BrainBuddy
Get started

Last updated: 2026-05-13

Privacy Policy

BrainBuddy is an AI assistant that lets you save anything you read — articles, PDFs, screenshots, emails, your own notes — and ask questions across all of it. This policy explains what data we collect, how we use it, and the controls you have.

1. What we collect

  • Account data. Email address. Password hash (or a Google account ID if you sign in with Google) — never the password itself.
  • Content you save. The text, files, URLs, images, and emails you explicitly add to your library, plus metadata we derive (titles, summaries, extracted entities, embeddings).
  • Usage signals. Chat history with the assistant; quotas consumed; error reports; anonymous product analytics when enabled.

2. How we use it

  • Process the content you save into a per-account knowledge graph + vector index so you can search and chat across it.
  • Answer your chat questions by retrieving relevant chunks of your saved content and synthesising an answer with citations.
  • Operate the service: authenticate sessions, enforce plan quotas, send transactional emails (verification, password reset, billing receipts).

We do not use your content to train AI models. We do not sell it. We do not show it to other users.

3. Google Workspace Add-on (Gmail) — what we access and why

The BrainBuddy Gmail add-on lets you save an open Gmail message to your BrainBuddy library with one click. The add-on requests the following Google API scopes:

  • openid + https://www.googleapis.com/auth/userinfo.email — used by Sign in with Google so we can match your Google identity to your BrainBuddy account.
  • https://www.googleapis.com/auth/gmail.addons.execute — required for the add-on to run inside Gmail. No data is read or written by this scope alone.
  • https://www.googleapis.com/auth/gmail.addons.current.message.readonly — lets the add-on read the subject, sender, date, and body of the message you have open only when you click "Save to BrainBuddy". The add-on does not read other messages, does not run in the background, does not write or send mail.
  • https://www.googleapis.com/auth/script.external_request — lets the add-on send the email content you chose to save to the BrainBuddy backend over HTTPS.

Saved emails are processed the same way as any other content you save (chunked, embedded, indexed in your private knowledge graph). They are visible only to you. You can delete any saved email — or your entire account — from Settings at any time.

BrainBuddy's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Who we share data with (subprocessors)

We use the following processors strictly to operate the service. None of them retain your content beyond what is required to provide their service to us.

  • Google Cloud — hosting, secret management, Firebase Cloud Messaging (Android push).
  • Neo4j Aura — managed graph database (your per-account knowledge graph).
  • Anthropic and OpenAI — LLM inference for chat answers, summaries, and entity extraction. Content is sent at inference time and not retained for model training (per Anthropic + OpenAI's enterprise terms we operate under).
  • Stripe — payment processing for paid plans.
  • Resend — transactional emails (verification, password reset).
  • Sentry — error tracking (does not receive your library content).
  • PostHog — anonymous product analytics (does not receive your library content). Opt out from Settings.

5. Retention and deletion

  • Saved content is retained for as long as your account exists.
  • You can delete any individual document at any time from your library — the underlying chunks, embeddings, and entities are also removed.
  • You can delete your entire account from Settings → Danger zone. This permanently removes all your saved content, chat history, billing relationship, and account record. There is no soft-delete or grace period.

6. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Each user's content lives in a physically isolated database (one Neo4j database per account); cross-account data access is impossible at the query layer by design. We do not store plaintext passwords.

7. Your rights

  • Access + export everything you've saved as a ZIP, anytime, from Settings.
  • Correct or delete any specific item, anytime, from your library.
  • Delete your entire account, anytime, from Settings.
  • Revoke the Gmail add-on's access at any time from your Google account permissions page.

8. Contact

Questions, data requests, or concerns: support@brainbuddy.morgansenechal.com.