Privacy Policy

Last updated: 24/10/2025

1. Introduction

BatchBrain ("we," "our," or "us") is an integrated ecosystem of growth and productivity that combines AI-powered mentorship, online learning, professional networking, content publishing, and productivity tools into a single platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application (including our Android TWA), and related services (collectively, the "Platform").

By creating an account or using BatchBrain, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Platform.

2. Information We Collect

2.1 Account Information

When you register, we collect:

• Required: Username, email address, and password (hashed and salted).
• Profile: Profile picture, bio, location, birth date, skills, interests, and professional role information you choose to provide.
• Social Links: GitHub and LinkedIn URLs you opt to connect to your profile.
• Contact: Optional public contact email and phone number.
• Social Authentication: If you sign up via Google, GitHub, or other social providers (via Django Allauth), we receive the profile information you authorize (name, email, avatar).

2.2 Learning & Course Data

• Courses you enroll in, create, or teach.
• Quiz attempts, answers, scores, and learner mastery records.
• Course progress, completion rates, and certification records.
• Learning roadmaps you create or follow.
• Reading and study time analytics.

2.3 AI & Chat Data

• Conversations with our AI Brain (powered by DeepSeek), including prompts and responses.
• AI Studio interactions and generated content.
• Chat messages sent to other users via our real-time chat system (powered by Django Channels).
• Chat room memberships and group conversation metadata.

2.4 Social & Community Data

• Feed posts, comments, and reactions you create.
• Followers, following, and professional network connections.
• Saved articles and bookmarked content.
• Blog posts and publications you author or interact with.

2.5 Productivity Data

• Tasks, to-do lists, and project boards you create.
• Calendar events and schedules.
• Productivity analytics and usage patterns.

2.6 Payment & Subscription Data

• Subscription plan details and billing history (processed securely via Stripe).
• We do not store full payment card numbers. Stripe processes all payment card data under their PCI-compliant infrastructure.

2.7 Technical & Usage Data

• IP address, browser type, device type, operating system.
• Pages visited, time spent, click patterns, and feature usage.
• Mobile device tokens for push notifications (via Firebase Cloud Messaging).
• Device registration information for notification delivery.

2.8 Content You Upload

• Files, images, and documents you upload via our file browser and media tools.
• Profile pictures and course materials (stored on Google Cloud Storage).
• Publication assets including EPUB, PDF, and cover images.

3. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Maintain the Platform: Operate your account, deliver courses, process payments, enable messaging, and provide all core features.
• AI-Powered Services: Power our AI Brain and AI Studio features using DeepSeek. Conversations are processed to generate responses; we do not use your conversation data to train or improve third-party AI models unless explicitly opted in.
• Personalization: Recommend courses, mentors, content, and connections tailored to your skills, interests, and goals.
• Notifications: Send push notifications via Firebase Cloud Messaging for messages, course updates, and platform announcements. You can control notification preferences in your account settings.
• Analytics & Improvement: Analyze usage patterns to improve the platform experience, fix bugs, and develop new features.
• Security: Protect against unauthorized access, fraud, and abuse using reCAPTCHA and security monitoring.
• Communication: Send service-related emails (password resets, payment receipts) and, with your consent, marketing communications. You can opt out of marketing at any time.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. Third-Party Services & Data Sharing

BatchBrain integrates with several third-party service providers to deliver our Platform. We share only the minimum data necessary for each service to function:

Data Sharing Principles:

• We never sell your personal information to third parties.
• We only share data with your consent, to provide a service you've requested, or when required by law.
• Third-party providers are bound by data processing agreements that prohibit unauthorized use of your data.
• Aggregated, anonymized data may be used for research and platform improvement without identifying individual users.
• In the event of a merger, acquisition, or asset sale, your data may be transferred with notice to you.

5. Cookies & Tracking Technologies

BatchBrain uses cookies and similar technologies to enhance your experience:

• Essential Cookies: Session cookies required for authentication, CSRF protection, and platform functionality. These cannot be disabled.
• Preference Cookies: Remember your theme preference (light/dark mode), language, and UI settings.
• Analytics Cookies: Understand how you use the Platform to improve our services.
• Third-Party Cookies: Stripe uses cookies for fraud detection and payment processing. reCAPTCHA uses cookies for risk analysis.

You can control cookies through your browser settings. However, disabling essential cookies may prevent the Platform from functioning correctly.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with services. Specifically:

• Active Accounts: We retain your data for the duration of your account's existence.
• Deleted Accounts: Upon account deletion, we remove or anonymize your personal data within 30 days, except where retention is required by law (e.g., payment records retained for 7 years for tax compliance).
• Backups: Encrypted backups may retain data for up to 90 days after deletion before being fully purged.
• Anonymized Data: Aggregated analytics data derived from your usage may be retained indefinitely after de-identification.

7. Your Rights & Choices

For All Users:

• Access & Update: View and edit your profile information at any time via Account Settings.
• Data Portability: Request a download of your personal data in a machine-readable format.
• Delete Account: Delete your account and associated data through Settings or by contacting us.
• Notification Preferences: Control push notification types and email marketing preferences in your account settings.

For EEA/UK Users (GDPR):

If you are located in the European Economic Area or the United Kingdom, you have additional rights:

• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data where it is no longer necessary for the purposes collected.
• Right to Restrict Processing: Request that we limit the processing of your data in certain circumstances.
• Right to Object: Object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Lodge a Complaint: File a complaint with your local data protection authority (e.g., the ICO in the UK).

For California Residents (CCPA/CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of personal information we have collected.
• Right to Opt-Out: We do not sell personal information, but you have the right to opt out of any future sale.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us at privacy@batchbrain.com. We will respond to your request within 30 days.

8. Push Notifications & Firebase Cloud Messaging

BatchBrain uses Firebase Cloud Messaging (FCM) to deliver push notifications to your device. Here's how this works:

• When you grant notification permission, FCM generates a unique device token that we store to route notifications to your device.
• Notifications may include: direct messages, course updates, task reminders, community activity, and platform announcements.
• You can disable push notifications at any time via your device settings or within the BatchBrain notification preferences.
• FCM collects minimal diagnostic data (delivery status, click rates) that cannot identify you individually.

9. Children's Privacy

BatchBrain is not intended for users under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data without verifiable parental consent, we will take steps to delete that information promptly. If you believe we may have collected data from a child, please contact us immediately at privacy@batchbrain.com.

10. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). Passwords are hashed and salted using Django's PBKDF2 algorithm.
• Infrastructure: Our servers are hosted in secure data centers with physical access controls, firewalls, and intrusion detection systems.
• Access Controls: Strict role-based access controls limit internal access to personal data to authorized personnel only.
• Audits: Regular security audits, dependency scanning, and penetration testing are performed.
• Subprocessors: All third-party subprocessors (Stripe, Google Cloud, etc.) maintain SOC 2 or equivalent certifications.

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breach affecting your personal information in accordance with applicable law.

11. International Data Transfers

BatchBrain operates globally. Your personal data may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and the European Union. When we transfer data from the EEA/UK to countries not deemed adequate by the European Commission, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Data Processing Agreements (DPAs) with our subprocessors.
• Stripe, Google Cloud, and Firebase all maintain SCC-compliant data processing terms.

By using BatchBrain, you consent to the transfer of your data to these countries, subject to the safeguards described in this policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a revised "Last updated" date.
• Sending an email notification to the address associated with your account for significant changes.
• Displaying a prominent notice on the Platform for a reasonable period.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team: