Privacy Policy

Effective Date: April 15, 2026

Last Updated: April 20, 2026

This Privacy Policy describes how BrainRank ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you access or use our website, applications, and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and password. You may optionally provide additional profile information including a username, biography, and profile picture (avatar). Your username, biography, and avatar are publicly visible once set.

1.2 Content You Upload

When you use the Service to analyze content, we collect and store the media you upload, including video files, image files, and text submissions. This content is stored in our cloud infrastructure and is used solely to perform the analysis you request.

1.3 Analysis Results

When we process your content through our AI analysis pipeline, the resulting neural activation scores, segment data, brain region activations, and associated metadata are stored in our database and linked to your account.

1.4 Payment Information

Paid plans are paused during the research beta. The Stripe integration is retained for future use but is not currently collecting any payments.

If you subscribe to a paid plan once paid tiers resume, your payment is processed by our third-party payment processor, Stripe, Inc. We transmit your email address to Stripe to create a customer record. We do not receive, store, or process your credit card number, CVV, or full billing details. Stripe's collection and use of your payment information is governed by the Stripe Privacy Policy.

1.5 Usage Data

We track credit consumption for free-tier users to enforce daily usage limits. This includes records of when analyses were initiated and which job they correspond to. We also store subscription status information (active, canceled, etc.) synced from Stripe via webhooks.

To prevent abuse, we apply rate limits on content-submission endpoints using Upstash, a managed Redis service. Upstash stores a short-lived record of your user identifier and request timestamp solely to enforce per-user request limits. These records expire automatically and are not used for any other purpose.

When an analysis you submitted completes or fails, we send you a transactional email (for example, "Your analysis is ready") via Resend, our email delivery provider. To send these emails, we share your email address, the analysis filename, and a link to the result page with Resend. We do not use Resend for marketing emails, and we do not send promotional communications without your separate consent.

1.6 Automatically Collected Information

We use essential authentication cookies provided by Supabase to maintain your login session. These are strictly functional cookies required for the Service to operate.

We use Vercel Analytics, a first-party, privacy-friendly analytics service provided by our hosting provider Vercel, Inc., to measure aggregate traffic and performance. Vercel Analytics:

• Does not set cookies or use browser local storage for tracking.
• Does not collect personally identifiable information.
• Does not track you across other websites.
• Collects aggregated page view counts, referrer information, device/browser type, and approximate country-level location derived from IP address. IP addresses are hashed and not stored.

Because Vercel Analytics is cookieless and does not collect personal data, it operates without requiring your consent. You may still opt out by enabling "Do Not Track" in your browser, which Vercel Analytics honors.

If you consent to analytics cookies, we use PostHog, a product analytics platform, to collect usage data including:

• Pages viewed and navigation patterns
• Feature usage and interaction events (clicks, form submissions, feature usage, subscription events)
• Device type, browser type, and operating system
• Approximate location derived from IP address (country/region level only)
• Session duration and frequency
• A persistent identifier linking events to your account after you log in

PostHog data is collected only after you provide consent via our cookie banner. You may decline analytics cookies, and the Service will function normally without them. You may withdraw your consent at any time by clearing your browser's local storage for this site, which will cause the banner to reappear.

We do not use:

• Advertising cookies or pixels
• Third-party advertising networks (e.g., Meta Pixel, Google Ads)
• Device fingerprinting
• Cross-site tracking

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service, including processing your content through our AI analysis pipeline
• Process payments and manage your subscription
• Track and enforce credit usage limits for free-tier accounts
• Display your public profile and public analyses on the Discover page and your profile page (only when you choose to make content public)
• Communicate with you about service-related matters, including account verification, billing, and policy changes
• Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities
• Comply with legal obligations

3. How We Process Your Content

When you submit content for analysis, the following processing occurs:

1. Your uploaded media is stored securely in our cloud storage infrastructure (hosted by Supabase).
2. A URL referencing your uploaded content is transmitted to RunPod, a third-party GPU compute provider, where Meta's TRIBE v2 brain-predictive foundation model processes the content and generates neural activation predictions.
3. The resulting analysis data (scores, segments, brain region activations) is returned to our servers and stored in our database.

Important:

• We do not use your content to train, fine-tune, or improve any AI or machine learning models.
• We do not sell, license, or otherwise distribute your raw content to third parties for marketing or advertising.
• Your raw content is processed solely to deliver the analysis you requested and to support the non-commercial research dataset described in our Contribution Agreement.
• During the research beta, the derived mathematical neural-activation predictions (not the raw media you uploaded) may be aggregated and shared with the AI research community in accordance with the Contribution Agreement.

4. Third-Party Service Providers

We engage the following third-party service providers to operate the Service. Each provider's use of your data is governed by their own privacy policy:

We do not share your personal information with any other third parties for marketing, advertising, or data brokering purposes.

5. Public Content & Social Features

• Private by default. All analyses are private when created. You must explicitly choose to make an analysis public.
• Public analyses are visible on the Discover page and your public profile page. Other authenticated users may view and bookmark your public analyses.
• Public profiles display your username, avatar, biography, and any analyses you have made public.
• View counts on public analyses are tracked anonymously. We do not record the identity of individual viewers.
• You may change an analysis from public to private (or vice versa) at any time.

6. Cookies & Tracking Technologies

BrainRank uses the following categories of cookies:

Essential Cookies (Always Active)

Authentication session cookies provided by Supabase are strictly necessary for the Service to function. These cookies maintain your login session and cannot be opted out of while using the Service. They do not track your behavior or collect analytics data.

First-Party Analytics (No Cookies)

We use Vercel Analytics, which measures aggregate traffic without setting cookies, without using browser local storage for tracking, and without collecting personally identifiable information. Because it does not rely on cookies or personal data, it does not require consent. You may opt out by enabling your browser's "Do Not Track" setting.

Analytics Cookies (Consent Required)

With your consent, we use PostHog to set analytics cookies (and local storage entries) that help us understand how you use the Service. These track page views, feature interactions, and session data, and are tied to your account identifier once you log in. Analytics cookies are only set after you click "Accept" on our cookie consent banner.

You can manage your cookie preferences at any time:

• On first visit: A cookie consent banner will appear at the bottom of the page. You may accept or decline analytics cookies.
• To change your choice: Clear your browser's local storage for this site, and the consent banner will reappear on your next visit.
• Browser settings: You can block all cookies through your browser settings, though this may affect the functionality of the Service.

We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies.

7. Data Retention

• Account data is retained for as long as your account is active.
• Uploaded content and analysis results are retained until you delete them or delete your account.
• Credit usage records are retained for billing audit and compliance purposes.
• Payment and subscription records synced from Stripe are retained for financial reconciliation and legal compliance.
• Account deletion: You may request deletion of your account and associated data by contacting us. Upon account deletion, we will remove your personal data from our active systems, subject to any legal retention requirements.

8. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including:

• All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
• Database access is controlled through row-level security policies, ensuring users can only access their own data.
• Sensitive API keys and service credentials are stored server-side and never exposed to client applications.
• Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. You use the Service at your own risk.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe that a child under 13 has provided us with personal information, please contact us at the address below.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

All Users

• Access, correct, or update your account information through your Settings page.
• Delete individual analyses and their associated uploaded content.
• Toggle any analysis between public and private.
• Cancel your subscription at any time through the Billing settings.
• Request deletion of your account by contacting us.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Request deletion of your personal information.
• Opt out of the sale or sharing of your personal information. We do not sell or share your personal information.
• Not be discriminated against for exercising your privacy rights.

European Economic Area, United Kingdom & Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the right to:

• Access, rectify, or erase your personal data.
• Restrict or object to processing of your personal data.
• Data portability (receive your data in a structured, machine-readable format).
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local Data Protection Authority.

Our legal bases for processing your personal data include: performance of a contract (providing the Service), legitimate interests (improving and securing the Service), compliance with legal obligations, and your consent where applicable.

11. International Data Transfers

Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a revised "Last Updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: team@trybrainrank.com