Privacy Policy

Not Brain Dead — by I2 AI

Effective Date: 14 April 2026

This Privacy Policy explains how I2 AI (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use Not Brain Dead (“the App”), available on the Apple App Store. We have written this policy in plain language so you can understand exactly what happens with your data.

If you are between 13 and 17 years old, please read this policy with a parent or guardian. By using Not Brain Dead, you agree to the practices described here. If you do not agree, please do not use the App.

1. Data controller

The data controller responsible for your personal data is:

I2 AI
Email: developer@i2.ai

If you are in the EU/EEA or UK and we do not have an establishment in your jurisdiction, we will appoint local representatives under GDPR Article 27 and UK GDPR and update this section accordingly. Until a representative is appointed, all inquiries may be directed to the email above.

2. Information we collect

We collect information in four ways: information you provide when you choose to sign in, information generated by your use of the App, information collected automatically by the technical services we use, and information collected by the advertising service we use to serve in-app advertisements.

Information you provide through Sign in with Apple

Signing in is optional. You can use Not Brain Dead fully without creating an account — every game, the daily streak, the coin economy, and your personal stats all work entirely offline on your device. If you choose to sign in so that your progress can sync across your devices, we use Apple’s Sign in with Apple service. Apple shares with us: your email address (either your real email or a private relay address generated by Apple if you choose “Hide My Email”); and a unique user identifier that Apple assigns to your Apple Account. We do not request or store your name. We do not receive your Apple Account password, payment information, or any other Apple Account details.

Gameplay records

For every game you play to completion, Not Brain Dead creates a session record containing: the game identifier (for example, “blackout” or “mental-math”); the date and time the session was played; your score; the points earned; the number of rounds played; the number of “perfect” rounds; and the duration of the session in seconds. These records are stored locally on your device. If you are signed in and have enabled cloud backup, they are synchronised to your account in our cloud database.

Progress and preferences data

The App maintains several categories of derived and stateful information that support gameplay features. This data is stored locally on your device and, if you are signed in and have enabled cloud backup, synchronised to your account:

  • Aggregate statistics — your lifetime total games played, total points earned, and total time played; per-game personal bests (best score, best time, number of perfect games); average scores; and the date you last played each game.
  • Daily streak data — your current daily streak, your longest streak ever, and the date you last completed a game.
  • Coin balance and transaction history — your current daily and earned coin balance, the number of rewarded ads you have watched today, whether you have collected today’s daily coin allowance, and the date you first launched the App (used to calculate your daily allowance tier).
  • Per-game preferences — the last difficulty you selected for each game, tutorial-seen flags, and similar light settings state.

Information collected automatically

When you use the App, the technical services we use may automatically collect certain data. We use Google Firebase for account authentication, cloud data storage, optional analytics, and optional crash reporting. The data collected depends on whether you have signed in and whether you have opted in to analytics.

For all users (required for the App to function offline): no data is transmitted from your device to our servers. The App functions fully offline.

If you sign in with Apple: Firebase Authentication (Google LLC) processes technical sign-in metadata, including your IP address, which Google retains for a limited period as part of its security and abuse-prevention features. When you are signed in, your gameplay records and progress data (as described above) may be uploaded to our Cloud Firestore database for backup and cross-device sync.

If you opt in to analytics and crash reporting: Firebase Analytics and Firebase Crashlytics are not initialised by the App until you explicitly enable them in Settings. When disabled, the Firebase Analytics SDK is not initialised and no analytics events, app-instance identifier, or Identifier for Vendors (IDFV) are read by Firebase. If you enable them, Firebase Analytics collects app usage patterns — including which games you start, which screens you view, session frequency, and session duration — together with a randomly-generated Firebase app-instance identifier and your device’s IDFV. Firebase Crashlytics collects crash reports containing the stack trace, device model, operating system version, app version, and the state of the App at the moment it crashed. You can disable analytics and crash reporting at any time in Settings, and doing so stops all future collection.

We do not collect the Advertising Identifier (IDFA) through any of our first-party analytics tools.

Advertising data

Not Brain Dead shows occasional interstitial advertisements between games and optional rewarded video advertisements that you may choose to watch in exchange for in-app coins. These ads are served by Google Mobile Ads (also known as AdMob), a service operated by Google LLC. We have configured AdMob to serve non-personalized ads only: advertisements are not selected based on your past behaviour, profile, or interests, and we do not enable Apple’s App Tracking Transparency (we will not ask your permission to track you across other companies’ apps and websites, because we do not do so).

Even in non-personalized mode, the Google Mobile Ads SDK automatically collects a limited set of data when an ad is requested or displayed, because this data is needed to deliver ads, prevent fraud, and avoid showing you the same ad repeatedly:

  • Your device’s Identifier for Vendors (IDFV). The IDFV is an identifier scoped to apps from the same developer account and does not require Apple’s App Tracking Transparency prompt. AdMob uses it for ad delivery, frequency capping, and measurement.
  • Your IP address, which Google uses to estimate approximate location at the city or country level.
  • Technical information about your device: device type, operating system version, app version, language, and country.
  • Ad interaction events: impressions, clicks, and video completion for rewarded ads.

Google uses this data for ad serving, frequency capping, aggregated ad reporting, measurement, and fraud prevention. Google acts as an independent data controller for the limited data it collects to deliver ads. Its use of this data is governed by the Google Privacy Policy and the Google Ads Data Processing Terms. Details on the specific data the Google Mobile Ads SDK collects are published at developers.google.com/admob/ios/privacy/data-disclosure.

We do not collect or receive the Apple Advertising Identifier (IDFA) for any purpose. We do not build advertising profiles of our users. We do not share your gameplay records, progress data, or identity with AdMob or any advertiser.

In-app purchase data

Not Brain Dead offers optional in-app purchases, including consumable coin packs and an auto-renewing “Pro” subscription that reduces or removes ads. All purchases are processed entirely by Apple through the App Store using StoreKit. We never see or store your payment card details, billing address, or Apple Account password. Apple shares with us only a transaction identifier, the product purchased, and the purchase or subscription status, which we use to grant the content you bought and to honour restore-purchase requests.

Information we do not collect

We do not collect your precise location, contacts, photos, browsing history outside the App, or any biometric or health data. We do not access your device’s camera, microphone, or health sensors. We do not collect the Apple Advertising Identifier (IDFA). We do not collect your Apple Account password or payment card details — all subscription payments and in-app purchases are processed entirely by Apple. We do not use any social-media SDKs, no cross-app trackers, and no attribution tools beyond what is necessary for non-personalized ad delivery.

3. How we use your information

Providing the App

We use your account information (if you choose to sign in) to authenticate you, and your gameplay records and progress data to deliver the core features of Not Brain Dead: tracking your progress through each game, maintaining your daily streak, displaying your personal bests and lifetime stats, managing your coin balance and daily allowance, and — if you have enabled it — syncing your data across your devices via cloud backup so you can restore your progress if you change devices or reinstall the App. Without this processing, the App cannot function for signed-in users.

Analytics and app improvement

If you opt in to analytics, we use Firebase Analytics and Firebase Crashlytics to understand which games and features are most valuable to players, identify and fix technical problems, and improve the App. We analyse this data in aggregate form wherever possible. Analytics is not enabled by default, and disabling it in Settings stops all future collection.

Advertising

We use non-personalized advertisements from Google Mobile Ads to support ongoing development of the App. We never use your gameplay records, progress data, signed-in identity, or any health, wellness, or sensitive data to target advertising to you, because we do not use any such information for advertising and because we have not enabled personalized advertising in the first place. Players who do not wish to see advertisements can subscribe to Pro.

Subscription management and fraud prevention

If you purchase a subscription or coin pack, we use the transaction records Apple provides to grant you the content you purchased, to restore purchases on new devices, and to honour refund rules. We maintain limited records of your app usage, including session timestamps and feature engagement, for a limited period to manage subscriptions and validate purchases. We retain this limited data based on our legitimate interest in preventing fraudulent refund claims (GDPR Article 6(1)(f)).

Separately, if you request a refund for an in-app purchase through Apple, Apple may send us a consumption inquiry under its App Store Server API. We will only share usage data with Apple in response to such an inquiry with your consent (GDPR Article 6(1)(a)), as required by Apple’s developer guidelines. Your consent for this specific sharing is requested at the time of the inquiry, and you may decline.

Communications

If you contact us for support, we use the information you provide in your message (including your email address and any details you share) to investigate and respond to your inquiry.

4. Legal basis for processing (EU, EEA, UK, and Switzerland)

Under the GDPR and UK GDPR, we process your personal data on the following legal grounds:

  • Contract performance (Article 6(1)(b)): Processing your account data, gameplay records, progress and preferences data, and cloud backup data is necessary to provide you with Not Brain Dead. This includes authentication, progress syncing, personal-best tracking, streak maintenance, and the coin economy.
  • Consent for analytics and crash reporting (Article 6(1)(a)): We collect analytics and crash data only after you opt in through Settings. You may withdraw consent at any time through Settings, and we will cease collection promptly. Withdrawing consent does not affect the lawfulness of any processing performed before withdrawal.
  • Legitimate interest (Article 6(1)(f)): We serve non-personalized advertisements to financially support the App and retain limited usage logs for fraud prevention and refund dispute resolution. We have assessed that these interests do not override your rights, because we do not build behavioural profiles, we do not use personalized tracking, we retain the data for a limited period, and players can remove advertisements entirely by subscribing to Pro.
  • Consent for refund data sharing (Article 6(1)(a)): We share consumption data with Apple in response to refund inquiries only with your consent, which you may decline.
  • Legal obligation (Article 6(1)(c)): We may retain certain subscription and purchase records as required by applicable tax, accounting, and financial reporting laws.

5. How we share your information

We do not sell your personal data. We do not share your information for personalized or cross-app behavioural advertising. We do not disclose your data to data brokers. We share your information only in the following limited circumstances:

Google Firebase (Firebase Auth, Cloud Firestore, Firebase Analytics, Crashlytics)

When you sign in and enable cloud backup, we use Google Firebase to authenticate your account (Firebase Auth) and to store and back up your gameplay records and progress data (Cloud Firestore). If you opt in, we also use Firebase Analytics and Firebase Crashlytics for usage measurement and crash diagnosis. Google acts as a data processor on our behalf under a Data Processing Agreement that includes Standard Contractual Clauses for international data transfers. Google is certified under the EU-US Data Privacy Framework. For details, see the Google Privacy Policy and the Firebase Privacy Documentation.

Google Mobile Ads (AdMob)

We use Google Mobile Ads to serve non-personalized advertisements in the App. For the limited data the Google Mobile Ads SDK collects to deliver ads (see Section 2, “Advertising data”), Google acts as an independent controller. We do not share your gameplay records, progress data, or signed-in identity with AdMob. For details on Google’s ad data practices, see the Google Privacy Policy, the Google Ads Data Processing Terms, and the Google Mobile Ads SDK data disclosure.

Apple

If you request a refund for a subscription or in-app purchase, Apple may send us a consumption inquiry. With your consent, we may share usage data (such as how actively you have used the App) with Apple to respond to this inquiry. Apple processes all payments and Sign in with Apple authentication, and has its own privacy practices described at apple.com/legal/privacy/.

Legal requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect our rights, privacy, safety, or property. Where legally permitted, we will notify you before disclosing your data.

6. Cloud backup and data storage

Local storage

By default, all of your gameplay records, progress data, preferences, streak information, and coin balance are stored locally on your device only. Not Brain Dead functions fully offline without an account or cloud connection. If you never sign in, no gameplay data is ever transmitted to our servers.

Cloud sync

If you sign in with Apple and enable cloud backup, your gameplay records and progress data are synced to our cloud servers. The location of your data depends on the Firebase service:

  • Cloud Firestore (your gameplay records and progress data): We have configured our database in the eur3 multi-region (Belgium and the Netherlands, with a witness region in Finland — all within the European Union).
  • Firebase Authentication (your account identifier and email): Processed in the United States. This cannot be changed by us and applies to all Firebase Auth users globally.
  • Firebase Analytics and Crashlytics (only if you have opted in): May process data in the United States or other locations depending on Google’s infrastructure.
  • Google Mobile Ads: Ad-serving data is processed by Google’s global ad infrastructure, which may include locations outside your country.

This means that if you sign in, some of your personal data is transferred to the United States. These transfers are protected by Google’s certification under the EU-US Data Privacy Framework and by Standard Contractual Clauses incorporated into our Data Processing Agreement with Google.

Encryption and isolation

All data transmitted between your device and our servers is encrypted using HTTPS/TLS. Data stored in Cloud Firestore is automatically encrypted at rest using AES-256 encryption. Your data is protected by Firestore Security Rules that ensure only your authenticated account can access your data — no other user can view your information.

7. Data retention

We retain your data for the following periods:

  • Local data on your device: Retained until you delete the App or clear the App’s data through iOS Settings. This data is controlled by you, not by us.
  • Cloud-synced gameplay records and progress data (Firestore): Retained for the lifetime of your account, plus a 30-day grace period after account deletion to protect you against accidental deletion. After the grace period, the data is deleted promptly. Google may take up to 180 days to fully purge data from backup systems.
  • Firebase Authentication account record (account identifier, email): Retained for the lifetime of your account, plus a 30-day grace period after deletion.
  • Firebase Auth IP logs (security and fraud prevention): Retained by Google for a limited period in line with Google’s documented abuse-prevention practices.
  • Firebase Analytics user-level and event-level data (if opted in): Retained for a maximum of 14 months, the retention setting we have selected in Google Analytics. User-level data is deleted 14 months after the last data point.
  • Aggregated analytics (non-identifiable statistics): Retained for up to 24 months.
  • Crash reports (Firebase Crashlytics, if opted in): Automatically deleted after 90 days.
  • Detailed usage data (session timestamps, feature engagement used for refund dispute resolution): Retained for 90 days, then deleted.
  • Subscription and in-app purchase records (transaction tokens and subscription state — not payment card details or billing addresses, which we never possess): Retained for up to 7 years as required by applicable tax and accounting laws.
  • Support correspondence: Retained for 24 months after the last contact, unless legal obligations require a longer period.
  • Deletion request records (evidence of processed erasure requests): Retained for 3 years as GDPR accountability evidence.

We have configured Firebase Analytics to retain user-level data for no longer than 14 months, with the “reset on new activity” setting disabled, meaning user-level data is deleted 14 months after the last data point regardless of whether the user continues to be active.

8. Your rights

Depending on your location, you have some or all of the following rights regarding your personal data:

  • Access. You can request a copy of the personal data we hold about you.
  • Correction. You can request that we correct inaccurate data.
  • Deletion. You can delete your account and all associated data at any time through the App’s Settings. You can also request deletion by contacting us. We will process your request without undue delay and within 30 days at most. If you are not signed in, you can achieve the same result by deleting the App from your device, which removes all local data.
  • Data portability. You can request your data in a structured, machine-readable format (JSON).
  • Restriction and objection. You can request that we restrict processing of your data or object to processing based on legitimate interest, including our use of non-personalized advertisements. The simplest way to remove advertisements is to subscribe to Pro.
  • Withdraw consent. Where processing is based on consent (for example, analytics, crash reporting, or refund data sharing with Apple), you can withdraw it at any time through the App’s Settings or by contacting us. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
  • Lodge a complaint. If you are in the EU/EEA, you have the right to lodge a complaint with your local Data Protection Authority. If you are in the UK, you may contact the Information Commissioner’s Office (ICO).

To exercise any of these rights, contact us at developer@i2.ai. We will respond within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing a request, to prevent unauthorised disclosure.

9. Children’s and teen privacy

Not Brain Dead is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the App or provide any information.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as possible. If you believe a child under 13 has provided us with personal data, please contact us immediately at developer@i2.ai.

Users aged 13 to 17

We take extra care with younger users, consistent with the principles of the UK Information Commissioner’s Age Appropriate Design Code (the “Children’s Code”) and the GDPR’s protections for minors:

  • We never show personalized or behaviourally-targeted advertisements to anyone. All advertisements served in Not Brain Dead are non-personalized. We do not build advertising or marketing profiles of our users.
  • Profiling is off by default. We do not perform algorithmic content curation, engagement-maximising nudging, or behavioural profiling of players of any age.
  • Analytics and crash reporting are off by default for all users, not just minors. They must be explicitly enabled in Settings and can be disabled again at any time.
  • In the EU/EEA and UK, we do not collect any consent-based data (analytics, crash reporting) from users below the applicable age of digital consent under GDPR Article 8. The age of digital consent varies by country, from 13 to 16 depending on the Member State. We do not currently collect date of birth during account creation, and we therefore apply our most restrictive data practices as the default: analytics are opt-in, advertising is limited to non-personalized ads regardless of age, and all optional data collection requires active user action to enable.
  • We do not use dark patterns such as streak-shaming, loss-framed notifications, or guilt-inducing messaging to nudge children toward data sharing or engagement.

For parents and guardians

You may contact us at any time to review, correct, or delete your child’s personal data, or to withdraw any consent previously provided. We will honour such requests promptly. If you believe your child has provided information to us without your authorisation, please email developer@i2.ai.

10. Additional information for California residents

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) may provide you with additional rights, depending on applicable thresholds:

  • Right to know. You may request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties with whom we share it.
  • Right to delete. You may request deletion of your personal information, subject to certain exceptions.
  • Right to correct. You may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. All ads served in Not Brain Dead are non-personalized.
  • Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined by CPRA.
  • Right to non-discrimination. We will not discriminate against you for exercising any privacy rights.

Categories of personal information we collect (as defined by CCPA), together with the purposes for which each is used:

  • Identifiers (account identifier, email address, device Identifier for Vendors): used for authentication, cloud sync, ad delivery, analytics (if opted in), and customer support.
  • Commercial information (subscription history, in-app purchase history): used to grant purchased content, handle refunds, and meet tax and accounting obligations.
  • Internet or electronic network activity (gameplay records, progress data, usage data, crash reports): used to provide core App features, measure usage if you opt in, and diagnose crashes.
  • Inferences drawn from the above (personal bests, difficulty preferences, streak status): used to display your progress and stats within the App.

To exercise your California privacy rights, contact us at developer@i2.ai. We will verify your identity before processing your request.

11. International data transfers

If you are located outside the United States, some of your personal data may be transferred to and processed in the United States through Firebase services and Google Mobile Ads infrastructure (see Section 6 for per-service locations). We protect these transfers using:

  • Google’s certification under the EU-US Data Privacy Framework, the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework
  • Standard Contractual Clauses approved by the European Commission, incorporated into our Data Processing Agreement with Google
  • Technical safeguards including encryption in transit (HTTPS/TLS) and at rest (AES-256)

12. Data security

We implement appropriate technical and organizational measures to protect your personal data, including: encryption of data in transit (HTTPS/TLS) and at rest (AES-256); authentication via Sign in with Apple with token-based security; Firebase Security Rules enforcing strict user-level data isolation; access controls limiting who can access the Firebase project; and regular review of our security practices.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and (where required) affected users in accordance with applicable law.

13. Contact us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices, you may contact us by:

If you are in the EU/EEA or UK and have concerns about our data processing, you also have the right to contact your local Data Protection Authority or the UK Information Commissioner’s Office.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by: updating the “Effective Date” at the top of this policy; providing a notice within the App; and, where required by law, obtaining your consent to the changes.

We encourage you to review this policy periodically. Your continued use of the App after changes are posted constitutes acceptance of the updated policy, except where consent is required by law.