Back

UniBrain

Privacy Policy

Last updated: May 21, 2026

1. Introduction

UniBrain (“we”, “us”, “our”) operates the unibrain.com.au website and associated services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered study assistant platform. We comply with the General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988.

2. Data We Collect

2.1 Information You Provide

  • Account Information: Name, email address, university affiliation, semester, and password (hashed).
  • Academic Content: Subjects, study materials, flashcards, and quiz responses you create.
  • Conversations: Chat messages with AI tutors for educational assistance.
  • Assessment Data: Quiz scores, study progress, and performance analytics.
  • Integration Data: Canvas LMS and Google Calendar data accessed with your explicit consent.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, session duration, and interaction patterns.
  • Device Information: Browser type, operating system, screen resolution, and device type.
  • Cookies: Essential cookies for authentication, plus optional analytics and marketing cookies (see Section 5).

2.3 AI-Generated Data

  • AI Responses: Responses generated by our AI tutors during your study sessions.
  • Study Recommendations: Personalized suggestions based on your learning patterns.

3. How We Use Your Data

  • Service Delivery: Provide, maintain, and improve our AI tutoring and study features.
  • Personalization: Tailor study recommendations and content to your learning needs.
  • Analytics: Understand usage patterns to improve our platform (only with your consent).
  • Communication: Send service updates, study reminders, and (with consent) marketing emails.
  • AI Improvement: Use anonymized interaction data to improve our AI models (only with your consent).
  • Security: Detect and prevent fraud, abuse, and security breaches.
  • Legal Compliance: Meet obligations under applicable laws and regulations.

4. Data Sharing & Third Parties

We do not sell, trade, or rent your personal information. We may share data only with:

  • Service Providers: AI processing, hosting, and email delivery partners bound by data processing agreements.
  • Integration Partners: Canvas LMS and Google Calendar, only when you explicitly connect these services.
  • Law Enforcement: When required by Australian law or applicable regulations.

All third-party providers are contractually obligated to process your data only as instructed and in compliance with GDPR.

5. Cookie Policy

We use cookies and similar technologies for the following categories:

Necessary Cookies (Always Active)

Required for authentication, security, and core functionality. These cannot be disabled.

Analytics Cookies (Optional)

Help us understand how you use UniBrain so we can improve the experience. Only active with your consent.

Marketing Cookies (Optional)

Used to deliver relevant content and product updates. Only active with your consent.

You can manage your cookie preferences at any time in Privacy Settings.

6. Your Rights

Under the GDPR and Australian Privacy Principles, you have the following rights:

  • Right of Access: Request a copy of all data we hold about you. Export your data →
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure: Request deletion of your personal data. Delete your account →
  • Right to Data Portability: Receive your data in a structured, commonly used format.
  • Right to Object: Object to processing of your data for specific purposes.
  • Right to Withdraw Consent: Withdraw consent for analytics and marketing at any time via Privacy Settings.
  • Right to Lodge a Complaint: Contact the Office of the Australian Information Commissioner or your local supervisory authority.

7. Data Storage & Security

Your data is stored on secure servers. We implement industry-standard security measures including:

  • AES-256-GCM encryption for sensitive tokens (Canvas API keys)
  • Bcrypt password hashing
  • HTTPS/TLS 1.3 for all data in transit
  • Authentication tokens stored as secure, httpOnly cookies
  • Regular database backups with 30-day retention
  • Access controls and audit logging
  • Regular security audits and penetration testing

8. Data Retention

  • Active Account Data: Retained for as long as your account is active.
  • Account Deletion: When you request account deletion, your data enters a 30-day grace period during which you can cancel the deletion. After 30 days, all personal data is permanently erased.
  • AI Training Data: If you opt in, anonymized data may be retained indefinitely for model improvement.
  • Analytics Data: Aggregated analytics data (non-personal) may be retained for up to 2 years.

9. Children's Privacy

UniBrain is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal data, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date. For material changes, we will send a notification to the email address associated with your account.

11. Contact Us

For privacy-related inquiries or to exercise your data rights, contact us at: privacy@unibrain.com.au

We will respond to all requests within 30 days as required by GDPR.

© 2026 UniBrain. All rights reserved.