BrainLog BrainLog
Get started

Privacy Policy

Last updated: March 17, 2026

TL;DR

  • E2E encryption: We can't read your encrypted content.
  • No tracking: No ads, no analytics, no data sharing.
  • Your data: Export anytime, delete anytime.
  • Swiss hosted: Strong privacy laws, GDPR-adequate.

End-to-End Encryption

BrainLog offers optional end-to-end encryption (E2EE) for folders containing sensitive information:

  • Client-side encryption: Content is encrypted in your browser before reaching our servers using XSalsa20-Poly1305 symmetric encryption with X25519 key exchange.
  • Your passphrase, your keys: Your encryption passphrase never leaves your device. It derives a key using Argon2id to protect against brute-force attacks.
  • Zero-knowledge: We store only encrypted ciphertext. Without your passphrase, the data is unreadable — even to us.

Important: If you forget your encryption passphrase, we cannot recover your encrypted data.

What We Collect

We collect the minimum data necessary to provide the service:

  • Email address: For account authentication and important notifications.
  • Password: Stored as a secure bcrypt hash.
  • Notes & project content: Core service functionality. Optional E2EE available.
  • Payment information: Handled securely by Stripe. We never see your full card number.

What We Don't Collect

  • No analytics trackers (no Google Analytics, no Mixpanel)
  • No advertising IDs or device fingerprinting
  • No content scanning or data mining
  • No location tracking
  • No third-party cookies

Data Storage & Security

  • Swiss hosting: All data stored in Switzerland (Infomaniak), recognized by the EU as providing adequate data protection.
  • Encrypted at rest: Server disks use full-disk encryption.
  • Encrypted in transit: All connections use TLS 1.3.
  • Access controls: No employee can access your encrypted content.

Your Rights (GDPR)

  • Access: Export all your data to Markdown anytime.
  • Rectification: Edit your information directly in the app.
  • Erasure: Delete your account and all data permanently.
  • Portability: Standard Markdown format, usable anywhere.

Third-Party Services

We use minimal third-party services:

We do not sell, rent, or share your data with any third party for marketing purposes.

Cookies

We use only essential cookies:

  • Session cookie: Keeps you logged in.
  • CSRF token: Security measure.
  • Theme preference: Light/dark mode choice.

Contact

For privacy questions: contact@brainlog.net