UniBrain (“we”, “us”, “our”) operates the unibrain.com.au website and associated services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered study assistant platform. We comply with the General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988.
2. Data We Collect
2.1 Information You Provide
Account Information: Name, email address, university affiliation, semester, and password (hashed).
Academic Content: Subjects, study materials, flashcards, and quiz responses you create.
Conversations: Chat messages with AI tutors for educational assistance.
Assessment Data: Quiz scores, study progress, and performance analytics.
Integration Data: Canvas LMS and Google Calendar data accessed with your explicit consent.
2.2 Information Collected Automatically
Usage Data: Pages visited, features used, session duration, and interaction patterns.
Right to Data Portability: Receive your data in a structured, commonly used format.
Right to Object: Object to processing of your data for specific purposes.
Right to Withdraw Consent: Withdraw consent for analytics and marketing at any time via Privacy Settings.
Right to Lodge a Complaint: Contact the Office of the Australian Information Commissioner or your local supervisory authority.
7. Data Storage & Security
Your data is stored on secure servers. We implement industry-standard security measures including:
AES-256-GCM encryption for sensitive tokens (Canvas API keys)
Bcrypt password hashing
HTTPS/TLS 1.3 for all data in transit
Authentication tokens stored as secure, httpOnly cookies
Regular database backups with 30-day retention
Access controls and audit logging
Regular security audits and penetration testing
8. Data Retention
Active Account Data: Retained for as long as your account is active.
Account Deletion: When you request account deletion, your data enters a 30-day grace period during which you can cancel the deletion. After 30 days, all personal data is permanently erased.
AI Training Data: If you opt in, anonymized data may be retained indefinitely for model improvement.
Analytics Data: Aggregated analytics data (non-personal) may be retained for up to 2 years.
9. Children's Privacy
UniBrain is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal data, we will delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date. For material changes, we will send a notification to the email address associated with your account.
11. Contact Us
For privacy-related inquiries or to exercise your data rights, contact us at: privacy@unibrain.com.au
We will respond to all requests within 30 days as required by GDPR.