BRAGIflash Privacy Policy

Effective date: February 24, 2026 · Last updated: February 24, 2026

At-a-glance summary

(Not a substitute for the full policy)

• We collect account and profile information (e.g., username, email if you provide it, nickname, and optional profile photo) and learning data (e.g., words, collections, progress).
• We collect basic device and usage data (e.g., IP address, device identifiers, app events, logs, and crash data) to run, secure, and improve the Service.
• We do not collect precise location data.
• If you use translation or OCR-related AI features, we send the text you choose to third-party providers (e.g., DeepL and other AI/OCR vendors). We try to avoid sending direct identifiers with those requests.
• We use cookies and similar technologies on our website, including analytics cookies (e.g., Google Analytics) where enabled.
• You can delete your account and associated data from within the app; deletion is initiated immediately.
• If you are in the EEA/UK/Switzerland (and in many other regions), you have privacy rights such as access, deletion, and objection.

1. Scope and who we are

This Privacy Policy explains how BRAGIflash ("BRAGIflash", "we", "us", or "our") collects, uses, shares, and otherwise processes personal information when you use our mobile apps (iOS and Android), our web app, and our website at www.bragiflash.app (collectively, the "Service").

If a separate privacy notice is presented for a specific feature, promotion, or region, that notice will apply to that context in addition to this Policy.

Controller / data controller
BRAGIflash
Sonnenhof, 8808 Pfäffikon, Switzerland
Email: bragiflash.privacy@gmail.com

2. Information we collect

We collect information in three main ways: (a) information you provide, (b) information collected automatically when you use the Service, and (c) information received from third parties.

2.1 Information you provide

• Account information: When you create an account, we collect credentials and identifiers such as username and authentication data. Authentication is handled via Supabase Auth.
• Profile information: You may add a nickname and profile photo. Providing a profile photo is optional.
• Learning content and progress: We store the words you save, your collections/lists, practice results, and learning progress.
• Text you choose to translate or process: If you use translation or OCR-related features, we process the text you submit.
• Support communications: If you contact us, we will collect the information you choose to share.

2.2 Information we collect automatically

• Device and network data: IP address, device identifiers, device model, operating system version, app version, language settings, and similar technical data.
• Usage data: Events/telemetry about how you use the Service.
• Logs and crash reports: Diagnostic information to help us detect, prevent, and fix errors and abuse.

We do not collect precise geolocation data (such as GPS coordinates).

2.3 Information from third parties

• App stores and platform providers (e.g., Apple App Store, Google Play).
• Payment/subscription vendors (planned: Stripe, Apple, Google, RevenueCat). We do not receive full payment card numbers.
• Analytics and crash reporting providers that provide aggregated or pseudonymous diagnostics and measurement data.

3. How we use information

We use personal information to:

• Provide, operate, and maintain the Service.
• Process translations and OCR-related requests you initiate.
• Personalize your learning experience.
• Monitor, protect, and secure the Service.
• Measure and improve the Service.
• Communicate with you about the Service.
• Send marketing communications where permitted by law and/or with your consent (you can opt out).
• Comply with legal obligations and enforce our terms.

4. Legal bases (EEA/UK/Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process personal data only when we have a valid legal basis:

• Contract: to provide the Service you request.
• Legitimate interests: to secure, operate, and improve the Service.
• Consent: where we ask for it. You can withdraw consent at any time.
• Legal obligation: to comply with laws, regulations, or lawful requests.

5. How we share information

We share personal information only as necessary to operate the Service, comply with law, and protect our users and rights. We do not sell personal information.

5.1 Service providers

We use vendors and processors to host, maintain, and support the Service, including Supabase (Germany region), OVH (website hosting), and analytics/crash monitoring providers.

5.2 Translation, OCR, and AI providers

When you use translation features, we send text to DeepL API. When you use OCR-related AI features, we may send text to third-party OCR/AI providers. We aim to avoid sending direct user identifiers with these requests.

Important: third-party providers may process your text in accordance with their own terms and privacy policies. We recommend you avoid submitting sensitive or confidential information.

5.3 Legal and safety

We may disclose information to comply with law, protect security, prevent fraud, or protect rights.

5.4 Business transfers

Information may be transferred as part of a merger, acquisition, or sale of assets. We will provide notice as required by law.

6. International data transfers

BRAGIflash is based in Switzerland and serves users worldwide. Your information may be processed in countries other than your country of residence.

Where required, we rely on appropriate safeguards for cross-border transfers (such as Standard Contractual Clauses or other lawful mechanisms).

7. Cookies and similar technologies

We use cookies and similar technologies on our website to operate the Service, remember preferences, and measure performance. Where required by law, we will request your consent for non-essential cookies via a cookie banner.

You can manage cookies through the banner (where available) and through your browser settings.

8. Your choices and controls

• Account information: You can review or update certain profile information in the app.
• Marketing communications: You can opt out using the unsubscribe link or by contacting us.
• Device permissions: You can control permissions (e.g., camera access for OCR) through your device settings.
• Cookies: You can manage cookie preferences through the cookie banner and browser settings.
• AI features: You can choose not to use OCR/AI or translation features that require sending content to a third-party provider.

9. Your privacy rights

Depending on where you live, you may have rights regarding your personal information, such as access, correction, deletion, portability, restriction, and the right to object to certain processing.

EEA/UK/Switzerland: You also have the right to lodge a complaint with your local data protection authority.

United States: You may have rights to access, delete, and opt out of certain disclosures for targeted advertising, subject to applicable law.

To exercise your rights, contact us at bragiflash.privacy@gmail.com.

10. Data retention

• Account data: if you delete your account, we initiate deletion immediately; residual copies may persist for a limited period consistent with backup cycles.
• Closed accounts: we generally retain account-related records for up to 6 months after account closure.
• Logs and security records: we generally retain logs for up to 12 months.

11. Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit (TLS), hashed passwords, access controls, and monitoring. Two-factor authentication (2FA) is available but not required.

No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

12. Children and teens

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are under 13, please do not create an account or submit personal information.

In the EEA/UK and other regions, different ages of digital consent may apply. If you are under the age of digital consent in your country, please use the Service only with the involvement of a parent or guardian.

If you believe a child has provided personal information to us without appropriate consent, contact us at bragiflash.privacy@gmail.com.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice through the Service or by other means as required by law. The "Last updated" date at the top indicates when this Policy was most recently revised.

14. Contact us

If you have questions, requests, or complaints about privacy, contact us at:

BRAGIflash
Sonnenhof, 8808 Pfäffikon, Switzerland
bragiflash.privacy@gmail.com