BrainStorm Privacy Policy

Last updated: 21 May 2026 · Effective immediately

This Privacy Policy describes how the BrainStorm mobile application (“BrainStorm,” “the App,” “we,” “us,” or “our”) collects, uses, stores, and protects information when you use the App. By creating an account or using BrainStorm you agree to the practices described below.

1. Who we are

BrainStorm is an educational trivia application covering Computing, History (Ghana and the wider world), Science, Security, Military, Police, Navy, Agriculture, and Robotics. The App is published and operated by the developer reachable at the contact details in Section 12.

2. Information we collect

We collect only the information needed to provide the service:

• Account data — the email address, display name, and password you provide during registration. Your password is never stored in plain text; we store only a one-way bcrypt hash.
• Gameplay data — quiz attempts, daily-challenge results, Time-Attack scores, the answers you select, and aggregate statistics such as accuracy and category mastery.
• AI tutor inputs — questions and prompts you send to the in-app AI tutor or explanation feature, processed by Google Gemini on our behalf to generate a response. Inputs are not used to train third-party models.
• Technical data — standard request metadata (IP address, timestamp, user-agent, app version) kept in short-term server logs solely for security, abuse prevention, and debugging.

We do not collect: precise location, contacts, microphone audio, camera images, phone numbers, advertising identifiers, files on your device, or any biometric data. The App requests no runtime permissions beyond network access.

3. How we use information

We use your information exclusively to:

• create and authenticate your account;
• save your quiz history, scores, daily streaks, and badges;
• compute leaderboards, titles, and mastery tiers;
• provide AI explanations and tutor responses;
• detect and prevent abuse, fraud, or violations of our terms;
• improve the quality of the App.

We do not sell or rent your personal information to any third party.

4. Legal basis (GDPR / Ghana DPA)

Where the EU GDPR or Ghana’s Data Protection Act 2012 (Act 843) applies, the legal bases for processing are: (a) contract — processing necessary to provide the service you signed up for; (b) legitimate interests — security, abuse prevention, and product improvement; and (c) consent — for any optional features we may add in the future.

5. Sharing & third parties

We share information only with the limited service providers below, and only as needed:

• Hosting — our application server and MySQL database are hosted by our infrastructure provider. Data is encrypted in transit (HTTPS/TLS).
• Google Gemini API — when you use the AI tutor or AI explanation feature, the text of your question and the relevant quiz item is sent to Google to generate a response. Refer to Google’s privacy terms at policies.google.com/privacy.
• Legal requirements — we may disclose information when required by law, court order, or to protect the rights, property, or safety of users or the public.

6. Data retention

Account and gameplay data are retained for as long as your account is active. Server access logs are retained for up to 30 days. When you delete your account (see Section 8), your user record and all linked attempts are removed within 30 days, except where retention is required by law.

7. Security

We protect your data using industry-standard measures: TLS 1.2+ for all network traffic, bcrypt password hashing, signed JSON Web Tokens for authentication, parameterised SQL queries, and least-privilege database access. No system is perfectly secure, but we work in good faith to protect your information.

8. Your rights

You may at any time:

• access the data we hold about you;
• correct inaccurate information;
• request a copy of your data in a portable format;
• request deletion of your account and associated data;
• withdraw any consent you have given.

To exercise these rights, contact us at the address in Section 12. We will respond within 30 days. EU/EEA residents may also lodge a complaint with their local supervisory authority. Ghana residents may contact the Data Protection Commission of Ghana.

9. Children’s privacy

BrainStorm is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact us and we will delete it promptly.

10. International data transfers

Our servers may be located outside your country of residence. By using the App you consent to the transfer of your information to those locations. We rely on contractual safeguards and the security measures in Section 7 to protect your data wherever it is processed.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in-app or via the “Last updated” date at the top of this page. Continued use of BrainStorm after a change constitutes acceptance of the updated policy.

12. Contact

Privacy questions, data-access requests, and account-deletion requests:
Email: anabast6@gmail.com
Subject line: “BrainStorm Privacy Request”