Legal
Privacy Policy
This Privacy Policy explains how BrainSheets ("we," "us," or "our") collects, uses, and protects your information when you use our website and services (the "Service"). By using the Service, you consent to the practices described in this Policy.
1. Information We Collect
Email address. When you check out, we collect your email address so we can deliver your download links and send service-related messages. You can opt out of marketing emails at any time using the link in any email we send.
Payment information. Payments are processed by Stripe. We do not see or store your full card number. Stripe shares with us a record of the transaction (amount, date, last four digits, country) for fraud-prevention and accounting purposes.
Builder inputs. When you use our Builder, we may temporarily store your section selections and any text you enter into the AI assist field in order to generate suggestions and deliver your sheet. Do not enter protected health information (PHI), patient names, or identifying details — the Builder is for generic template design only.
Analytics. We use privacy-respecting analytics to understand which pages and features are used. We collect aggregated, anonymized usage information (page views, browser type, country-level location, referrer URL). We do not use cross-site tracking or sell your behavior data.
Communications. If you email us, we retain your message and your email address so we can respond and provide support.
2. What We Don't Collect
We do not collect, store, transmit, or process protected health information (PHI). The Service is not designed to receive patient data, and you should not enter patient names, identifiers, or clinical details into any input field on our website.
We do not sell or rent your personal information to third parties.
3. How We Use Information
- To deliver the templates and downloads you've purchased;
- To respond to support requests;
- To process payments and prevent fraud;
- To send infrequent service updates (and, if you opt in, occasional product news);
- To improve the Service through aggregated analytics;
- To comply with legal obligations.
4. Sharing
We share information only with the service providers necessary to operate the business:
- Stripe — payment processing
- SendGrid (or similar) — transactional email delivery
- Cloudflare — web hosting and DDoS protection
- Plausible or Fathom (or similar) — privacy-respecting analytics
We may also disclose information if required by law, court order, or to protect the rights, property, or safety of BrainSheets, our users, or the public.
5. AI Assist
When you use the optional AI assist feature, the text you enter is sent to a third-party AI model provider to generate a starter suggestion. We send only your free-text input and do not include any account or payment information. We instruct AI providers under contractual terms not to retain or train on your input. Even so, do not enter protected health information.
6. Cookies
We use a small number of cookies for essential functionality (cart contents, session continuity) and aggregated analytics. We do not use cookies for advertising, retargeting, or cross-site tracking. Your browser can be configured to reject cookies; this may affect some features.
7. Data Retention
We retain your purchase records and email indefinitely for tax, accounting, and customer-support purposes. You can request deletion of your account-related information at any time by emailing us, subject to legal retention requirements.
8. Security
We use industry-standard safeguards — TLS encryption in transit, secure cloud hosting, access controls, and regular security reviews — to protect your information. No system is perfectly secure, but we work to keep your information safe.
9. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided information to us, please contact us and we will delete it.
10. Your Rights
Depending on your location, you may have rights under laws such as GDPR (EU/UK), CCPA (California), or similar regimes — including the right to access, correct, or delete personal information we hold about you, and the right to lodge a complaint with a supervisory authority. To exercise these rights, email privacy@brainsheets.org.
11. International Users
BrainSheets is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. By using the Service, you consent to such transfer.
12. Changes
We may update this Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be communicated through the Service or by email.
13. Contact
Questions about privacy? Email privacy@brainsheets.org.