Privacy Policy

1. Introduction

This Privacy Policy describes how this hosted demonstration instance of Brain Rot Factory collects, uses, and protects your personal information when you use our AI-powered entertainment platform.

We are committed to protecting your privacy and complying with the Brazilian General Data Protection Law (LGPD). Note that this policy applies only to this hosted instance - if you use the open source code to host your own instance, you will be responsible for your own privacy practices.

2. Data We Collect

Personal Data

• Authentication Data: When you sign in with GitHub, we collect your GitHub username, email address, and public profile information
• Usage Data: Chat messages, character preferences, session data, and interaction patterns
• Technical Data: IP address, browser type, device information, access logs, and anonymized analytics data

Non-Personal Data

• Aggregated usage statistics and performance metrics
• Error logs and system performance data
• Anonymous demographic and behavioral analytics

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under LGPD:

• Consent: For optional features like analytics and marketing communications
• Contract Performance: To provide the core services you've requested
• Legitimate Interest: For security, fraud prevention, and service improvement
• Legal Obligation: When required by Brazilian law or legal authorities

4. How We Use Your Data

• Provide and maintain our AI conversation service
• Authenticate users and manage accounts
• Generate personalized AI responses and maintain conversation context
• Implement rate limiting and prevent abuse
• Collect anonymized analytics data to improve service quality
• Comply with legal obligations and respond to legal requests

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data only in the following circumstances:

• Service Providers: Third-party services including AI providers (OpenAI, DeepSeek), hosting services (Vercel), and analytics (Vercel Analytics). Note: Advertisement services (Google AdMob) are prepared but currently inactive.
• Legal Requirements: When required by law, court order, or government authorities
• Business Transfers: In case of merger, acquisition, or sale of assets (with prior notice)

6. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data:

Security Measures

• Encryption in transit and at rest
• Access controls and authentication systems
• Regular security audits and monitoring
• Employee training on data protection

7. Inactive Features

While our codebase includes preparation for certain features, they are currently inactive:

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Retained while your account is active, deleted upon account closure
• Chat Data: Session data deleted immediately after conversation, no permanent storage
• Analytics Data: Aggregated data retained for up to 2 years for service improvement
• Cache Data: Temporary storage for performance, automatically deleted within 24 hours

9. Your Rights - LGPD Rights

Under LGPD, you have the following rights regarding your personal data:

• Right to Access: Request information about what personal data we process about you
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data (subject to legal obligations)
• Right to Portability: Request your data in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Complaint: File a complaint with ANPD (Brazilian Data Protection Authority)
• Right to Information: Receive clear information about data processing activities

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

Types of Cookies

• Essential Cookies: Required for authentication and basic functionality
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use our service (with your consent)

11. International Data Transfers

Some of our service providers may be located outside Brazil. We ensure appropriate safeguards are in place and transfers comply with LGPD requirements.

12. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the 'Last Updated' date.

14. Contact Information

If you have questions about this Privacy Policy or want to exercise your rights: