Privacy Policy

Introduction

Welcome to SecondBrain, your intelligent knowledge management companion. SecondBrain helps you capture and organize content from any platform—whether it's a social media post, article, or your own thoughts—and transforms scattered information into a structured, searchable knowledge base. With our intuitive three-level tagging system, you can instantly find any saved content and never lose track of valuable information again.

We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our service.

Data Controller:
SecondBrain
Email: services.of.secondbrain@outlook.com

Our Commitment: We believe in privacy-friendly analytics and transparent data practices. We don't sell your data, we don't track you across other websites, and we only collect what's necessary to provide and improve our service.

1. Information Collection and Use

1.1 What We Collect

We collect the following information:

• Account Information: Email address and encrypted password
• Your Content: Links, text notes, tags, and organization data you create
• Usage Data: Which features you use, page views, and navigation patterns
• Device Information: Browser type, operating system, device type, and IP address
• Marketing Attribution: UTM parameters (e.g., which social media post brought you here)
• Payment Information: Processed and stored securely by Paddle (we never see your card details)

1.2 What We DON'T Collect

We are committed to privacy-friendly practices:

• ❌ We do NOT track you across other websites
• ❌ We do NOT use third-party tracking cookies or advertising networks
• ❌ We do NOT share your data with advertisers
• ❌ We do NOT sell your data to anyone
• ❌ We do NOT collect sensitive personal information (race, religion, health data, etc.)

1.3 How We Collect Information

We collect information through:

• Information You Provide: When you create an account, save content, or contact us
• Automatic Collection: When you use our service, we automatically collect usage and device data
• Cookies: We use essential cookies for authentication and preferences. We also use optional analytics cookies to understand how you use our service.
  • Essential Cookies: Required for login and core functionality (cannot be disabled)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand feature usage (optional, can be disabled in browser)
• Self-Hosted Analytics: We use our own privacy-friendly analytics system (not Google Analytics). All data is stored in our own database and never shared with third parties.

1.4 How We Use Your Information

We use your information to:

• Provide and maintain our service
• Process your payments and manage subscriptions
• Send important updates and notifications about your account
• Understand which features are most valuable and improve our product
• Analyze marketing effectiveness (which channels bring users)
• Prevent fraud and ensure security
• Comply with legal obligations

Important: All analytics data is aggregated and anonymized. We use it solely for product improvement and never sell or share it with third parties.

2. Data Storage and Security

2.1 Where We Store Your Data

• Database: Supabase (PostgreSQL) - Encrypted at rest and in transit
• Hosting: Vercel - Global CDN with HTTPS
• Payment Data: Paddle (we never store your credit card information)

2.2 Security Measures

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (HTTPS/TLS)
• Database encryption at rest
• Secure password hashing (bcrypt)
• Regular security audits and updates
• API rate limiting to prevent abuse
• Input validation to prevent XSS and SQL injection

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

2.3 Data Retention

We retain your personal data only as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: When you delete your account, your data is immediately and permanently deleted from our database and file storage. We do not maintain backups of deleted user data.
• Payment Records: Payment transaction records are retained by Paddle (our payment processor) in accordance with applicable tax and financial regulations. We do not control this retention period.
• Analytics Data: Aggregated and anonymized analytics data (which cannot identify you personally) may be retained indefinitely for service improvement

Important: Once you delete your account, your data cannot be recovered. Please export your data before deletion if you wish to keep a copy.

2.4 International Data Transfers

SecondBrain operates globally and serves users worldwide. Your data may be transferred to and processed in countries other than your own, including the United States and European Union, where our service providers (Supabase, Vercel, Cloudflare) operate their infrastructure.

We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable laws (including GDPR). Our service providers maintain industry-standard security measures and comply with relevant data protection regulations.

3. Third-Party Services

We use the following trusted third-party services to provide our service:

4. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Data Portability: Export your data in a machine-readable format (JSON)
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your privacy rights have been violated

5. Children's Privacy

Our service is not intended for children under 13 years of age (or 16 in the European Union). We do not knowingly collect personal information from children. If you believe we have collected information from a child under the applicable age, please contact us immediately and we will delete it.

6. Data Breach Notification

In the unlikely event of a data breach that may affect your personal information, we will notify affected users and relevant authorities as required by applicable law (including GDPR requirements to notify within 72 hours). We will provide information about the nature of the breach and steps taken to mitigate any potential harm.

7. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page.

Your continued use of the service after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

8. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: services.of.secondbrain@outlook.com

Response Time: We aim to respond to all inquiries within 48 hours (business days).