Privacy Policy

This Privacy Policy (the "Policy") explains how Treasure Play Pte. Ltd. ("Brainvolt", "Company", "we", "us", "our") collects, uses, discloses, and protects your personal data when you use Brainvolt — our AI workspace that connects your tools, knowledge, and conversations (the "Service") — and our websites at brainvolt.com (the "Site"). It should be read together with our Terms of Service.

Treasure Play Pte. Ltd. is the data controller for personal data processed through the Service. We are committed to handling personal data in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA") and, where applicable, the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and other applicable data protection laws.

For the purposes of this Policy, "personal data" means any information that, alone or together with other information, can identify a particular individual.

Personal data we collect

• Account information: your name, email address, and authentication details. We support email one-time-code sign-in and Google sign-in; if you use Google sign-in, we receive your basic Google profile (name, email) from Google.
• Content you provide: the messages, prompts, files, documents, notes, and other content you create, upload, or store in the Service ("User Content").
• Connected-app data: when you connect a third-party application (for example GitHub, Slack, Google Workspace, Google Calendar, or BigQuery), we access and process data from that application as needed to perform the actions you request. You control which apps are connected and can disconnect them at any time.
• Credentials you supply: API keys and OAuth tokens for the third-party apps you connect. These are stored encrypted and are used only to operate the integrations you enable.
• Usage and device data: IP address, browser and operating-system type, device identifiers, pages viewed, features used, and similar telemetry collected automatically when you use the Site or Service.
• Communications: messages you send us (for example support requests) and records of our responses.
• Marketing data: if you join a waitlist or sign up for updates, your email address, any self-described segment, and basic attribution data (such as UTM parameters).
• Cookies and similar technologies: as described in the Cookie Policy.

How we use personal data

• To provide the Service: to authenticate you, run the AI workspace, process your requests, operate your connected apps, and store your User Content.
• AI processing: to generate responses and perform the tasks you request, we transmit the relevant prompts, User Content, and connected-app context to the AI model provider that powers the model you (or your workspace settings) select (see Sub-processors). We do not use your User Content to train our own models. For the models we make available by default, we engage providers under business or API terms that do not permit them to use your inputs or outputs to train their general models, and we maintain data-processing agreements with those providers. Some models may be offered as optional and clearly labelled choices that operate under different terms — including providers that may retain inputs or use them to improve their models — and you decide whether to enable and use them. We identify each provider, and its role and location, on our Sub-processors page.
• To secure and improve the Service: to monitor for abuse, debug, analyze usage, and develop new features.
• To communicate with you: to send transactional messages (such as sign-in codes and service notices) and, where you have opted in or where permitted, marketing communications.
• To comply with law: to meet legal obligations and enforce our terms.

Legal bases for processing (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Performance of a contract — to provide the Service you have requested.
• Legitimate interests — to secure, analyze, and improve the Service, where not overridden by your rights.
• Consent — for non-essential cookies and certain marketing. You may withdraw consent at any time, including via Manage consent.
• Legal obligation — where processing is required by law.

Disclosure and sub-processors

We share personal data with service providers who process it on our behalf to operate the Service — including cloud hosting, AI model inference, analytics, and email delivery. A current list is maintained on our Sub-processors page. We may also disclose personal data to comply with law, to protect our rights, or in connection with a corporate transaction. We do not sell your personal data.

International transfers

We are based in Singapore and use service providers located in the United States and elsewhere. Where personal data is transferred outside your jurisdiction, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) and take steps to ensure a comparable level of protection.

Data retention

We retain personal data for as long as needed to provide the Service and for legitimate business or legal purposes. You can delete your content within the product, and you can request deletion of your account by contacting us. Some data may persist in backups for a limited period before being overwritten.

Your rights

Depending on your location, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. EEA/UK residents may lodge a complaint with a supervisory authority. California residents have rights under the CCPA/CPRA, including to know, delete, correct, and opt out of "sale"/"sharing" of personal information (we do not sell personal information). To exercise any right, contact us at privacy@brainvolt.com.

Security

We use technical and organizational measures designed to protect personal data, including encryption of connected-app credentials, access controls, and isolation between workspaces. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, please contact us so we can delete it.

Cookies

We use essential cookies to operate the Service and, on the Site, non-essential cookies for analytics and advertising measurement subject to your consent. See the Cookie Policy for details, and manage your choices any time via Manage consent.

Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected here with an updated date. Your continued use of the Service after an update constitutes acceptance of the revised Policy.

Contact us

If you have any questions or concerns about this Policy or our privacy practices, contact us at privacy@brainvolt.com, or by writing to us at: Treasure Play Pte. Ltd., 68 Circular Road, #02-01, 049422, Singapore.