Privacy Policy - Brain Waves

Effective date: May 4, 2026

This Privacy Policy explains how the Brain Waves app (free and Pro versions) handles data under Google Play User Data policy.

The app itself does not collect personal data directly. Data processing happens only through third-party SDKs listed in this page.

1. Data collection scope

Brain Waves does not run an internal user database and does not directly collect personal identity data from users.

The following data may be processed only by integrated third-party SDKs (AdMob/Firebase):

• Device and advertising identifiers (for example, Advertising ID)
• App usage and interaction data (via third-party SDK events)
• Technical device data (device model, OS version, language, network, diagnostics)
• Crash and performance data (crash reports, anonymized technical logs)

The app does not require account registration and does not ask for full name, government ID, or similar identification documents for basic usage.

No in-app form is used to directly collect personal identity information.

2. Android permissions used

The app declares the following permissions and purposes:

• android.permission.INTERNET: communication with online services, ad delivery, and technical event reporting (analytics/crash).
• android.permission.FOREGROUND_SERVICE: running a foreground service for audio playback.
• android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK: specific support for foreground media playback (Android 14+).
• android.permission.POST_NOTIFICATIONS: delivering notifications related to app operation and playback controls (when applicable).

3. Third-party SDKs and services

The app includes third-party SDKs. Any data collection and processing is performed by these providers under their own policies:

3.1 Google AdMob (com.google.android.gms:play-services-ads)

Purpose:

• Displaying ads in the app (especially in the free version)
• Measuring campaign performance and preventing ad fraud
• Personalizing ads, when allowed by user settings and applicable law

Data that may be processed:

• Advertising and device identifiers
• Approximate IP address and network data
• Ad and app interaction data

Google Privacy Policy: https://policies.google.com/privacy

3.2 Firebase Analytics (com.google.firebase:firebase-analytics)

Purpose:

• App usage analytics
• Understanding stability and behavior to improve features

Data that may be processed:

• In-app usage events
• Device and session technical data
• Instance/analytics identifiers

3.3 Firebase Crashlytics (com.google.firebase:firebase-crashlytics)

Purpose:

• Crash monitoring and diagnostics
• Improving app stability, reliability, and performance

Data that may be processed:

• Crash logs
• Stack traces
• Technical device/app data at the time of the error

4. Legal bases and purposes of processing

Where applicable, processing is based on:

• Performance of the service (app functionality)
• Legitimate interests for security, fault prevention, and user experience improvements
• Consent, when required by law for ad personalization or tracking
• Compliance with legal and regulatory obligations

5. Data sharing

Data may be shared with:

• Google (AdMob, Firebase Analytics, and Firebase Crashlytics), through SDK infrastructure under Google terms
• Essential service providers supporting app operation
• Public authorities, when legally required

We do not sell personal data. We do not perform independent direct personal data collection beyond third-party SDK integrations.

6. Data retention

Data is retained only for as long as needed for the purposes in this policy, unless a longer period is required by law.

• Provide and improve the app
• Comply with legal obligations
• Meet security and fraud prevention requirements

Typical retention periods are:

• Crash and diagnostics data (Firebase Crashlytics): up to 90 days from collection.
• Analytics events (Firebase Analytics): up to 14 months (aggregated analytics reporting).
• Advertising-related data (AdMob): retained according to Google AdMob policies and legal requirements.

Some information may be retained longer when required to comply with legal obligations, resolve disputes, or enforce legal rights.

7. International data transfers

Data may be processed on servers located outside the user's country of residence, including by global providers such as Google, subject to applicable legal safeguards.

8. User rights and data deletion

Depending on the applicable jurisdiction (for example, LGPD, GDPR, and local laws), users may have rights to:

• Confirm whether processing occurs
• Access, correct, or update data
• Request anonymization, blocking, or deletion where applicable
• Withdraw consent, when processing is based on consent
• Object to processing in legally applicable scenarios

To exercise your rights or request data deletion, contact us through the developer contact channel listed on the app's Google Play page.

When we receive a valid deletion request, we will:

• Review and confirm the request.
• Delete or anonymize app data we control within up to 30 days, unless legal retention is required.
• For data processed by third-party services (Google AdMob/Firebase), handle the request according to those providers' available controls and policies.

Users may also clear app data at any time via Android settings by uninstalling the app and/or using "Clear storage" for the app.

9. Children's privacy

This app is not intentionally directed to children without appropriate supervision. If you believe a child has provided data in violation of applicable law, please contact us so we can evaluate and take appropriate measures.

10. Information security

We adopt reasonable technical and organizational measures to protect data against unauthorized access, loss, misuse, or improper alteration. No transmission or storage method is 100% secure.

11. Changes to this policy

This policy may be updated periodically to reflect changes in the app, applicable law, or third-party providers. The latest version should remain available at the privacy policy link provided on Google Play.

12. Google Play compliance

This document is structured to meet Google Play Privacy Policy requirements, including:

• Description of collected data and processing purposes
• Use of third-party SDKs
• Data sharing and retention practices
• Contact channel for privacy requests

Publishing notes

1. Publish this file at a secure public URL (HTTPS).
2. Use the exact same policy in the Google Play Console Privacy Policy field.
3. Keep the Data safety form consistent with AdMob/Firebase usage and the declared permissions.