Brain Gate Privacy Policy

Introduction

Brain Gate ("we," "our," or "the extension") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, what we don't collect, and your rights regarding your information.

Who We Are

Brain Gate is developed and operated by TACo Club LLC.

Contact Information:
Email: privacy@taco.club
Website: https://braingate.taco.club

What Data We Collect

1. User Account Information

What we collect:

• Email address (when you create a subscription or link TACo Club account)
• Subscription status (active, expired, canceled)
• Account creation date
• TACo Club account ID (if you link your TACo account)

Why we collect it:

• Verify your subscription status
• Send important account notifications (billing, subscription expiration)
• Enable TACo integration features (if you opt in)
• Process billing and handle subscription management

Legal basis: Contract performance (necessary to provide subscription service)

2. Extension Settings and Configuration

What we collect:

• Lists of websites you choose to block (organized by category: Porn, Social Media, Timewasters)
• Your blocking preferences (puzzle types, difficulty levels, time delays)
• Schedule settings (time-based blocking rules)
• Whitelist entries (sites excluded from blocking)

Where it's stored:

• Locally only (default): Stored in your browser's local storage, never transmitted to our servers
• TACo sync (optional): If you enable TACo integration, settings are encrypted and synced to TACo servers

Legal basis: Contract performance and legitimate interest (providing core functionality)

3. Usage Statistics

What we collect (locally only):

• Number of times you've visited blocked sites
• Number of challenges completed vs. abandoned
• Time spent on blocked sites after completing challenges
• Aggregate blocking statistics by category

Where it's stored:

• Locally in your browser only (never transmitted to our servers)
• If you enable TACo sync: Aggregate statistics (not individual visits) may sync to provide cross-device analytics

Important: We never collect or store the specific URLs you visit, page content, or timestamps of individual site visits.

4. Billing Information

What we collect:

• Payment method information (processed by Stripe, not stored by us)
• Billing email address
• Transaction history (dates, amounts, subscription tier)

Who processes it:

• Payment processing is handled entirely by Stripe, Inc.
• We never see or store your full credit card number
• We only receive confirmation of successful/failed payments

Legal basis: Contract performance (necessary to process payments)

5. Technical Information

What we collect:

• Browser type and version (for compatibility)
• Extension version number
• Operating system type (for troubleshooting)
• Error logs (only when extension malfunctions)

Legal basis: Legitimate interest (maintaining service quality)

What We Don't Collect

Brain Gate is designed with privacy as a core principle. Here's what we explicitly do not collect:

How We Use Your Data

Core Functionality

• Apply blocking rules to websites you configure
• Display puzzle challenges and time delays
• Save your settings and preferences
• Show usage statistics and progress

Account Management

• Verify your subscription status
• Process billing and payments
• Send account-related notifications (renewal reminders, payment failures)

TACo Integration (Optional)

• Sync your settings across devices (only if you enable TACo sync)
• Connect with TACo community features (only if you opt in)
• Integrate with other TACo ecosystem tools (only if you enable)

Service Improvement

• Analyze aggregate usage patterns (no individual tracking)
• Fix bugs and improve performance
• Develop new features based on user feedback

Legal Compliance

• Respond to legal requests (subpoenas, court orders)
• Enforce our Terms of Service
• Protect against fraud and abuse

Data Sharing

Brain Gate uses the following third-party services:

Stripe (Payment Processing)

• Purpose: Process subscription payments
• Data shared: Email, billing information, transaction amounts
• Privacy policy: https://stripe.com/privacy
• Security: PCI DSS Level 1 compliant

TACo API (Optional Integration)

• Purpose: Sync settings across devices, access TACo features
• Data shared: Email, blocked site lists, settings, usage statistics (only if you enable sync)
• Privacy policy: https://taco.club/privacy
• Control: You can disable TACo integration anytime

We do not share your data with any other third parties except:

• As required by law (subpoenas, court orders)
• With your explicit consent
• In anonymized, aggregated form for research (no individual identification possible)

Data Retention

Active Accounts

• Account data retained as long as your subscription is active
• Locally stored settings retained until you uninstall the extension
• Synced settings retained on TACo servers while sync is enabled

Canceled Accounts

• Account data retained for 90 days after subscription cancellation (to facilitate reactivation)
• After 90 days, account data is permanently deleted
• Billing records retained for 7 years (legal/tax requirement)

Deletion Timeline

When you delete your account:

• Account information deleted within 30 days
• Synced settings deleted from TACo servers within 30 days
• Billing records retained for legal compliance (7 years)
• Local browser data remains until you uninstall extension (you control this)

Security

• All data transmission uses HTTPS/TLS encryption
• Account passwords are hashed using industry-standard algorithms (bcrypt)
• Server infrastructure uses encryption at rest
• Access to user data is restricted to essential personnel only
• Regular security audits and vulnerability assessments

In the unlikely event of a data breach affecting your personal information:

• We will notify you within 72 hours of discovering the breach
• Notification will include: what data was affected, when breach occurred, what we're doing to address it
• We will notify relevant authorities as required by law

Your Rights

Depending on your location, you may have the following rights:

• Right to Access: Request a copy of all data we hold about you
• Right to Rectification: Correct inaccurate account information
• Right to Deletion ("Right to be Forgotten"): Request complete deletion of your account and associated data
• Right to Data Portability: Export your blocked site lists and settings in JSON format
• Right to Restriction: Limit how we process your data
• Right to Object: Object to data processing based on legitimate interest
• Right to Withdraw Consent: Disable TACo integration anytime

How to Exercise Your Rights: Email us at privacy@taco.club with your request. We will respond within 30 days.

Children's Privacy

Brain Gate is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@taco.club and we will delete the information.

Note for parents: While Brain Gate can be used as a parental control tool for teens (13+), the subscription account must be held by an adult. The adult account holder is responsible for managing settings and ensuring appropriate use.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request what personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We don't sell your personal information (never have, never will)
• Right to Non-Discrimination: We won't discriminate against you for exercising your rights

To exercise CCPA rights: Email privacy@taco.club with subject line "CCPA Request"

GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), UK, or Switzerland, all rights listed in the "Your Rights" section above apply under GDPR.

Legal Basis for Processing:

• Contract performance: Processing necessary to provide Brain Gate service
• Legitimate interest: Improving service, preventing fraud, ensuring security
• Consent: TACo sync (you can withdraw consent anytime)
• Legal obligation: Retaining billing records, responding to legal requests

For GDPR-related questions, contact our DPO at: dpo@taco.club

International Data Transfers

Brain Gate is operated in the United States. If you are located outside the U.S. and choose to use Brain Gate:

• Your data may be transferred to and processed in the United States
• We comply with applicable data protection laws for international transfers
• For EEA users: We rely on Standard Contractual Clauses (SCCs) for lawful data transfers

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, new features, or legal requirements.

How We Notify You:

• Email notification to your account email (for material changes)
• Update notification in the extension (for material changes)
• "Last Updated" date at the top of this policy

Continued use of Brain Gate after policy changes constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions, concerns, or requests:

Email: support@thoughtfulapp.co
Subject line: "Brain Gate Privacy Inquiry"

Response Time: We aim to respond to all privacy inquiries within 5 business days.

This privacy policy was last reviewed and updated on February 27, 2026.