Privacy Policy
This page describes how TameMyBrain collects, uses, and protects your data. Last updated: June 2026.
Information we store
We store the account information you provide (such as your email address and name) and the content you create in TameMyBrain, including lists, tasks, habits, focus session history, and — if you enable it — health tracking data such as exercise logs, activity records, and meal notes.
Google integrations
If you connect Google Calendar or Google Tasks, we store the OAuth access and refresh tokens needed to sync your data. These tokens are used exclusively to read and write the calendar events or tasks you choose to connect. We do not access any Google data beyond the specific scopes you authorize, and we comply with the Google API Services User Data Policy, including its Limited Use requirements.
How we use your data
Your data is used solely to provide the TameMyBrain service to you. We do not sell, rent, or share your data with third parties for advertising or any other purpose.
Data protection mechanisms
We employ the following measures to protect your data:
- Encryption in transit. All communication between your browser and TameMyBrain is encrypted using HTTPS/TLS. OAuth tokens exchanged with Google are transmitted exclusively over encrypted connections.
- Encryption at rest. Sensitive credentials — including OAuth access tokens, refresh tokens, and session secrets — are stored in an encrypted database and are never written to logs or exposed in application responses.
- Session security. User sessions are managed with cryptographically signed, HTTP-only cookies that are not accessible to client-side scripts.
- Access controls. Each user's data is scoped to their account. Server-side authentication is enforced on every request; no user can access another user's data.
- Minimal data collection. We collect only the data necessary to operate the service. Google API scopes are requested at the minimum level required for each feature.
- Token handling. Google OAuth tokens are refreshed automatically and never transmitted to the client. Refresh tokens are stored server-side only.
Sensitive data
Health tracking data (exercise logs, meals, and activity records) is considered sensitive personal information. This data is stored exclusively in your account, is never shared with third parties, and is accessible only to you when authenticated. You can disable health tracking and delete your health data at any time from your profile settings.
Data retention
Your data is retained until you delete it or close your account. You can disconnect Google integrations, disable specific features, or request full account deletion at any time by contacting us.
Your rights
You have the right to access, correct, or delete the personal data we hold about you. To exercise these rights or ask questions about how your data is handled, please contact us.
Contact
Questions about this policy? Reach out at support@tamemybrain.com.