Privacy policy
Privacy policy
Privacy policy
Introduction
BRAIN.ONE, Inc. (“BRAIN.ONE,” “we,” “us,” or “our”) provides a brain fitness, neurotechnology, and digital wellness platform that may include self-guided assessments, neural/EEG data collection tools, educational protocols, wearable and device integrations, and, where available, a client portal that may connect users with independent licensed clinicians or other health care providers (collectively, the “Services”). BRAIN.ONE is not a medical provider, is not a mental health platform, and does not itself provide medical, clinical, therapeutic, counseling, telehealth, emergency, or crisis-response services. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights available to you. It is incorporated into, and forms part of, our Terms of Service.
If you are using the Services on behalf of a minor with your consent as a parent or legal guardian, you agree to this Privacy Policy on that minor’s behalf.
If you are a resident of California, Colorado, Connecticut, Virginia, Nevada, Maryland, Maine, or another U.S. state with consumer privacy protections, please see Section 10 (Your Privacy Rights) below. For information specifically about health-related data — including neural data — please also see our separate Consumer Health Data Privacy Policy.
Where the law requires your affirmative, opt-in consent before we collect or use sensitive categories of information, including neural data and other consumer health data, we ask for that consent separately and specifically, rather than relying on your general use of the Services as consent.
This Privacy Policy does not apply to information we collect offline, through other companies’ websites or applications, or through third-party content or advertising that may link to or be accessible from the Services.
BRAIN.ONE, Inc. (“BRAIN.ONE,” “we,” “us,” or “our”) provides a brain fitness, neurotechnology, and digital wellness platform that may include self-guided assessments, neural/EEG data collection tools, educational protocols, wearable and device integrations, and, where available, a client portal that may connect users with independent licensed clinicians or other health care providers (collectively, the “Services”). BRAIN.ONE is not a medical provider, is not a mental health platform, and does not itself provide medical, clinical, therapeutic, counseling, telehealth, emergency, or crisis-response services. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights available to you. It is incorporated into, and forms part of, our Terms of Service.
If you are using the Services on behalf of a minor with your consent as a parent or legal guardian, you agree to this Privacy Policy on that minor’s behalf.
If you are a resident of California, Colorado, Connecticut, Virginia, Nevada, Maryland, Maine, or another U.S. state with consumer privacy protections, please see Section 10 (Your Privacy Rights) below. For information specifically about health-related data — including neural data — please also see our separate Consumer Health Data Privacy Policy.
Where the law requires your affirmative, opt-in consent before we collect or use sensitive categories of information, including neural data and other consumer health data, we ask for that consent separately and specifically, rather than relying on your general use of the Services as consent.
This Privacy Policy does not apply to information we collect offline, through other companies’ websites or applications, or through third-party content or advertising that may link to or be accessible from the Services.
2. Scope; Updates to This Policy
3. Personal Information We Collect
We collect the following categories of personal information about you, depending on how you use the Services:
• Identifiers: name, email address, phone number, account username, and device or IP address identifiers.
• Account & Profile Information: date of birth or age range, self-reported demographic information, state of residency, and emergency contact information.
• Neural and Biometric Data (Sensitive): EEG readings, brainwave patterns, and other data generated by neurotechnology devices or sensors used with the Services, as well as other biometric identifiers if you enable biometric login.
• Consumer Health Data (Sensitive): self-assessment responses, health history, symptoms, medications, self-reported diagnoses, clinician-provided information where authorized, and other information related to your physical, cognitive, emotional, or mental health. See our Consumer Health Data Privacy Policy for more detail.
• Client Portal & Communications: messages, appointment records, and other communications exchanged with independent licensed clinicians through the client portal, to the extent BRAIN.ONE has access to them.
• Payment Information: billing name, billing address, and payment card information, processed by our third-party payment processor. We do not store full payment card numbers.
• Device, Wearable & Usage Data: browser type, operating system, pages viewed, session duration, referring URLs, wearable or device data you authorize, and similar analytics collected automatically through cookies and similar technologies.
• Precise Geolocation Data (Sensitive): only if you enable location services.
• Inferences: inferences we draw from the categories above to personalize the Services, such as engagement patterns or suggested content.
We collect this information directly from you, automatically from your device, wearable, or neurotechnology hardware, and, in limited cases, from third parties such as a clinician you have separately authorized to share information with us, or our service providers.
We collect the following categories of personal information about you, depending on how you use the Services:
• Identifiers: name, email address, phone number, account username, and device or IP address identifiers.
• Account & Profile Information: date of birth or age range, self-reported demographic information, state of residency, and emergency contact information.
• Neural and Biometric Data (Sensitive): EEG readings, brainwave patterns, and other data generated by neurotechnology devices or sensors used with the Services, as well as other biometric identifiers if you enable biometric login.
• Consumer Health Data (Sensitive): self-assessment responses, health history, symptoms, medications, self-reported diagnoses, clinician-provided information where authorized, and other information related to your physical, cognitive, emotional, or mental health. See our Consumer Health Data Privacy Policy for more detail.
• Client Portal & Communications: messages, appointment records, and other communications exchanged with independent licensed clinicians through the client portal, to the extent BRAIN.ONE has access to them.
• Payment Information: billing name, billing address, and payment card information, processed by our third-party payment processor. We do not store full payment card numbers.
• Device, Wearable & Usage Data: browser type, operating system, pages viewed, session duration, referring URLs, wearable or device data you authorize, and similar analytics collected automatically through cookies and similar technologies.
• Precise Geolocation Data (Sensitive): only if you enable location services.
• Inferences: inferences we draw from the categories above to personalize the Services, such as engagement patterns or suggested content.
We collect this information directly from you, automatically from your device, wearable, or neurotechnology hardware, and, in limited cases, from third parties such as a clinician you have separately authorized to share information with us, or our service providers.
4. How We Use Personal Information
We use personal information to:
• Provide, maintain, and improve the Services, including performing and scoring selfassessments, displaying educational information, supporting protocol tracking, and facilitating the client portal where available;
• Enable independent licensed clinicians you choose to work with to review your assessment results and neural/health data for treatment or care-related purposes at your direction;
• Communicate with you, including account, security, and appointment-related messages;
• Process payments;
• Detect, investigate, and prevent fraud, abuse, and security incidents;
• Comply with our legal obligations; and
• With your separate, opt-in consent where required by law, improve our algorithms, conduct research, or use neural data or consumer health data for other secondary purposes.
We do not use neural data or other sensitive or consumer health data for advertising, and we do not use it to make decisions that produce legal or similarly significant effects about you without appropriate human review.
We use personal information to:
• Provide, maintain, and improve the Services, including performing and scoring selfassessments, displaying educational information, supporting protocol tracking, and facilitating the client portal where available;
• Enable independent licensed clinicians you choose to work with to review your assessment results and neural/health data for treatment or care-related purposes at your direction;
• Communicate with you, including account, security, and appointment-related messages;
• Process payments;
• Detect, investigate, and prevent fraud, abuse, and security incidents;
• Comply with our legal obligations; and
• With your separate, opt-in consent where required by law, improve our algorithms, conduct research, or use neural data or consumer health data for other secondary purposes.
We do not use neural data or other sensitive or consumer health data for advertising, and we do not use it to make decisions that produce legal or similarly significant effects about you without appropriate human review.
5. How We Share Personal Information
6. Cookies, Analytics, and Tracking Technologies
We and our service providers use cookies, pixels, and similar technologies to operate the Services, remember your preferences, and understand usage patterns. We honor recognized optout preference signals, including the Global Privacy Control (“GPC”), as a valid method of exercising your right to opt out of the sale or sharing of personal information and targeted advertising, where required by applicable state law. Our systems do not currently treat legacy browser “Do Not Track” signals as distinct from GPC, so we do not respond to Do Not Track signals separately, but we do honor GPC.
App Tracking Transparency and Cross-App Tracking: To the extent we or our service providers use tracking technologies that track your activity across other companies’ apps or websites for cross-app tracking or advertising purposes, we will request your permission through Apple’s App Tracking Transparency framework, where applicable, before doing so, and we will provide equivalent notice and choice mechanisms on other platforms, such as Android, consistent with that platform’s requirements. As described in Section 5 above, we do not currently sell or share personal information for cross-context behavioral advertising.
We and our service providers use cookies, pixels, and similar technologies to operate the Services, remember your preferences, and understand usage patterns. We honor recognized optout preference signals, including the Global Privacy Control (“GPC”), as a valid method of exercising your right to opt out of the sale or sharing of personal information and targeted advertising, where required by applicable state law. Our systems do not currently treat legacy browser “Do Not Track” signals as distinct from GPC, so we do not respond to Do Not Track signals separately, but we do honor GPC.
App Tracking Transparency and Cross-App Tracking: To the extent we or our service providers use tracking technologies that track your activity across other companies’ apps or websites for cross-app tracking or advertising purposes, we will request your permission through Apple’s App Tracking Transparency framework, where applicable, before doing so, and we will provide equivalent notice and choice mechanisms on other platforms, such as Android, consistent with that platform’s requirements. As described in Section 5 above, we do not currently sell or share personal information for cross-context behavioral advertising.
7. Data Retention
8. Data Security
9. Children’s Privacy
10. Your Privacy Rights
11. Consumer Health Data
12. HIPAA Notice
13. FTC Health Breach Notification Rule
14. Research Participation
15. Contact Us
© 2026 BRAIN.ONE
© 2026 BRAIN.ONE
© 2026 BRAIN.ONE
