Last updated: 29 August 2024

This Privacy Policy describes the collection and processing of information about you that can directly or indirectly identify you, carried out by the mobile applications (the “App(s)”) of BrainMount Ltd (“we”, “us”, “our”). This Privacy Policy applies to all our Apps, the list of which may change from time to time unless otherwise specified in a particular App.

Contact details of the data controller:

Name: BrainMount Ltd
Address: Vasili Michailidi 9, 3026, Limassol, Cyprus
E-mail: [email protected]

Please read this Privacy Policy carefully, as it contains essential information about the following:

Personal data collection process
Details of processing
Data retention period
Automated decision-making or automated profiling
Sharing of your personal data to the third parties
Data transfer
Your rights
Age limits
Other links

We may update this Privacy Policy from time to time. For the continued processing of your personal data, we will request your consent or renew it if it was previously obtained.

Personal data collection process

We collect and otherwise process your personal data when we receive it:

from you. For example, we may process your personal data when you email us.
from third parties. In some cases, we may receive personal data about you from third parties. This happens, for example, when technical failure analytics tools are connected to the Apps or when you make purchases through third party services.
through automatic collection. Our Apps have connected tools that automatically collect personal data, for example, in order to ensure that the Apps work correctly.

Details of processing

We respect your privacy, and it is important to us that you understand how we handle your personal data when it comes into our possession. Since personal data is used throughout your use of the Apps and, in some cases, involves third parties, there are multiple processes for processing personal data within the Apps. The same personal data may be processed for different purposes.
We have described each process of handling your personal data in as much detail as possible and have dedicated this section to explaining the purposes, the types of personal data we process, and the legal basis for processing in each of our Apps.

Chatomic

Processed personal data	Legal basis for the processing	Data retention period
Maintaining the correct operation of the app, tracking technical issues, and troubleshooting problems within the App
device model, device OS, device OS version, device language, device time zone, country set in the device settings, device screen resolution (the “Device Data”) identifiers (such as IDFA, IDFV, AppsFlyer ID, Google Firebase ID) app version data contained in a receipt, such as payment status, date and time of purchase, list of subscriptions purchased, etc. (the “Payment Status Data”) (in case you purchase paid functionality or sign up for free trials) info about the advertising campaign (for customization of the App) approximate geolocation information obtained from an IP address (country and city)	Legitimate interest: your interest is in using the App without technical problems; our interest is in ensuring your satisfaction, upholding the bug-free of the App provided	3 years after the last interaction with the app or the last payment, whichever occurs later.
Tracking and analysing trends, usage, and actions related to the app to better understand its use and improve it
Device Data IP address and internet service provider, mobile carrier identifiers (such as IDFA, IDFV, AppsFlyer ID, Google Firebase ID) usage data, such as App version, install time, launch time, user agent, interactions with the App, actions within App, features that you use, access times, and other data about your interaction within the App (the “Usage Data”) approximate geolocation information derived from an IP address (country and city) technical information about app usage requests (such as the date the message was sent and analytical information about the request) Payment Status Data (in case you purchase paid functionality or sign up for free trials) info about the advertising campaign	Legitimate interest: your interest is to make the App fit your preferences; our interest is to improve our App, to make it more user-friendly	3 years after the last interaction with the app or the last payment, whichever occurs later.
Providing access to the App functionality
Device Data IP address and internet service provider, mobile carrier identifiers (such as IDFA, IDFV, AppsFlyer ID, Google Firebase ID) Usage Data approximate geolocation information derived from an IP address (country and city) (for customization of the App) technical information about app usage requests (such as the date the message was sent and analytical information about the request) Payment Status Data (in case you purchase paid functionality or sign up for free trials) messages and other information you provide when using the App *	Terms and Conditions and End User Licence Agreement	3 years after the last interaction with the app or the last payment, whichever occurs later.
Providing you with an answer to your question (technical support, exercising the data privacy rights, other assistance in connection with the App)
e-mail other data you have provided in correspondence	Legitimate interest: our interest in improving the quality of the App; your interest in providing you with an answer to a question / solution to a problem	3 months since the last communication with you.
Advertising our apps to attract new users
identifiers (such as IDFA, IDFV, AppsFlyer ID, Google Firebase ID) limited data about your interactions within the app info about the advertising campaign	Consent	3 years after the last interaction with the app or the last payment, whichever occurs later.

* When you send a message through the Chatomic app, it is first transmitted to our servers. Our servers then process the message using third-party services to provide you with a response. The third-party services we utilise include:

Microsoft Azure: Cloud computing platform, managed by Microsoft Corporation, provides services such as data storage, computing power, analytics, and artificial intelligence.
OpenAI: Company specialising in artificial intelligence (AI).
Fal.ai: Company specialising in artificial intelligence (AI).
Replicate Inc: Company specialising in artificial intelligence (AI).

Once the message processing is complete, the response is then delivered to your app. We do not store your messages and responses on our servers after processing is completed, ensuring your data remains secure and private.

AR Translator

Processed personal data	Legal basis for the processing	Data retention period
Maintaining the correct operation of the app, tracking technical issues, and troubleshooting problems within the App
Device Data identifiers (such as IDFA, IDFV, AppsFlyer ID, Google Firebase ID) app version Payment Status Data (in case you purchase paid functionality or sign up for free trials) approximate geolocation information obtained from an IP address (country and city)	Legitimate interest: your interest is in using the App without technical problems; our interest is in ensuring your satisfaction, upholding the bug-free of the App provided	3 years after the last interaction with the app or the last payment, whichever occurs later.
Tracking and analysing trends, usage, and actions related to the app to better understand its use and improve it
Device Data IP address and internet service provider, mobile carrier identifiers (such as IDFA, IDFV, AppsFlyer ID, Google Firebase ID), Usage Data, approximate geolocation information derived from an IP address (country and city) technical information about app usage requests (such as the date the translation request was sent and analytical information about the request) Payment Status Data (in case you purchase paid functionality or sign up for free trials) info about the advertising campaign	Legitimate interest: your interest is to make the App fit your preferences; our interest is to improve our App, to make it more user-friendly	3 years after the last interaction with the app or the last payment, whichever occurs later.
Providing access to the App functionality
Device Data IP address and internet service provider, mobile carrier identifiers (such as IDFA, IDFV, AppsFlyer ID, Google Firebase ID) Usage Data, approximate geolocation information derived from an IP address (country and city) technical information about app usage requests (such as the date the translation request was sent and analytical information about the request) Payment Status Data (in case you purchase paid functionality or sign up for free trials) text / information you provide when using the App **	Terms and Conditions and End User Licence Agreement	3 years after the last interaction with the app or the last payment, whichever occurs later.
Providing you with an answer to your question (technical support, exercising the data privacy rights, other assistance in connection with the App)
e-mail other data you have provided in correspondence	Legitimate interest: our interest in improving the quality of the App; your interest in providing you with an answer to a question / solution to a problem	3 months since the last communication with you.
Advertising our apps to attract new users
identifiers (such as IDFA, IDFV, AppsFlyer ID, Google Firebase ID) limited data about your interactions within the app info about the advertising campaign	Consent	3 years after the last interaction with the app or the last payment, whichever occurs later.

** When you translate using the AR Translator app, the text is first transmitted to our servers. Our servers then process the translation through third-party services which include:

Google Translation API is a service that enables automatic translation of text from one language to another provided by Google Inc.
Microsoft Translation API is a service that enables automatic translation of text from one language to another provided by Microsoft Corporation.

Once the translation is complete, the response is delivered to your app. We do not store your texts and translations on our servers after processing, ensuring that your data remains secure and private.

Incredible Jack

Processed personal data	Legal basis for the processing	Data retention period
Maintaining the correct operation of the app, tracking technical issues, and troubleshooting problems within the App
Device Data app version Payment Status Data (in case you buy paid functionality)	Legitimate interest: your interest is in using the App without technical problems; our interest is in ensuring your satisfaction, upholding the bug-free of the App provided	3 years after the last interaction with the app or the last payment, whichever occurs later.
Tracking and analysing trends, usage, and actions related to the app to better understand its use and improve it
Device Data IP address and internet service provider, mobile carrier identifiers (such as IDFA, IDFV, GAID, AppsFlyer ID, Google Firebase ID) Usage Data, approximate geolocation information derived from an IP address (country and city), Payment Status Data (in case you buy paid functionality), info about the advertising campaign	Legitimate interest: your interest is to make the App fit your preferences; our interest is to improve our App, to make it more user-friendly	3 years after the last interaction with the app or the last payment, whichever occurs later.
Providing access to the App functionality
Device Data app version Payment Status Data (in case you buy paid functionality)	Terms and Conditions and End User Licence Agreement	3 years after the last interaction with the app or the last payment, whichever occurs later.
Providing you with an answer to your question (technical support, exercising the data privacy rights, other assistance in connection with the App)
e-mail other data you have provided in correspondence	Legitimate interest: our interest in improving the quality of the App; your interest in providing you with an answer to a question / solution to a problem	3 months since the last communication with you.
Advertising our apps to attract new users
identifiers (such as IDFA, IDFV, GAID, AppsFlyer ID, Google Firebase user_pseudo_id) limited data about your interactions within the app info about the advertising campaign	Consent	3 years after the last interaction with the app or the last payment, whichever occurs later.
Providing you with the ads, including personalised, via third-party advertising platforms
identifiers (such as IDFA, IDFV, GAID, AppsFlyer ID, Google Firebase ID) approximate geolocation information derived from an IP address (country and city), Device Data Usage Data other data that may be collected by third-party advertising networks	Consent (in case of the personalised ads) OR Legitimate interest (in case of the ads that not related to your interest): our interest in monetizing the App; your interest in using the app for free	3 years after the last interaction with the app or the last payment, whichever occurs later.

Data retention period

We understand the importance of keeping your personal data safe and retaining it only for as long as necessary. We have detailed how long we will keep your personal data for a specific purpose in the “Details of Processing” section.

Please note that there may be occasions when we are required to retain your personal data for longer than initially stated. This may include, but is not limited to, situations involving legal proceedings, investigations, or government inquiries. We will retain your personal data only for as long as necessary to comply with these legal obligations, and we will take appropriate measures to ensure its security and confidentiality during this period.

We regularly review our data retention practices to ensure that we keep only the personal data we need and that it is kept securely.

Automated decision-making or automated profiling

We neither use automated decision-making nor refer to automated profiling.

Sharing of your personal data to the third parties

We value your privacy and care about the security of your data. Sometimes we need to share some information with other companies. Here’s why:

compliance with applicable law.

We make every effort to comply with all applicable laws, regulations, and legal obligations. In certain instances, we may need to disclose your personal data to comply with legal requirements, such as responding to subpoenas, court orders, or other lawful government requests, etc. In addition, we may disclose your personal data if we believe in good faith that such disclosure is necessary to protect our rights, enforce our Terms and Conditions and End User Licence Agreements, investigate fraud, or protect your safety.

achieving purposes of processing.

We also partner with certain trusted companies to provide you with the best experience using our Apps. These partners may include hosting service providers, payment processors, analytics platforms, and others. We share only the necessary information with them to help them perform their functions, such as processing payments or analysing the use of our Apps. We choose our partners carefully and require them to adhere to high standards of data protection.

We always strive to be as open and transparent as possible regarding the processing of your personal data. If you have any questions or concerns about the transfer of your personal data to third parties, please do not hesitate to contact us for more information.

We may involve the following third parties in the processing of personal data:

Third parties that collect and process data for analytical purposes.

We are always striving to improve our Apps to make the user experience more convenient and our Apps the most interesting for you. To do this, we spend a lot of effort analysing which features of the Apps are useful, most used, and which ones need to be upgraded. For this purpose, we engage analytics services that help us collect, analyse, and interpret personal data to improve the efficiency of the Apps. In simple terms, they help us understand your behaviour, optimise performance, and identify opportunities for growth.

The list of the analytical services that we use in our Apps:

Google Analytics is a web analytics service provided by Google Inc.
AppsFlyer is a SaaS mobile marketing analytics and attribution platform provided by AppsFlyer Ltd.

Third parties that collect and process data for marketing purposes.

We work with advertising networks to attract new users to our apps. In addition, in some apps, we display ads, including personalised ones. These networks may collect specific personal data about how you interact with our apps or other websites and apps, using this data to deliver ads based on your preferences and interests.

Below is a list of the advertising networks we use in our apps:

Meta Ads is an advertising service provided by Meta Platforms, Inc.
Google Ads is an advertising service provided by Google Inc.
Apple Search Ads is a service that allows developers to promote their apps within the App Store search results provided by Apple, Inc.

In addition, other advertising networks are connected to the App “Incredible Jack”:

Unity Technologies is an advertising network provided by Unity Technologies SF (USA).
IronSource is an advertising service provided by ironSource Mobile Ltd (Israel).
AppLovin is an advertising service provided by AppLovin Corporation (USA).
Vungle is an advertising service provided by Liftoff Mobile, Inc (USA)
Pangle is an advertising service provided by Bytedance Pte. Ltd (Singapore).
DT Exchange is an advertising service provided by Digital Turbine, Inc (USA).
InMobi is an advertising service provided by InMobi Pte Ltd (Singapore).

Third parties that provide us with storage servers.

We rely on trustworthy hosting providers to ensure the secure storage and processing of your personal data. These providers guarantee the availability and reliability of our app's infrastructure, including servers, databases, and storage systems. Please note that the companies hosting our servers do not have access to your personal data.

The datacenter we use for storing your personal data is located in the EU.

Additionally, in some cases, we may use services that facilitate the secure transfer of personal data from us to other companies, as well as services that prevent unauthorised data transfer and ensure the smooth operation of our app.

Third parties that help us provide the functionality of the Apps.

In some cases, we use integrations of other services to improve the efficiency, speed and quality of the functionality provided in the Apps. Specific companies and certain processing details can be found in section “Details of processing”.

Data transfer

Please note that some of these companies may be located outside the EU (international data transfers) including in the countries which do not ensure an adequate level of protection of your personal data.

Such transfers are performed in compliance with GDPR, using Standard Contractual Clauses to ensure that your data receives an adequate level of protection.

We ensure such transfers comply with legal requirements by using Standard Contractual Clauses approved by the European Commission. These clauses require data recipients to protect data they process from the EEA in accordance with EU data protection law. Our procedures regarding data transfers are regularly reviewed to ensure compliance.

Your rights

As a data subject, you have certain rights regarding your personal information. We are committed to upholding these rights and ensuring that you can exercise them effectively.

Below, you can find the information regarding your rights as a data subject under EU legislation:

Right of access	This right allows you to request access to the personal data we hold about you.
Upon receiving your request, we will provide you with a copy of the personal data we process in the form in which you have requested the provision of this information. Please note that in some cases, we may charge you a reasonable fee for providing this information. If we are unable to fulfil your request for any reason, we will provide you with an explanation and inform you of your rights to appeal the decision.
Right to rectification	This right enables you to request the correction or updating of any inaccurate or incomplete personal data we hold about you.
Upon receiving your request for rectification, we will review the accuracy and completeness of your personal data and make any necessary corrections or updates.
Right to erasure	This right allows you to request the deletion or destruction of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or processed (or, as we all know, the “right to be forgotten”).
Upon receiving your request for erasure, we will assess whether the conditions for erasure are met and, if so, promptly delete or anonymize your personal data from our systems and notify any third parties to whom the data have been disclosed.
Right to restrict processing	This right allows you to request the restriction of processing of your personal data in certain circumstances, such as when the processing is unlawful, when we no longer need the personal data, or when you have objected to the processing.
Upon receiving your restriction to processing will not process your personal data (except for storage) unless it is based on consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
Right to data portability	This right allows you to receive a copy of your personal data in a structured, commonly used, and machine-readable format if it is technically possible to do so and to transmit that data to another controller.
Upon receiving your request for data portability, we will provide you with a copy of your personal data in the requested format, where technically feasible.
Right to object	This right enables you to object to the processing of your personal data in certain circumstances, such as where the processing is based on legitimate interests or for direct marketing purposes.
Upon receiving your objection to processing, we will assess the validity of your objection and, if valid, cease processing your personal data for the purposes to which you have objected.
Right to withdraw consent	You have the right to withdraw your consent to the processing of your personal data at any time. This means that if we are processing your personal data based on your consent, you have the right to revoke that consent.
Upon receiving your request to withdraw consent, if we do not have any other legal basis for processing your personal data, we will stop processing it.
Right to lodge a complaint	If you believe that our processing of your personal data violates applicable legislation, you have the right to lodge a complaint with a supervisory authority.

If you wish to exercise your rights as stated above, please write to us at the email address provided in the “Contact details of the data controller” section. Please note that these rights are subject to certain limitations and exceptions as provided by applicable law. To exercise any of these rights or for further inquiries, please contact us using the provided contact information.

We will address your request as early as possible and no longer than within 1 (one) month. Please note that this period may be extended by 2 (two) further months where necessary, taking into account the complexity and number of the requests. In this case, we will inform you of the extension within 1 (one) month of receipt of your request and will explain to you the reasons for the delay.

If you are a California resident, you have certain rights under the CCPA and other applicable laws regarding the collection, use, disclosure, and sale of your personal data. This section of our Privacy Policy outlines those rights and explains how you can exercise them:

Right to know	California residents have the right to request that we disclose the categories and specific pieces of personal data that we have collected about them, the categories of sources from which the personal data was collected, the purposes for which the personal data was collected, and the categories of third parties with whom we have shared the personal data.
Upon receiving and verifying your request, we will promptly provide you with the requested information for the 12-month period preceding your request free of charge in a readily usable format, unless an exception applies.
Right to delete	California residents have the right to request the deletion of the personal data that we have collected, subject to certain exceptions as permitted by applicable law.
Upon receiving and verifying your request, we will delete your personal data from our records and direct our Apps providers to do the same, unless an exception applies.
Right to opt-out	California residents have the right to opt-out of the sale of their personal data. Sale is defined broadly in the CCPA to include “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating” the personal data of California residents.
Please, note, that we do not, and will not, provide your personal data in direct exchange for money. Therefore, in the literal sense, we do not sell your personal data. However, we have disclosed some categories of personal data we collect to third parties for business purposes as explained under “Details of processing”. To the extent that this practice is construed as a “sale” under the CCPA, we will exercise your right to refuse to make a sale in the event that you request us to.
Right to non-discrimination	California residents have the right to non-discrimination, under which we cannot refuse to provide goods or Apps, charge you a different price, or provide goods or Apps of a different level or quality just because you exercised your rights under the CCPA.
We will not deny Apps, charge different prices, or provide a different level or quality of Apps based on their exercise of CCPA rights.
Right to correct	California residents have the right to ask us to correct inaccurate personal data that we have about them.
Upon receiving and verifying your request, we will promptly review your personal data and make corrections as appropriate, ensuring that it is accurate and complete.
Right to limit	California residents have the right to direct us to only use your sensitive personal data (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the Apps you requested.
We do not process such sensitive personal data.

If you want to exercise your rights as described above, please contact us via the email address provided in the “Contact details of the data controller” section. According to CCPA regulations, we need to verify your identity before proceeding with your request. To verify your identity, you may need to log in to your account. If you don’t have an account, we'll attempt to match the information you provide with what we have on file. In some cases, we may refuse the request if we can’t verify your identity, such as if you’ve asked us to delete your personal data.

Under CCPA requirements, we aim to respond to a verifiable request within 45 days of receiving it. If we need more time (up to 90 days), we’ll notify you in writing of the reason and extension period. Our written response will be sent via email.

If you have any concerns about how we handle your personal data, please inform us, and we’ll review your feedback. If you’re not satisfied with our response to your complaint, you have the right to lodge a complaint with the relevant authority.

Age limits

We do not knowingly collect or request personal data from individuals under the age of 18, nor do we allow such individuals to use our apps. If you are under 18, please refrain from providing us with any personal data. If we become aware that we have inadvertently collected personal data from someone under 18, we will promptly delete it. If you believe that we may have personal data from or about someone under 18, please contact us using the provided information.

Other links

Our Privacy Policy may include links to websites operated by third parties that are not under our control. If you click on a link to a third party website, you will be redirected to that website. We recommend reviewing the privacy terms of each website you visit. We have no control over and do not assume any responsibility for the content, privacy terms, or practices of third party websites or services.