iberbrain

iberbrain

Iberbrain App

Privacy Policy - Iberbrain App

Last Updated: June 2026

Use of the Iberbrain application is subject to the reading and acceptance of this Privacy Policy.

1. INTRODUCTION

Protecting the privacy and personal data of users is a priority for Iberbrain.

This Privacy Policy explains how personal data is collected, used, stored, and protected when using the Iberbrain application, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and other applicable legislation.

Iberbrain is a cognitive training and mental stimulation application.

The application is not a medical device and does not replace assessment, diagnosis, advice, or treatment provided by healthcare professionals.

By creating an account and using the application, the user acknowledges that they have read and understood this Privacy Policy.

2. DATA CONTROLLER

Data Controller

Susana Coutinho, founder and person responsible for the Iberbrain application.

Contact email: iberbrain@gmail.com

The Data Controller determines the purposes and means of processing personal data collected through the application.

3. DATA COLLECTED

To provide the services of the application, the following data may be collected and processed:

Identification Data
  • Name or pseudonym;
  • Email address.
Application Usage Data
  • History of completed exercises;
  • Application usage time;
  • Favorite exercises;
  • Information necessary to continue practice (for example, the last completed exercise);
  • Anonymous or aggregated usage statistics may also be generated to improve the application and monitor service performance.
Technical and Security Data
  • Authentication records;
  • Date and time of access;
  • Technical information necessary to protect the application and prevent misuse;
  • Technical logs related to the operation of the services.

4. HEALTH DATA

The Iberbrain application is intended for cognitive training exercises through the RGM Method.

The application does not collect medical diagnoses, symptoms, clinical assessment results, therapy reports, or other special categories of health data as defined under Article 9 of the GDPR.

The application does not create user profiles intended to assess, predict, or monitor the user's health condition.

The information recorded by the application relates exclusively to the use of exercises and application features and is used solely to ensure continuity of the user experience and the proper functioning of the service.

5. PURPOSES OF PROCESSING

The collected data is used for the following purposes:

  • Creating and managing user accounts;
  • Secure authentication and access to the application;
  • Providing application features and services;
  • Ensuring continuity and personalization of the user experience;
  • Generating application usage statistics;
  • Ensuring the security, integrity, and availability of systems;
  • Responding to user support requests;
  • Complying with legal obligations.

6. LEGAL BASIS FOR PROCESSING

Personal data is processed based on the following legal grounds under the GDPR:

Performance of a Contract

(Article 6(1)(b))

Processing is necessary to provide the services requested by the user.

Consent

(Article 6(1)(a))

Where applicable, for specific functionalities or communications that require the user's consent.

Legitimate Interests

(Article 6(1)(f))

To ensure system security, prevent fraud, protect the application, and improve service performance.

7. DATA STORAGE AND SECURITY

Iberbrain implements appropriate technical and organizational measures to protect personal data against loss, destruction, unauthorized access, alteration, or disclosure.

These measures include, among others:

  • Secure HTTPS/TLS encrypted communications;
  • Authentication through single-use Magic Links;
  • Restriction of data access to authorized persons only;
  • Regular updates of systems and security components;
  • Access to personal data is granted in accordance with the principle of least privilege and only where necessary for operational purposes;
  • Monitoring of security-related events;
  • Periodic backups;
  • Security incident management procedures.

Data is stored on protected technological infrastructures subject to appropriate security measures.

Although reasonable efforts are made to safeguard personal data, no information system can guarantee absolute security. Iberbrain continuously works to reduce risks associated with data processing.

8. PASSWORDLESS AUTHENTICATION

To promote accessibility and simplify the user experience, access to the application is provided through Magic Links sent to the user's email address.

Each access link:

  • Is unique to the user;
  • Can only be used once;
  • Has limited validity;
  • Expires automatically after a short period of time.

9. DATA RETENTION

Personal data will be retained for as long as the user account remains active or for as long as necessary to fulfill the purposes described in this policy.

Following an account deletion request:

  • Data will be removed from active systems;
  • The user will have a 30-day grace period to cancel the deletion request;
  • Backup copies may temporarily retain certain information during the normal backup retention cycle and will subsequently be deleted automatically.

Certain technical logs may be retained for longer where required for security, fraud prevention, or legal compliance.

10. SHARING OF PERSONAL DATA

Iberbrain does not sell or commercially exploit personal data.

Data may only be shared when necessary with:

  • Hosting and infrastructure service providers;
  • Email delivery service providers;
  • Technical support service providers;
  • Public authorities when legally required.

All processors operate under confidentiality obligations and data protection commitments consistent with the GDPR.

11. INTERNATIONAL DATA TRANSFERS

Data is stored, whenever possible, within infrastructures located in the European Union.

If any service provider carries out international data transfers, such transfers will only take place under appropriate safeguards as required by applicable data protection laws.

12. USER RIGHTS

Under applicable legislation, users may exercise the following rights:

  • Right of access;
  • Right to rectification;
  • Right to erasure;
  • Right to restriction of processing;
  • Right to object;
  • Right to data portability;
  • Right to withdraw consent at any time where processing is based on consent.
  • Right not to be subject to a decision based solely on automated processing, where applicable.

13. EXERCISING YOUR RIGHTS

Requests concerning personal data may be submitted through the mechanisms available within the application or by contacting the email address provided in this policy.

Changes to personal data may require renewed authentication for security purposes.

Account deletion requests will be processed in accordance with internal security and data retention procedures.

14. PERSONAL DATA BREACHES

In the event of a personal data breach that may pose a risk to the rights and freedoms of users, Iberbrain will follow the procedures required by applicable law, including notification to the competent supervisory authorities and affected users where necessary.

15. RIGHT TO LODGE A COMPLAINT

Users have the right to lodge a complaint with the competent data protection supervisory authority in their country of residence or in the country where they believe an infringement has occurred.

16. CHANGES TO THIS PRIVACY POLICY

Iberbrain may update this Privacy Policy whenever necessary to reflect legal, technical, or operational changes.

Whenever significant changes are made, users will be informed through the application or by email.

The date of the latest update will always be indicated at the beginning of this document.

17. CONTACT

For any questions regarding this Privacy Policy or the processing of your personal data, please contact:

Susana Coutinho

Founder, Creator and Data Controller of Iberbrain.

📧 iberbrain@gmail.com