🦷 BrushBucks Privacy Policy

Last Updated: December 5, 2025

1. Introduction

BrushBucks ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard information when you use our mobile application (the "App").

2. Information We Collect

Personal Information

• Account Information: Parent's email address, name, and password.
• Child Profiles: Child's name or nickname, age, and avatar selection.
• Brushing Data: Session duration, quality metrics, timestamps, and toothbrush motion data.
• Verification Photos (Optional): Encrypted face-only photos for session verification.
  • No biometric identifiers or faceprints are generated or stored.
  • Auto-deleted after 48 hours.
  • Only parents can decrypt these photos. BrushBucks never has access to the decryption key.
• Device Information: Bluetooth toothbrush connection data and push notification tokens.
• AI Coaching Data: Session feedback history and brushing-learning profiles (if AI coaching is enabled).
  Used only for brushing guidance, not for behavioral profiling or advertising.

Automatically Collected Information

• Device type, operating system, and app version
• Crash logs and performance diagnostics
• Session timestamps and usage frequency
• Gamification data (XP, streaks, achievements, bug collection)
• No precise geolocation data is collected.

3. How We Use Your Information

• Provide and maintain the BrushBucks service
• Verify brushing sessions using encrypted photos (if enabled)
• Train and deliver personalized brushing feedback via AI coaching
• Track brushing progress and generate gamification elements
• Calculate and distribute rewards (BrushBucks currency)
• Send reminders, notifications, and parental alerts
• Process in-app purchases and manage subscriptions
• Improve app performance and user experience
• Communicate with you about your account or support requests
• We do not use your data for marketing or advertising.

4. Data Sharing and Disclosure

We do not sell your personal information. Data is shared only with:

• Service Providers:
  • Supabase (database and encrypted storage) — Privacy Policy
  • Expo (app infrastructure and notifications) — Privacy Policy
  • Apple (payments and push notifications) — Privacy Policy
  • Groq (optional AI coaching) — Privacy Policy
• Legal Requirements: If necessary to comply with law or protect safety.
• Family Accounts: Parents can view their children's brushing data and verification photos.

5. Children's Privacy (COPPA Compliance)

• BrushBucks is parent-managed. Children cannot create accounts.
• Only minimal data is collected about children (name, age, brushing data).
• Optional face-only verification photos are encrypted and deleted after 48 hours.
• No ads, no social features, and no public profiles.
• Parents may view, export, or delete all child data at any time.
• AI coaching can be enabled or disabled by the parent.

6. Data Security

• All data transmitted via HTTPS/TLS
• Verification photos encrypted using AES-256 on-device before upload
• Only parents have the decryption key; BrushBucks cannot view photos
• Supabase Auth secures accounts with hashed passwords
• Row-Level Security ensures families access only their own data
• Encryption keys stored securely in iOS Keychain / Android Keystore
• Regular security reviews and updates

7. Data Retention

• Verification Photos: Deleted automatically after 48 hours and cannot be recovered.
• Brushing Sessions: Stored while the account is active.
• Active Accounts: Data retained during service usage.
• Account Deletion: All personal data removed within 30 days.
• Backups: May remain encrypted for up to 90 days.

8. Your Rights

• Access your information
• Request corrections
• Request deletion of account and all data
• Export your data (feature coming soon)
• Opt out of optional communications
• Disable camera, Bluetooth, or notifications at any time

9. Third-Party Services

BrushBucks connects only with secure third-party providers:

• Supabase — database, authentication, encrypted storage
• Expo — app framework and push notifications
• Apple — payments and notifications
• Groq — AI coaching (optional)

Important: Verification photos are encrypted before upload. Supabase stores only encrypted blobs and has no ability to decrypt them.

10. App Permissions

• Bluetooth: For smart toothbrush tracking only. No data shared with third parties.
• Camera (optional):
  • Used only for brushing verification
  • No videos or room backgrounds captured
  • No biometrics or facial templates created
  • Encrypted on device before upload
  • Auto-deleted after 48 hours
• Notifications: For reminders and session approvals.

11. International Users

BrushBucks operates in the United States. By using the App, you consent to processing in the U.S., which may differ from your local privacy laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated through the App or via email. Continued use of BrushBucks constitutes acceptance of the revised policy.

13. Contact Us

© 2025 BrushBucks (Kickstart AI LLC). All rights reserved.
Home | Terms of Service | Support