מדיניות הפרטיות של בריינאפ

Effective Date: July 11, 2025

1. Introduction

This Privacy Policy describes how אלונה רסק'ן, operating the BrainUp neuropsychology and child development center (hereinafter – "BrainUp", "we", or "us"), collects, uses, stores, and discloses information obtained from users ("User", "you") of the BrainUp website (www.brainup.center), the BrainUp mobile application (hereinafter – "the App"), and all services provided by BrainUp (hereinafter – "the Service"). This policy also explains your rights regarding your personal data.

We are committed to protecting your privacy and processing your personal data in accordance with applicable data protection laws, including, but not limited to, the General Data Protection Regulation (GDPR), if applicable, and the laws of the State of Israel.

2. Information Collected and Purposes of Use

We collect the following types of information from Users exclusively for the purpose of providing the functions of the Service or App, and for purposes consistent with policies and that do not violate Users' reasonable expectations. The use of information for undeclared purposes is prohibited.

a) Personal Data: Information that can be used to identify or contact you. This information is collected when you:

Register to use the Service or the App (e.g., first name, last name, email address, phone number, child's name and age, child's date of birth). Purpose: creating and managing user accounts, providing access to services.
Complete developmental questionnaires about a child (e.g., speech skills, general knowledge, reason for contact, previous educational experience). Purpose: conducting developmental assessments, developing individualized development plans, personalizing services.
Purchase services or goods (e.g., payment information, such as credit card details – we do not store full card data; it is processed by third-party payment systems). Purpose: processing payments, fulfilling orders.
Contact us for support or consultation. Purpose: providing customer support, responding to inquiries.
Participate in our early development groups, individual sessions, or workshops (information about progress and developmental specifics, specialist notes). Purpose: providing developmental services, monitoring progress, adapting methodologies.
Interact with our community (if applicable, e.g., messages, comments). Purpose: enabling community functionality, improving user interaction.

b) Non-Personalized Information: Information that does not directly identify you but may be linked to your device or behavior. This information may include:

Browser and device type, IP address, language preferences. Purpose: ensuring correct Service operation, improving user experience.
Time of access to the Service, pages viewed or App features used, App usage data (e.g., frequency of feature use, time spent in the App). Purpose: analyzing Service usage, improving its functionality, and developing new services.
Data on interaction with promotional messages. Purpose: evaluating the effectiveness of marketing campaigns.

c) Personal and Sensitive User Data (including Health Data): Personal and sensitive data include, among others, health data such as information about diagnoses, developmental specifics, progress, obtained through developmental assessment and support.

Purposes of Processing Personal and Sensitive Data: We process personal and sensitive user data exclusively for the purpose of providing the core functions of the Service related to developmental assistance and support, namely:

Conducting developmental assessments.
Developing and implementing individualized development plans and developmental support.
Monitoring a child's progress and adapting methodologies during sessions.
Providing personalized support and recommendations.

The processing of such data is based on your explicit consent and is strictly limited to the purposes necessary for providing our services. We commit not to sell personal and sensitive user data.

3. How We Use Collected Information (General Purposes)

In addition to the purposes specified above for specific data types, we use collected information for:

Providing and Improving the Service: For access to services, order processing, account management.
Communication: For contacting you regarding your account, services, responding to inquiries, sending important information and notifications.
Marketing and Promotion: For sending you promotional messages (with your consent). You can opt out of receiving such messages at any time.
Analysis and Research: For analyzing Service usage, identifying trends, improving functionality, developing new services.
Compliance with Legal Obligations: For fulfilling our legal obligations, resolving disputes, and ensuring compliance with our Terms of Use.

4. Disclosure of Information to Third Parties

We do not sell, trade, or rent Users' personal data to third parties. We may disclose data if required by applicable law (e.g., by government agency request) or a merger/asset sale transaction, by notifying Users in a legally acceptable manner.

We may disclose your information in the following cases:

Service Providers: We may use third-party service providers to perform functions on our behalf (e.g., payment processing, data hosting, analytics, email sending, technical support). These providers have access to personal data only to the extent necessary to perform their functions and are obligated to maintain confidentiality. We also ensure that third-party SDKs and their providers comply with Google Play Developer Program Policies, including requirements regarding the non-distribution and non-sale of personal and sensitive data from the App.
Payment Systems: To process your payments, we use third-party payment systems that process your payment data directly. We do not store sensitive payment information on our servers.
With Your Consent: We may share your information with third parties with your explicit consent.
Aggregated/Depersonalized Data: We may transfer aggregated or depersonalized information that does not allow the identification of individual Users for marketing, advertising, or other purposes.

5. Data Storage and Security

We process all personal and sensitive user data securely, including through the use of modern encryption methods, such as HTTPS protocol. We take reasonable security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include internal reviews of our data collection, storage, and processing practices, as well as security measures, including encryption and physical security measures to protect systems where we store personal data.

Your personal data is stored on secure servers, which may be located in Israel or outside its borders. When transferring data outside the European Economic Area (EEA), if applicable, we ensure an adequate level of protection in accordance with the GDPR.

6. Data Retention and Deletion Policy

We retain your personal information for as long as necessary for the purposes for which it was collected, including fulfilling our legal obligations, resolving disputes, and enforcing our agreements. Once your data is no longer required for these purposes, we securely delete or anonymize it.

If Users can create accounts directly in the App, the App must also provide an easy-to-find option to request account deletion. Users must also be able to request account deletion outside the App, for example, on our website, by sending a request to our contact email.

Upon account deletion by User request, we also delete user data associated with that account. Temporary deactivation, disabling, or suspension of an account is not considered deletion. If we need to retain certain information for legitimate purposes (e.g., for security, fraud prevention, or regulatory compliance), we are obliged to explicitly inform Users about our data retention policies, for example, in this Privacy Policy.

7. Your Rights

In accordance with applicable data protection laws, you have the following rights regarding your personal data:

Right to Access: You have the right to request a copy of your personal data that we hold.
Right to Rectification: You have the right to request the correction of any inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain conditions.
Right to Restriction of Processing: You have the right to request the restriction of processing your data under certain conditions.
Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format and to transmit it to another organization.
Right to Object: You have the right to object to the processing of your data under certain conditions.
Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw it at any time.

To exercise these rights, please contact us using the contact information provided in Section 9.

8. Changes to This Privacy Policy

We reserve the right to periodically update or modify this Privacy Policy. Any changes will become effective immediately upon publication of the revised Privacy Policy on the website and in the App. We encourage you to review this page regularly to stay informed of any changes.

9. Contact Information (Point of Contact for Privacy Concerns)

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: brainup.israel@gmail.com

10. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Israel, without regard to its conflict of laws principles.

11. Use of App Set ID

Android may provide a new App Set ID for specific use cases, such as analytics and fraud prevention.

Usage: The App Set ID cannot be used for ad personalization and analysis.
Linking with Information: The App Set ID cannot be linked for advertising purposes with Android identifiers (e.g., AAID) or any personal and sensitive data.
Transparency and Consent: In this Privacy Policy, which complies with legal requirements, we inform the User about the collection and use of App identifiers.

12. Data Privacy Frameworks (for EU/UK/Switzerland Data)

If we access personal data of Users provided by Google and generated in the European Economic Economy, the United Kingdom, or Switzerland (hereinafter – EU Generated Personal Data), and use or process this information from which a person can be directly or indirectly identified, we undertake to:

Comply with all applicable laws, directives, regulations, and rules regarding privacy, security, and data protection.
Access and use personal data only for the purposes to which its owner has consented.
Apply necessary organizational and technical measures to protect EU Generated Personal Data from loss, unauthorized use, unauthorized or unlawful access, disclosure, alteration, and destruction.
Ensure the necessary level of data protection in accordance with the principles of the data privacy framework agreement or use an existing data transfer mechanism in accordance with Google's Data Protection Terms for Controller-to-Controller Data Transfers. We are obliged to regularly review these requirements. If compliance becomes impossible or there is a serious risk that we cannot ensure compliance, we will immediately notify Google at data-protection-office@google.com and immediately cease processing EU Generated Personal Data or restore the necessary level of its protection as soon as possible.

13. Provisions for Websites with User Communities

If your website or mobile application includes a user community, all users who join the community will have a public profile that is publicly visible to Service visitors, and their public activity (e.g., their posts or comments) will be visible to other Service visitors. A user can always opt out and leave the community, in which case their profile will no longer be public. Naturally, in such a case, the user will not be able to use community features (e.g., commenting or posting messages).