Skip to content
BrainMeBack — Powered by HAAIS

Legal

Privacy Policy

Effective date: May 18, 2026 · Last updated: May 18, 2026 · Version: 1.0

NOT LEGAL ADVICE — placeholder copy

This page is a placeholder pending review by licensed counsel. Final language will be posted before any production data is collected. If you are evaluating BrainMeBack and need final terms, email shavoni@me.com.

This Privacy Policy describes how Scott S. Parker, an individual residing in California and doing business as “BrainMeBack” (and the successor entity BrainMeBack, Inc. — a Delaware C-Corporation in the process of formation, to which the brand and operating activity will be assigned upon incorporation; collectively, “BrainMeBack,” “we,” “us,” or “our”) collects, uses, and protects information you provide through our marketing website at brainmeback.com (the “Site”). This policy applies only to the marketing website. The BrainMeBack patient mobile application and clinician dashboard are governed by separate, more comprehensive privacy notices delivered in-product at account creation, because those surfaces process Protected Health Information (PHI) under HIPAA.

The marketing Site does not process PHI. If you are a patient or caregiver looking for the in-product privacy notice, please contact your clinician or email shavoni@me.com.

Intended audience. The Site is directed to healthcare professionals and institutions located in the United States. It is not intentionally directed to residents of the European Economic Area, the United Kingdom, or Switzerland. Visitors from those jurisdictions are nonetheless welcome to read public marketing content; see Section 6 for additional information about international transfers and the lawful basis for any processing of your personal information.

1. What we collect

1.1 Demo-request form

When you submit our demo-request form, we collect:

  • Your name
  • Your email address
  • Your professional role
  • Your organization or practice name
  • The clinical condition(s) you optionally indicated interest in
  • The free-text contents of your message

Delivery method. Submitting the demo-request form opens your local email application with a pre-filled message addressed to shavoni@me.com. The message is delivered through your email service provider (which acts as an independent controller of that transmission) and is received by us via our email subprocessor (currently Google Workspace; see brainmeback.com/privacy/subprocessors). We receive only what you choose to send.

1.2 Server logs

Our hosting provider may automatically record standard request metadata for security, abuse prevention, and operational diagnostics. This may include IP address, user-agent string, request timestamp, requested URL, and HTTP response status. These logs are retained for a limited period (see Section 4) and are not used to build advertising or marketing profiles.

1.3 Cookies, analytics, and third-party content

As of the effective date above, the Site does not set first-party tracking cookies and does not load third-party analytics, advertising, or fingerprinting scripts. Web fonts are served via Next.js’s next/font bundler, which downloads font files at build time and serves them from our own origin — your browser does not make runtime requests to a third-party font CDN. If we add analytics in the future, this policy will be updated and — where required by law — a consent mechanism will be presented before any non-essential cookie is set.

1.4 Optional on-site chat widget

The Site offers an optional chat widget powered by an AI assistant. The widget is off by default in the sense that no data is sent anywhere until you click the chat bubble and type a message. When you do:

  • The messages you type are sent to our marketing-chat Supabase Edge Function, which calls Anthropic’s Claude API to generate a reply.
  • Both Supabase and Anthropic act as our subprocessors for this feature. Both are listed at brainmeback.com/privacy/subprocessors.
  • As represented by Anthropic in its API terms as of the effective date of this policy, Anthropic does not train its models on data submitted through the API. Supabase does not persist chat messages to the database; the Edge Function relays them in-memory.
  • The assistant is hard-prompted to refuse clinical advice and to route substantive questions to shavoni@me.com. Please do not paste patient identifiers, medical record numbers, or any other PHI into the chat. If you do, the assistant is instructed not to repeat that information back, but the message will still have been transmitted to our subprocessors.
  • A best-effort per-IP rate limit applies to prevent abuse. Conversation history lives only in your browser tab and is cleared on reload.

1.5 What we do NOT collect on this Site

  • We do not collect Protected Health Information (PHI) through the marketing Site. Please do not include patient identifiers, medical record numbers, dates of birth, or diagnoses tied to identifiable individuals in the demo-request free-text field.
  • We do not collect payment card information on the marketing Site.
  • We do not knowingly collect information from children under 13 (or under 16 where applicable).

2. How we use the information

We use information you submit through the demo-request form solely to respond to your demo request and to schedule and conduct the demo. We will not send you unsolicited marketing emails based on this submission. If you wish to receive ongoing product updates, you may opt in separately at any time.

We also process the information to:

  • Detect, prevent, and respond to fraud, abuse, or security incidents
  • Comply with legal obligations

We do not use form submissions to train external machine-learning models, to enrich third-party advertising audiences, or for any purpose materially inconsistent with the reason you submitted the information.

2.1 Lawful basis for processing (GDPR / UK GDPR)

For visitors in the European Economic Area, the United Kingdom, or Switzerland: our lawful basis under GDPR Article 6(1)(a) for processing the contact and organization information you submit is your consent, indicated by your submission of the form and the consent checkbox shown at submission. For any clinical-condition data you optionally select, our additional lawful basis under GDPR Article 9(2)(a) is your explicit consent. You may withdraw your consent at any time by emailing shavoni@me.com; withdrawal does not affect the lawfulness of processing carried out before the withdrawal. Our lawful basis for retaining minimal server logs for security and abuse prevention is our legitimate interest under GDPR Article 6(1)(f).

Because the Site is not intentionally directed to EEA / UK / Swiss residents, we have not appointed an Article 27 representative. If you are an EEA / UK / Swiss data subject and have a substantive privacy question, please contact us at shavoni@me.com and we will respond directly.

3. Who we share it with

3.1 No sale of personal information

We do not sell, rent, or trade your personal information. We do not engage in “sharing” of personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”).

3.2 Subprocessors

We use a limited set of service providers to operate the Site and to receive form submissions. A current list — covering site hosting, the marketing inbox, and (when applicable) the database — is maintained at brainmeback.com/privacy/subprocessors. Each subprocessor is contractually bound to use the data only to provide the service to us, and to apply commercially reasonable security controls.

3.3 Legal disclosure

We may disclose information if compelled by valid legal process or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of BrainMeBack, our users, or the public.

3.4 Business transfers

If BrainMeBack is involved in a merger, acquisition, financing, formation of the successor entity (BrainMeBack, Inc.) and assignment of the brand and operations to that entity, or sale of assets, information collected through the Site may be transferred subject to the terms of this policy or a successor policy of equivalent protection.

4. Retention

We retain demo-request submissions for as long as reasonably necessary to respond to your inquiry and to maintain a record of our communications, and in any case for no longer than 24 months from the date of last contact. Server logs are retained for no longer than 90 days absent a security or compliance need.

Conversion to customer record. If your demo submission results in an executed BrainMeBack customer agreement, your contact information will transition to retention governed by that customer agreement and will no longer be subject to this 24-month default. We will note this transition in our records.

5. Your rights

Depending on where you reside, you may have rights to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete personal information we hold about you, subject to limited exceptions
  • Portability — receive a copy of your information
  • Restrict or object to certain processing
  • Withdraw consent at any time where processing is based on consent
  • Non-discrimination for exercising any of the above rights
  • Opt out of sale or sharing for cross-context behavioral advertising (we do not engage in this)
  • Limit Use of Sensitive Personal Information (California residents under CPRA §1798.140(ae)) — health-related information is Sensitive Personal Information; you may direct us to limit our use of it to what is reasonably necessary to provide the service
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email shavoni@me.com with the subject line “Privacy Request.” We will respond within the timeframe required by applicable law (generally 30 days under the GDPR; 45 days under the CCPA/CPRA).

Supervisory authorities. If you are a resident of the European Economic Area, the United Kingdom, or Switzerland and believe our processing of your personal information violates applicable law, you have the right to lodge a complaint with your local supervisory authority. EEA supervisory authorities are listed by the European Data Protection Board (edpb.europa.eu). The UK supervisory authority is the Information Commissioner’s Office (ico.org.uk). The Swiss authority is the Federal Data Protection and Information Commissioner (edoeb.admin.ch).

6. International transfers

BrainMeBack operates in the United States. If you access the Site from outside the United States, your information will be transferred to, processed in, and stored in the United States. For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) where required.

7. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect information submitted through the Site, including HTTPS-only delivery, access controls on form submission endpoints, and limited employee access on a need-to-know basis. If you become aware of a vulnerability, please see our responsible-disclosure policy at brainmeback.com/.well-known/security.txt or email shavoni@me.com.

8. Children’s privacy

The Site is not directed to children under 13, and we do not knowingly collect information from children under 13 through the Site.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the Effective date and Last updated fields above. For material changes, we will provide additional notice — for example, by posting a banner on the Site for at least 30 days, or by emailing individuals who have submitted demo requests in the prior 12 months.

10. Contact

Scott S. Parker, d/b/a BrainMeBack
(intended successor entity: BrainMeBack, Inc., a Delaware C-Corporation in formation)
Attn: Privacy
1151 W. 13th Street, Unit #214
Upland, CA 91786, United States
Email: shavoni@me.com

Privacy Policy · BrainMeBack