Privacy Policy

BrainDock ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our focus assistance application ("the Application"), including our desktop app and online dashboard.

This policy is designed to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), as well as provide transparency for users in other jurisdictions including the European Union (GDPR) and United Kingdom (UK GDPR).

Please read this Privacy Policy carefully. By using the Application, you consent to the practices described in this policy.

BrainDock is a focus assistance application that helps users observe their study and work sessions using camera-based presence awareness. Users can create an account to sync session history and settings across devices and view their data via an online dashboard.

Contact Information:

• Email: morayya@thebraindock.com or help.thebraindock@gmail.com
• Website: thebraindock.com

We collect different types of information to provide and improve our service.

What we capture:

• Visual frames from your device's camera during active sessions started by you.

What we analyse:

• Whether a person is present at the desk
• Whether the person appears to be engaged with distraction devices (phones, tablets, game controllers, and other configurable items)
• General presence indicators (at desk vs. away)

What we do NOT analyse or collect:

• Your identity or facial features for recognition purposes
• Biometric templates or biometric identifiers
• Audio from your microphone
• Keystrokes or typing content

Processing:

• Frames are captured approximately every 3 seconds during active sessions only
• Frames are transmitted to our AI processing providers (OpenAI or Google Gemini) for analysis
• Frames are NOT stored locally on your device
• Frames are NOT stored on our servers

What we observe:

• Active window and browser tab titles (e.g., "YouTube - Google Chrome")
• Browser URLs when detectable
• Active application names

How it works:

• Window titles and URLs are compared against your list of distraction apps/websites
• This processing happens locally on your device
• Window titles and URLs are NOT sent to third-party services (unless AI Screenshot Analysis is enabled)

What we do NOT observe:

• Content within windows or applications
• Text you type or read
• Files you open or create

This feature is disabled by default. You must explicitly enable it in Application settings.

When enabled:

• The Application captures screenshots of your screen
• Screenshots are transmitted to our AI providers (OpenAI or Google Gemini) for analysis
• AI analyses the screenshot to identify distraction content
• Screenshots are processed in real-time and NOT stored on your device or our servers

What the AI analyses:

• Whether distraction apps/websites are visible
• General screen content category (work, entertainment, social media, etc.)

What the AI does NOT extract:

• Text content or readable information from screenshots
• Personal data visible on screen
• File names, passwords, or sensitive information

Important warnings:

• Screenshots may capture sensitive information visible on your screen
• Ensure no confidential information is visible when this feature is enabled
• You can disable this feature at any time

The following data is generated during focus sessions:

If you are logged in, session summaries (timestamps, event timeline, focus statistics, session title, category, and goals) are synced to your BrainDock cloud account so you can view your history via the online dashboard.

When you purchase usage hours:

We do not directly collect or store your payment card details. Your usage balance (hours purchased and hours used) is stored in your cloud account and cached locally on your device.

We may collect minimal technical data for troubleshooting:

• Error logs (may include timestamps, error messages)
• Application version
• Operating system type

Note: We design our logging to avoid capturing personal information. However, error logs may inadvertently contain personal data in some circumstances.

When you create an account or log in to the Application, we collect:

• Email address - used for your account and to deliver purchase confirmations
• Device identifier - an anonymous identifier derived from your device, used to manage device registration
• Basic device information - device name, operating system, and app version

Authentication tokens are stored securely on your device, using your operating system's keychain where available.

Your settings (such as monitoring mode, enabled distraction items, and blocklist preferences) are synced between your account and your device so they persist across sessions.

We explicitly confirm that BrainDock does NOT collect biometric information.

Specifically, we do NOT:

• Perform facial recognition or facial identification
• Create facial geometry maps or templates
• Store biometric identifiers or biometric templates
• Use biometric information for automated biometric verification or identification
• Match or verify user identity using biological characteristics
• Create profiles that could uniquely identify you

Our AI processing analyses only:

• General presence (is a person visible?)
• Position (is the person at the desk or away?)
• Object identification (is a phone/tablet/controller being actively used?)

This is fundamentally different from biometric processing. We process the content of frames to identify objects and presence. We do not extract or store any biometric characteristics.

We use collected information for the following purposes:

We use third-party AI services for image analysis. Only one provider is used at a time during any given session, but we may switch between providers. Our current providers are:

What is disclosed: Camera frames during active sessions

Why: To perform AI-based presence and object identification

Location: United States

Their data practices:

• OpenAI may retain API data as per OpenAI's policy
• OpenAI Privacy Policy: https://openai.com/privacy
• OpenAI API Data Usage: https://openai.com/policies/api-data-usage-policies

What is disclosed: Camera frames during active sessions

Why: To perform AI-based presence and object identification

Location: United States

Their data practices:

• Google's Gemini API may retain data for safety observation and abuse prevention
• Google Privacy Policy: https://policies.google.com/privacy
• Google Cloud Data Processing Terms: https://cloud.google.com/terms/data-processing-terms
• Gemini API Terms: https://ai.google.dev/gemini-api/terms

Our safeguards (apply to all providers):

• We use API-only services (not consumer products)
• We send only the minimum data required for analysis
• We use optimised settings to reduce data transmission where available
• We do not send identifying metadata with frames

What is disclosed: Payment and contact information you provide at checkout

Why: To process your payment and deliver your usage hours

Location: United States (with global operations)

Their data practices: https://stripe.com/privacy

What is stored: Your account information, session summaries, usage balance, device registration, and settings

Why: To provide account management, session history via the online dashboard, and cross-device settings sync

Location: United States (hosted on Amazon Web Services)

Their data practices: https://supabase.com/privacy

All data is protected by row-level security policies, ensuring users can only access their own data.

We may disclose your information:

• Legal Requirements: If required by law, court order, or government request
• Protection of Rights: To protect our rights, privacy, safety, or property
• Business Transfer: In connection with a merger, acquisition, or sale of assets (with notice to you)

We do NOT:

• Sell your personal information
• Share data for third-party marketing
• Trade in personal information

Your camera frame data is transferred to the United States for processing by our AI providers (OpenAI and/or Google Gemini).

We use cloud-based AI vision APIs (OpenAI Vision and Google Gemini) because they provide the most accurate and privacy-preserving method for presence awareness without requiring on-device facial recognition or biometric processing.

We take the following steps to protect your data:

1. Contractual Protections: Both OpenAI and Google are bound by their published data usage policies and enterprise terms
2. Data Minimisation: We send only camera frames (and screenshots if enabled), not identifying metadata
3. No Permanent Storage: Frames and screenshots are processed in real-time and not permanently stored by us
4. Reputable Providers: Both OpenAI and Google maintain SOC 2 compliance and enterprise security standards

By using the Application, you consent to this cross-border transfer. If you do not consent, please do not use the Application.

For users in the European Union or United Kingdom, transfers to the US are conducted in accordance with applicable data transfer mechanisms under GDPR/UK GDPR.

We maintain the following retention practices:

Session data and reports stored locally on your device can be deleted at any time by:

1. Deleting files from the Application's data directory
2. Uninstalling the Application
3. Using your operating system's file management tools

To delete your cloud-stored data (session history, account information, and device registrations), contact us or delete your account via the dashboard.

Once frames are transmitted to our AI providers (OpenAI or Google Gemini), their retention is governed by those providers' respective policies. We cannot delete this data on your behalf.

We implement reasonable security measures to protect your information:

• Encryption in Transit: All data transmitted to third parties uses TLS/HTTPS encryption
• Local Storage: Session data is stored in standard file formats on your device, protected by your device's security
• Cloud Storage: Cloud-stored data is protected by row-level security policies and encrypted connections
• Authentication: Tokens are stored in your operating system's secure keychain where available
• API Security: We use secure API authentication with our service providers

• Access to systems is limited to authorised personnel
• We follow secure development practices
• We regularly review and update security measures

You are responsible for:

• Securing your device with appropriate passwords/biometrics
• Keeping your operating system and the Application updated
• Keeping your account credentials secure
• Protecting any exported reports containing session data

Visual data is shared with our AI providers (OpenAI or Google Gemini) for processing. Any data breach involving this data is the responsibility of those AI providers as per their respective policies.

BrainDock expressly disclaims liability for any data breaches, security incidents, or unauthorised access that occurs:

• At the AI provider level (OpenAI or Google Gemini)
• At the payment processor level (Stripe)
• At the cloud infrastructure level (Supabase)
• On your local device due to unauthorised access

Session data stored locally on your device is your responsibility to secure. If your device is compromised, you should report to relevant authorities as appropriate.

Under the Australian Privacy Principles, you have the right to:

• Access: Request access to personal information we may hold about you
• Correction: Request correction of inaccurate information
• Complaint: Lodge a complaint if you believe we have breached the APPs

To exercise these rights, contact us using the details in Section 2.

Note: Because most data is stored locally on your device, you already have direct access to and control over this information.

If you are in the EU or UK, you have additional rights including:

• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Contact us at morayya@thebraindock.com or help.thebraindock@gmail.com with:

• Your name and contact details
• A description of what you are requesting
• Any information to help us locate your data

We will respond within 30 days (or sooner if required by applicable law).

If you are not satisfied with our response, you may lodge a complaint with:

Australia:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992

EU:
Your local Data Protection Authority

UK:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk

IMPORTANT: Your camera may capture other people in your environment.

If other individuals may appear in your camera's view (housemates, family members, colleagues, visitors, people on video calls), you are responsible for:

• Informing them that camera capture is occurring
• Obtaining their consent where required by law
• Positioning your camera to minimise third-party capture
• Not using the Application if you cannot obtain appropriate consent

We cannot:

• Identify or filter out third parties from frames
• Obtain consent on your behalf
• Accept responsibility for your capture of others

• Use the Application in a private space
• Position your camera to show only your immediate workspace
• Pause sessions when others enter your space
• Inform household members that you use focus assistance software

Users under 18 years of age should use the Application under parents / legal guardian's supervision or permission or both. The parent or legal guardian is responsible for:

• Reviewing this Privacy Policy
• Supervising the user's use of the Application
• Ensuring appropriate consent for camera capture

If we learn we have collected personal information from a user under 18 without parental consent, we will take steps to delete that information.

If you use BrainDock on your own initiative for personal productivity at work:

• You are responsible for complying with your employer's policies
• Session data on your work device may be subject to employer access

If an employer deploys BrainDock to observe employees:

• The employer becomes a controller of data collected through the Application
• The employer must provide their own privacy notice to employees
• The employer must comply with workplace observation laws
• We are not responsible for the employer's data handling practices

This Privacy Policy applies to our direct relationship with users, not to employer-employee relationships.

The desktop application does not use any web technologies for data collection.

If you visit any associated websites, those sites may use cookies as described in their respective privacy notices.

We may update this Privacy Policy from time to time. Changes will be indicated by the "Last Updated" date at the top.

For material changes, we will notify you through:

• In-app notification
• Email (if available)
• Notice on our website

Your continued use of the Application after changes constitutes acceptance of the updated Privacy Policy.

California residents have specific rights under the California Consumer Privacy Act. Contact us for information about exercising these rights.

If you are located in a jurisdiction with specific privacy laws not addressed here, please contact us to discuss how we can accommodate your rights.

For transparency, here is a summary of how data flows through our Application:

+------------------------------------------------------------------+
|                        YOUR DEVICE                               |
+------------------------------------------------------------------+
|                                                                  |
|  CAMERA AWARENESS (activated when selected)                      |
|  Camera -> Captures frames -> Sent to AI -> Returns presence info|
|                                                                  |
|  SCREEN AWARENESS (activated when selected)                      |
|  Window titles & URLs -> Checked locally against your list       |
|  (NOT sent to AI unless screenshot analysis enabled)             |
|                                                                  |
|  SCREENSHOT ANALYSIS (optional, disabled by default)             |
|  If enabled: Screenshot -> Sent to AI -> Returns distraction info|
|  (Screenshots are NOT stored)                                    |
|                                                                  |
|  Results stored locally -> Session logs, statistics              |
|       |                                                          |
|  PDF Report generated -> Saved to Downloads on your device       |
|                                                                  |
+------------------------------------------------------------------+
                              |
                              v
+------------------------------------------------------------------+
|              AI PROVIDERS (Only one used at a time)              |
+------------------------------------------------------------------+
|                                                                  |
|  OPENAI                         GOOGLE GEMINI                    |
|  - Vision API                   - Gemini Vision API              |
|  - Located in US                - Located in US                  |
|  - As per OpenAI's policy       - As per Google's policy         |
|                                                                  |
|  Both providers receive:                                         |
|  - Camera frames (for presence/gadget identification)            |
|  - Screenshots if enabled (for distraction identification)       |
|  - Return identification results only                            |
|                                                                  |
+------------------------------------------------------------------+

Data NOT Collected:
X Biometric templates
X Facial recognition data  
X Audio
X Keystroke data
X File contents
X Passwords or sensitive text from screenshots

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: morayya@thebraindock.com or help.thebraindock@gmail.com

Website: thebraindock.com

We aim to respond to all enquiries within 30 days.

By using BrainDock, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

This Privacy Policy was last updated in February 2026.

This policy is designed to comply with applicable privacy laws and regulations globally. However, this document does not constitute legal advice. We recommend consulting with a qualified privacy lawyer for advice specific to your situation.