Mock BrainsMock BrainsBack to home

Legal

Privacy policy

Last updated: June 11, 2026

Who we are

Mock Brains ([COMPANY LEGAL NAME], "we") provides an operations platform that helps your team find operational friction with a Brain Scan and run supporting infrastructure on Brain Cloud. We are the controller for the personal data described here. Contact: [CONTACT EMAIL].

What we collect

  • Account data. Your name, email address, and credentials, managed through Firebase Authentication. We never see or store your raw password.
  • Organization data. The company name and workspace details you provide during onboarding.
  • Brain Scan responses.The answers you give about your team's tools, workflows, and operating friction. Answer about your business, not about identifiable people — the scan never requires personal data about your colleagues or customers.
  • Generated analysis. The recommendations and AI-generated narrative produced from your scan responses.
  • Activity records. Audit entries for security-relevant actions in your workspace (who did what, when).
  • Strictly necessary cookies. A session cookie that keeps you signed in. We set no advertising or analytics cookies. Your theme choice is stored locally in your browser and never sent to us.

How we use it

  • To operate your account, workspace, and deployments (contract).
  • To generate your Brain Scan analysis, including processing your responses with an AI model (contract — it is the product).
  • To secure the service and keep audit records (legitimate interest).
  • To respond when you contact us (legitimate interest).
  • To compute internal fit and priority scores from your scan responses so we can route follow-up and scope a potential engagement (legitimate interest — these scores stay internal and never produce automated decisions with legal effect on you).

We do not sell personal data, and we do not use your data for advertising.

AI processing — what actually happens

When you complete a Brain Scan, a deterministic rules engine produces your structured recommendation. We then send your scan responses to Google Cloud Vertex AI (Gemini) to draft the narrative summary you see on your results page. That output is labeled as AI-generated in the product. Per Google Cloud's terms, your inputs are not used to train Google's foundation models. AI narratives are informational — they are not professional, legal, or financial advice, and a human should review them before acting.

Who processes it for us

Google (Firebase Authentication, Cloud Firestore, Cloud Functions, Firebase Hosting, and Vertex AI) hosts and processes data on our behalf under the Google Cloud Data Processing Addendum. Data is stored in Google Cloud regions in [REGION(S)]. We will maintain a current subprocessor list at this page.

Retention

Account and workspace data is kept while your account is active. Scan sessions, analyses, and audit logs are kept while your organization uses the service. When you delete your account or ask us to, we delete or anonymize personal data within 30 days, except records we must keep for legal, security, or billing reasons.

Your rights

Depending on where you live (including under GDPR, UK GDPR, and CCPA/CPRA), you can ask us to access, correct, export, restrict, or delete your personal data, and you can object to processing based on legitimate interest. Email [CONTACT EMAIL] and we will respond within 30 days. You can also complain to your local supervisory authority. We do not discriminate against you for exercising these rights.

Security

All traffic is encrypted in transit. Sessions use HTTP-only cookies. Access to workspace data is scoped by organization membership and enforced on the server and in database security rules. Data is encrypted at rest by Google Cloud.

Changes

If we materially change this policy we will notify you by email or an in-app notice before the change takes effect.