Privacy Policy

Effective Date: November 4, 2025

This Privacy Policy describes how Thebraincrew.fun collects, uses, and discloses your Personal Data when you visit or make a purchase from the website or use our services.

1. Definitions (GDPR)

  • Personal Data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

2. Personal Data We Collect

We collect various types of Personal Data for different purposes, based on your interaction with our Site and Services.

a) Information You Provide Directly to Us:

  • Account Information: When you register for an account, we collect your name, email address, and chosen password.
  • Purchase Information: When you make a purchase, we collect your name, billing address, shipping address (if applicable, for physical products not currently offered but for future reference), email address, phone number, and payment information (handled by our payment processor).
  • Communication Data: If you contact us via email, support forms, or other communication channels, we collect the content of your communication and your contact details.
  • Survey/Feedback Data: If you participate in surveys or provide feedback, we collect your responses.

b) Information Collected Automatically:

  • Usage Data: When you access and use the Site, we may automatically collect information about how you interact with our services, such as your IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages, and clickstream data.
  • Cookie Data: We use cookies and similar tracking technologies to track the activity on our Site and hold certain information. Please refer to our Cookie Policy (EU) for detailed information on how we use cookies.

3. How We Use Your Personal Data (Purposes and Legal Basis)

We process your Personal Data based on the following legal grounds and for the specified purposes:

Purpose of ProcessingType of DataLegal Basis (GDPR)
To provide and maintain our Service, including fulfilling your purchases and managing your account.Account Info, Purchase Info, Usage DataContract Performance: Necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
To process your payments and manage refunds.Purchase InfoContract Performance: Necessary for the performance of a contract with you.
To communicate with you regarding your account, purchases, or inquiries.Account Info, Communication DataContract Performance: Necessary to respond to your requests and manage our relationship.
To improve, personalize, and analyze our Services and user experience.Usage Data, Survey/Feedback DataLegitimate Interest: To understand how our services are used and to improve them, provided your data protection rights are not overridden.
To send you marketing communications (e.g., newsletters, promotions).Email AddressConsent: You have given clear consent for us to process your Personal Data for a specific purpose. You can withdraw consent at any time.
To comply with legal obligations (e.g., tax, accounting, consumer protection laws).Purchase Info, Account InfoLegal Obligation: Necessary for compliance with a legal obligation to which we are subject.
To detect, prevent, and address technical issues or fraudulent activities.Usage Data, Account InfoLegitimate Interest: To ensure the security and integrity of our services, provided your data protection rights are not overridden.

4. How We Share Your Personal Data

We may share your Personal Data with the following categories of recipients:

  • Payment Processors: We use Paddle.com as our Merchant of Record and payment processor. Your payment information and certain purchase details are shared directly with Paddle for processing transactions. Paddle’s own Privacy Policy will apply to the data they process.
  • Service Providers: We engage third-party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used. These may include hosting providers, email marketing services, analytics providers, and customer support platforms. These Service Providers have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  • Legal Compliance: We may disclose your Personal Data where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
  • With Your Consent: We may share your Personal Data with any other third party with your prior explicit consent.

5. International Data Transfers

We primarily operate within Morocco and the European Economic Area (EEA). However, our website and certain data are hosted by Hostinger, with cloud infrastructure located in the USA.

Additionally, we may use other Service Providers (e.g., analytics, email marketing) that are also located outside the EEA, including in countries that do not provide the same level of data protection as the EEA. When we transfer your Personal Data outside the EEA (such as to our hosting provider in the USA), we ensure that appropriate safeguards are in place to protect your privacy rights, such as:

  • Implementing Standard Contractual Clauses (SCCs) approved by the European Commission with Hostinger and any other relevant Service Providers.
  • Implementing supplementary technical and organizational measures where necessary to ensure data protection standards equivalent to those in the EEA.
  • Relying on specific derogations or adequacy decisions where applicable.

By using our Services, you understand and agree that your Personal Data may be transferred to and processed in countries outside the EEA, including the USA, under these safeguards.

6. Data Retention

We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by law.

  • Account Information: Retained as long as your account is active and for a period of 5 years after account inactivity or deletion, for legal and legitimate business purposes (e.g., tax records, dispute resolution).
  • Purchase Information: Retained for 10 years from the date of purchase for tax and accounting purposes, as required by Moroccan law.
  • Communication Data: Retained for as long as necessary to resolve your inquiry or for 3 years after the last interaction for legitimate interest in improving customer service.
  • Marketing Consent: Retained until you withdraw your consent.
  • Cookie Data: Retention periods for cookies are detailed in our Cookie Policy (EU).

7. Your Data Protection Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights concerning your Personal Data:

  • The Right to Access: You have the right to request copies of your Personal Data that we hold.
  • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (“Right to be Forgotten”): You have the right to request that we erase your Personal Data, under certain conditions (e.g., if the data is no longer necessary for the purposes for which it was collected).
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions (e.g., if you contest the accuracy of the data).
  • The Right to Object to Processing: You have the right to object to our processing of your Personal Data, under certain conditions (e.g., for direct marketing purposes).
  • The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The Right to Withdraw Consent: Where we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at contact@thebraincrew.fun. We will respond to your request within one month. We may ask you to verify your identity before responding to such requests.

8. Data Security

The security of your Personal Data is important to us. We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

10. Children’s Privacy

Our Services are not intended for individuals under the age of 18 (“Children”). We do not knowingly collect Personal Data from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

TheBrainCrew.fun
contact@thebraincrew.fun