Privacy Policy.

We collect information in three ways: (a) information you provide to us, (b) information we collect automatically when you use the Service, and (c) information we receive from third parties.

Information you provide

• Account information, including your email address (required to sign in via magic link) and an optional display name shown on public leaderboards.
• Communications you send us, such as support requests or feedback, and any information contained in them.

Information we collect automatically

• Gameplay data: the exercises you play, levels attempted, accuracy, reaction times, stars earned, session timestamps, and similar performance metrics used to render your progress and the leaderboard.
• Device and log data: browser type, operating system, device type, approximate time zone, referring URL, IP address (which we use to infer approximate location and to protect against abuse), and error logs.
• Storage-side identifiers: values stored on your device (for example, in localStorage) to persist gameplay progress and to identify a device across sessions for anti-abuse and analytics.

Information from third parties

• Authentication providers (magic-link email delivery) that confirm your control of a given email address.
• Hosting, database, and email-delivery providers that process information on our behalf as described in Section 4.

We use information to:

• Operate, maintain, and secure the Service, including authenticating sessions and enforcing rate limits;
• Render your progress, stats, streaks, and leaderboard standing across devices;
• Diagnose and fix bugs, prevent fraud and abuse, and protect the rights and safety of users and the Company;
• Improve the Service, including designing new exercises, tuning difficulty, and evaluating product decisions using aggregated or de-identified analytics;
• Communicate with you about the Service, including service announcements, security notices, and responses to your inquiries;
• Comply with legal obligations, enforce our Terms, and respond to lawful requests from governmental authorities.

We and our service providers use cookies, local storage, and similar technologies to operate the Service. These include strictly necessary items (authentication session cookies, gameplay progress in localStorage) and limited analytics. We do not use third-party advertising cookies or cross-site tracking for behavioral advertising.

You may disable cookies via your browser settings, but doing so may prevent sign-in or break core gameplay features (for example, tracking your progress).

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (as amended). We disclose information only as described below.

Service providers (processors)

We share information with vendors that process data on our behalf under written data-processing terms, including hosting, database, authentication, email delivery, error monitoring, and analytics providers. These processors are permitted to use the information only to provide services to us.

Public leaderboard

Your chosen display name, total star count, levels completed, and last-played date are visible to other users on the public leaderboard. Do not choose a display name that reveals personal information you do not want publicly associated with your gameplay.

Legal and safety

We may disclose information to comply with applicable law, regulation, legal process, or governmental request; to enforce our Terms; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of the Company, our users, or others.

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to customary confidentiality protections.

With your consent

We will share information for other purposes with your consent or at your direction.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases to process your personal information:

• Performance of a contract — to provide the Service you request, including authentication and progress tracking.
• Legitimate interests — to secure the Service, prevent fraud and abuse, measure and improve product performance, and communicate with you about the Service, balanced against your rights and expectations.
• Legal obligation — to comply with applicable law and respond to lawful requests.
• Consent — where we have requested your consent, for example for optional analytics or communications, which you may withdraw at any time.

We are based in the United States and our service providers may process information in the United States and other jurisdictions. Where required by law, we rely on lawful data-transfer mechanisms, including the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum.

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Gameplay data is retained for as long as your account is active and for a reasonable period thereafter to support rolling leaderboards and analytics. You may request deletion of your account and associated personal information as described in Section 9.

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, alteration, and destruction, including transport-layer encryption (TLS), access controls, and database-level row security. No system is perfectly secure; we cannot guarantee the security of information you transmit to us or that we store. Please notify us promptly at privacy@brngym.com if you believe your account has been compromised.

Account management

You can review and update your display name and related information in the profile area of the Service. You may sign out at any time and request deletion of your account by contacting privacy@brngym.com.

California (CCPA/CPRA)

Subject to verification of identity and applicable exceptions, California residents have the right to: (a) know the categories of personal information we have collected and the business purposes for processing, (b) access specific pieces of personal information, (c) request deletion, (d) request correction of inaccurate information, and (e) limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. You may exercise these rights by contacting us at privacy@brngym.com. You may designate an authorized agent to make requests on your behalf; we may require proof of authorization. We will not discriminate against you for exercising your rights.

EEA, UK, and Switzerland

Subject to applicable law, you have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to processing based on legitimate interests. You may lodge a complaint with your local supervisory authority; however, we encourage you to contact us first at privacy@brngym.com so we can try to resolve your concern.

How to exercise your rights

Submit requests to privacy@brngym.com. For security, we may need to verify your identity before processing the request. We will respond within the timeframes required by applicable law.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information. Parents or guardians who believe their child has provided us information may contact privacy@brngym.com.

Some browsers offer a “Do Not Track” signal. Because no common industry standard for Do Not Track has been adopted, the Service does not currently respond to Do Not Track signals. We will update this section if that changes.

The Service may contain links to third-party websites or services that we do not operate. This Policy does not apply to those third parties, and we are not responsible for their practices. We encourage you to review the privacy notices of any third-party site you visit.

We may update this Policy from time to time. If we make material changes, we will provide reasonable notice, such as by updating the Effective Date above and, where appropriate, notifying you within the Service or by email. Your continued use of the Service after the change takes effect constitutes your acceptance of the revised Policy.

For questions about this Policy or our privacy practices, or to exercise any rights under applicable law, please contact us at privacy@brngym.com or by mail to: