BeadBrain Learning operates the BeadBrain abacus education app.

Country: Netherlands

Contact: hello@beadbrain.app

We are the Data Controller for the purposes of GDPR.

Parent/guardian account

• Email address — for login and account management
• Display name — shown in the app
• Password — stored as a secure hash, never in plain text

Child profile data

• Child first name or nickname (chosen by parent)
• Age range (not exact date of birth)
• Learning mode preference

Learning and usage data

• Lesson completion records and quiz scores
• XP, level, streak, diamond balance
• Badges and shop purchases
• Weekly activity for screen time controls

Payment data

We use Stripe to process payments. We never store card numbers or banking details. Stripe is PCI-DSS compliant.

What we do NOT collect

• We use no advertising or tracking cookies
• We use no third-party analytics
• We do not collect children's email addresses
• We do not collect photos or biometric data

BeadBrain is designed for children aged 4–10 under parental supervision. We are fully committed to child safety online.

• Only the parent/guardian's email is collected — not the child's
• Child usernames contain no identifying information
• There is no direct messaging between children
• The friend system is opt-in and username-only
• Parents can view, edit, or delete all child data from the Parent Dashboard
• Parental consent is required when creating a child profile

• To create and manage your account
• To track and display your child's learning progress
• To process subscription payments
• To allow optional social features within private friend groups
• To enforce parental controls you have set

We never use your data for advertising, profiling, or sell it to third parties. Ever.

We share data only with essential service providers:

• Supabase — database and authentication, EU-hosted, GDPR compliant
• Stripe — payment processing, PCI-DSS certified
• Netlify — hosting infrastructure

We never share data with advertisers, data brokers, or marketing companies.

Under GDPR you have the right to:

• Access — request a copy of all data we hold
• Rectification — correct inaccurate data
• Erasure — request deletion of your account and all data
• Portability — receive your data in a machine-readable format
• Object — to processing based on legitimate interests

Email hello@beadbrain.app to exercise any of these rights. We respond within 30 days.

• All data is transmitted over HTTPS (TLS encryption)
• Passwords are hashed — never stored in plain text
• Database access is protected by Row-Level Security
• Payment data never touches our servers

• Account data — retained while your account is active
• Deleted accounts — all personal data removed within 30 days
• Payment records — retained 7 years (Dutch tax law)

We use only essential session cookies required for login. No advertising, analytics, or tracking cookies are used.

Privacy questions: hello@beadbrain.app

You have the right to lodge a complaint with the Dutch Data Protection Authority: autoriteitpersoonsgegevens.nl