with appropriate safeguards)
All international transfers comply with GDPR requirements
International Data Transfers
When we transfer your data outside the UK/EU, we ensure adequate protection through:
Adequacy decisions by the European Commission
Standard Contractual Clauses (SCCs)
Certification schemes (e.g., EU–US Data Privacy Framework)
US-based service providers are certified under the EU–US Data Privacy Framework where applicable.
Data Retention
We retain your personal data only as long as necessary for:
Account Data: Until account deletion or 3 years of inactivityTraining Data: Until account deletion or as required for service provisionSupport Requests: 2 years after resolutionAnalytics Data: 26 months (anonymized after 14 months)Legal Compliance: As required by applicable laws
Your Rights Under GDPR
Right of Access: Request confirmation of processing and access to your dataRight to Rectification: Correct inaccurate or incomplete dataRight to Erasure: Request deletion of your data under certain circumstancesRight to Restrict Processing: Limit how we process your dataRight to Data Portability: Receive your data in a portable formatRight to Object: Object to processing based on legitimate interestsRight to Withdraw Consent: Withdraw consent for consent-based processing
How to Exercise Your Rights:
Your Rights Under CCPA (California Residents)
Right to Know: What personal information we collect, use, and shareRight to Delete: Request deletion of your personal informationRight to Opt-Out: We do not sell personal informationRight to Non-Discrimination: Equal service regardless of privacy choices
Children’s Privacy
Age Requirements
Our app is intended for users 13 years and older
Users under 16 in the EU need parental consent for data processing
We do not knowingly collect data from children under 13
Parental Rights
Cookies and Tracking
Website Cookies
Essential Cookies: Required for website functionality
Analytics Cookies: Help us understand website usage (with consent)
Marketing Cookies: For advertising and marketing (with consent)
Mobile App Tracking
We do not track users across third-party apps or websites
In-app analytics help us improve app performance
You can opt out of analytics in app settings
Third-Party Services
App Store Platforms
Analytics and Infrastructure
Google Firebase: For app analytics and infrastructure
AWS: For cloud hosting and data storage
Google AdMob: For advertising (with consent)
Advertising
We may show ads using Google AdMob and other ad providers
You can opt out of personalized ads in app settings
Ads are removed with premium subscription
Device Permissions
iOS Permissions
Camera: For profile pictures and feedback (optional)
Notifications: For training reminders (optional)
Face ID/Touch ID: For app security (optional)
Android Permissions
Storage: For local data backup (optional)
Notifications: For training reminders (optional)
Fingerprint: For app security (optional)
Network Access: For app functionality (required)
All permissions are requested only when needed for specific features.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
We will post the updated policy on our website and in the app
We will update the “Effective Date” at the top
For material changes, we will provide prominent notice
Continued use constitutes acceptance of changes
Contact Us
Privacy Officer
MyBrainPillkayode@mybrainpill.com
General Support
Email: kayode@mybrainpill.com
Data Protection Authority
If you have concerns about our data practices, you can contact:
UK: Information Commissioner’s Office (ICO) – https://ico.org.uk
EU: Your local data protection authority