Version: 6.0 · Effective Date: June 15, 2026 · Last Updated: June 15, 2026
bitHeads Inc. (“brainCloud”, “we”, “our”, or “us”) is committed to protecting privacy and handling personal information responsibly, transparently, and in accordance with applicable privacy and data protection laws.
brainCloud provides a cloud-based Backend-as-a-Service (“BaaS”) platform that enables developers, studios, publishers, educational institutions, enterprises, and other organizations to build, operate, scale, and manage games, applications, digital services, and online experiences.
This Privacy Policy explains how brainCloud collects, uses, processes, stores, discloses, and protects personal information in connection with the brainCloud website, customer accounts, the Services, AI features, and communications with brainCloud.
brainCloud maintains a Trust Center at https://getbraincloud.com/trust/ that may provide information regarding:
The Trust Center may be updated from time to time.
This Privacy Policy applies to personal information processed by brainCloud in connection with the Services.
This Policy applies to website visitors, prospective customers, customers, authorized users, end users of applications utilizing brainCloud, and individuals who communicate with brainCloud.
Where customer applications utilize brainCloud to process personal information on behalf of customers, brainCloud may act solely as a processor or service provider under applicable privacy laws.
For purposes of this Privacy Policy:
“AI Inputs” means prompts, instructions, content, data, files, messages, queries, requests, and other materials submitted to AI Services.
“AI Outputs” means responses, recommendations, analyses, summaries, classifications, content, and other results generated by AI Services.
“Authorized User” means an individual authorized by a Customer to access or use the Services.
“Customer” means an individual or organization that accesses or uses the Services.
“Customer Data” means information submitted, stored, transmitted, or otherwise processed by a Customer through the Services.
“End User” means an individual who accesses, uses, or interacts with a Customer Application.
“End User Data” means information relating to End Users processed through the Services on behalf of Customers.
“Personal Information” means information relating to an identified or identifiable individual, including personal data where applicable.
“Processor” includes processor, service provider, or equivalent role under applicable privacy laws.
“Controller” includes controller, business, or equivalent role under applicable privacy laws.
“Services” means the brainCloud platform, products, services, APIs, SDKs, websites, portals, and related offerings.
“Subprocessor” means a third party engaged by brainCloud to process personal information on behalf of brainCloud.
brainCloud acts as a controller when determining the purposes and means of processing personal information, including website, billing, marketing, support, and operational data.
brainCloud acts as a processor when handling personal information on behalf of customers through the Services.
Customers are responsible for privacy notices, legal bases, consent requirements, data subject requests, and compliance with applicable privacy laws.
Where required by law, the brainCloud Data Processing Agreement governs processing performed on behalf of customers.
brainCloud does not sell personal information and does not use Customer Data, End User Data, AI Inputs, or AI Outputs to train artificial intelligence or machine learning models.
brainCloud may collect, receive, generate, or otherwise process information in connection with the Services.
brainCloud may collect information directly from individuals, including name, company name, job title, mailing address, email address, telephone number, account credentials, support requests, communications with brainCloud, and other information voluntarily provided.
brainCloud may collect account identifiers, subscription information, support plan information, administrative user information, account preferences, authentication settings, and account activity records.
brainCloud may collect billing addresses, payment information, transaction records, invoices, tax-related information, subscription history, and payment status information.
Customers may use brainCloud to process usernames, player identifiers, authentication credentials, email addresses, profile information, gameplay information, application usage information, purchase information, communication records, device identifiers, and other information submitted through customer applications.
The categories of End User Data processed through the Services are determined by Customers and may vary significantly depending on application design, configuration, customer choices, and user interactions.
brainCloud may collect IP addresses, browser information, operating system information, device identifiers, application version information, network information, language preferences, crash reports, and diagnostic information.
brainCloud may collect API usage metrics, service utilization information, authentication activity, feature usage, administrative activity, performance metrics, support interactions, and operational logs.
brainCloud may use cookies, pixels, local storage technologies, software development kits, and similar technologies to operate the Services and improve functionality.
brainCloud may receive information from identity providers, social login providers, payment processors, analytics providers, marketing partners, cloud providers, and other service providers.
brainCloud does not intentionally require or request Customers to submit special categories of personal information, sensitive personal information, or similar regulated categories of information unless necessary for a Customer’s use case and permitted by applicable law.
Customers remain responsible for determining whether such information is processed through the Services and for complying with applicable legal requirements.
brainCloud may use information to create and manage accounts, authenticate users, provide requested Services, maintain customer environments, process transactions, provide support, and fulfill contractual obligations.
brainCloud may use information to operate the Services, maintain availability, monitor performance, diagnose issues, troubleshoot problems, maintain backups, and support business continuity activities.
brainCloud may process information to detect threats, prevent fraud, investigate abuse, identify unauthorized activity, protect customer environments, enforce policies, and maintain platform integrity.
brainCloud may use information to communicate regarding customer accounts, support matters, billing matters, operational notifications, service announcements, security notifications, and marketing communications where permitted by law.
brainCloud may use information to analyze service usage, evaluate performance, improve functionality, develop new features, improve reliability, improve security, and improve user experience.
brainCloud may process information to comply with legal obligations, respond to lawful requests, satisfy regulatory requirements, enforce agreements, resolve disputes, and establish, exercise, or defend legal claims.
Where AI Services are utilized, brainCloud may process information necessary to receive AI Inputs, generate AI Outputs, provide AI functionality, monitor service quality, maintain security, and support AI-related operational requirements.
brainCloud does not use Customer Data, End User Data, AI Inputs, or AI Outputs to train artificial intelligence or machine learning models.
Where required by applicable law, brainCloud processes personal information based upon performance of a contract, compliance with legal obligations, legitimate interests, consent, and other lawful bases recognized under applicable law.
brainCloud may make artificial intelligence, machine learning, large language model, generative AI, recommendation, classification, and other AI-powered functionality available through the Services.
Customers and Authorized Users may submit prompts, instructions, content, data, files, messages, queries, requests, and other materials to AI Services.
AI Services may generate responses, recommendations, analyses, summaries, classifications, content, or other results.
brainCloud processes AI Inputs and AI Outputs solely for purposes including providing AI Services, generating requested responses, maintaining service functionality, monitoring service quality, maintaining security, preventing abuse and fraud, troubleshooting, and complying with legal obligations.
brainCloud does not use Customer Data, End User Data, AI Inputs, or AI Outputs to train artificial intelligence or machine learning models.
Where AI Services are provided through approved third-party providers, brainCloud will configure such services to prohibit model training using Customer Data, End User Data, AI Inputs, or AI Outputs where such controls are supported by the applicable provider.
brainCloud will not direct third-party providers to use Customer Data, End User Data, AI Inputs, or AI Outputs for model training purposes unless explicitly directed by the applicable Customer.
brainCloud may utilize approved third-party AI providers and maintains information regarding applicable providers through its Subprocessor List or Trust Center.
AI Inputs and AI Outputs may be retained for periods reasonably necessary to provide the Services, maintain security, investigate incidents, troubleshoot issues, comply with legal obligations, and satisfy operational requirements.
Customers remain responsible for determining whether personal information is submitted to AI Services and for complying with applicable privacy laws.
AI Services may generate inaccurate, incomplete, misleading, outdated, biased, or unexpected results.
brainCloud may share information with service providers, subprocessors, contractors, consultants, and partners that assist in providing, operating, securing, maintaining, supporting, or improving the Services.
Where brainCloud acts as a processor on behalf of a customer, information may be disclosed in accordance with customer instructions and applicable agreements.
brainCloud may disclose information in connection with mergers, acquisitions, financing transactions, reorganizations, asset sales, or similar business transactions.
brainCloud may disclose information where reasonably necessary to comply with legal obligations, court orders, governmental requests, or to protect legal rights.
brainCloud may disclose information to prevent fraud, investigate abuse, protect security, enforce agreements, maintain platform integrity, and protect individuals or organizations.
brainCloud may create, use, disclose, publish, and otherwise process aggregated, anonymized, or de-identified information.
brainCloud does not sell your personal information and does not share your personal information for cross-context behavioral advertising. brainCloud also does not knowingly sell or share the personal information of individuals under 16 years of age.
Certain U.S. state privacy laws, including the California Consumer Privacy Act as amended (the “CCPA”), give consumers the right to opt out of the “sale” of personal information and the “sharing” of personal information for cross-context behavioral advertising. Under these laws, “sale” means disclosing personal information in exchange for monetary or other valuable consideration, and “sharing” means disclosing personal information for cross-context behavioral advertising, whether or not for payment.
brainCloud honors opt-out preference signals, including the Global Privacy Control (GPC), as a valid request to opt out of the sale and sharing of personal information for the browser or device from which the signal is sent. Because these signals are tied to a browser or device rather than to an individual, brainCloud may not be able to associate the signal with a specific account; where you are logged in, brainCloud will apply the opt-out to your account to the extent feasible.
brainCloud does not use or disclose sensitive personal information for purposes other than those permitted under applicable law, and therefore is not required to offer a right to limit its use. brainCloud does not use sensitive personal information for the purpose of inferring characteristics about you.
You may use an authorized agent to submit an opt-out request on your behalf. brainCloud will not discriminate against you for exercising any of your privacy rights, including by denying services, charging different prices, or providing a different level or quality of service.
brainCloud operates internationally and may process information in multiple jurisdictions.
Personal information may be transferred to, processed in, stored in, or accessed from countries outside the jurisdiction in which it was originally collected.
Where required by applicable law, brainCloud implements safeguards designed to protect personal information transferred across borders.
Such safeguards may include:
The specific safeguards utilized may vary depending on the nature of the transfer, applicable legal requirements, and operational circumstances.
Certain Services may permit customers to select hosting regions or deployment models.
Information regarding subprocessors involved in processing personal information is maintained through the brainCloud Subprocessor List and Trust Center.
brainCloud maintains administrative, technical, and organizational safeguards designed to protect personal information.
brainCloud maintains a security program designed to protect confidentiality, integrity, and availability of information.
brainCloud may implement access controls, authentication controls, encryption technologies, network security controls, monitoring systems, logging systems, backup and recovery mechanisms, vulnerability management processes, incident response procedures, and employee security training.
brainCloud utilizes encryption technologies designed to protect information during transmission and, where applicable, during storage.
The specific encryption methods utilized may vary depending on the Services, deployment model, customer configuration, and operational requirements.
Access to personal information is restricted to authorized personnel and approved service providers with a legitimate business need.
brainCloud may monitor systems and services to identify threats, investigate incidents, prevent abuse, and maintain platform integrity.
brainCloud maintains procedures for identifying, investigating, responding to, mitigating, and remediating security incidents.
Where required by applicable law, contractual obligations, or applicable agreements, brainCloud will provide notifications regarding qualifying security incidents within commercially reasonable timeframes after becoming aware of such incidents.
Notification timing may vary depending on the nature of the incident, legal requirements, customer configuration, and operational circumstances.
Customers are responsible for securing their applications, managing permissions, protecting credentials, and complying with applicable security obligations.
No security measure can guarantee complete protection against all risks.
brainCloud retains personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy.
Retention periods may vary depending on legal requirements, contractual obligations, operational requirements, security considerations, and legitimate business purposes.
Retention periods are generally determined by customer instructions, agreements, legal obligations, and operational requirements.
brainCloud may retain account information, billing information, support records, and related business records as necessary.
brainCloud may retain logs, diagnostics, monitoring information, security records, and operational information.
Information may continue to exist within backup systems, disaster recovery environments, archival systems, logs, or restoration media for reasonable periods following deletion from active systems.
brainCloud may retain such information for security, operational, business continuity, legal, compliance, and recovery purposes
AI Inputs, AI Outputs, and AI-related operational information may be retained as reasonably necessary to provide AI Services.
brainCloud may delete, anonymize, aggregate, de-identify, or otherwise remove information when retention is no longer required.
brainCloud may retain information where necessary to comply with legal obligations or preserve evidence.
Individuals may have rights regarding personal information depending on applicable law.
Individuals may request access to personal information maintained by brainCloud.
Individuals may request correction of inaccurate or incomplete personal information.
Individuals may request deletion of personal information where permitted by law.
Individuals may request restrictions on certain processing activities.
Individuals may object to certain processing activities.
Individuals may request copies of certain personal information in a structured format.
Where processing is based on consent, individuals may withdraw consent at any time.
Individuals may opt out of marketing communications.
Requests relating to customer-controlled data should generally be directed to the applicable customer.
brainCloud supports applicable privacy rights under GDPR, UK GDPR, Canadian privacy laws, Quebec Law 25, California privacy laws, and other applicable laws.
Requests regarding privacy rights may be submitted using the contact methods identified in this Privacy Policy.
brainCloud may require verification of identity, authority, or relationship to the applicable information before fulfilling requests.
Certain rights may be limited, unavailable, or subject to exceptions under applicable laws.
Where permitted by law, individuals may designate authorized representatives to submit requests on their behalf.
Where brainCloud acts as a Processor on behalf of a Customer, brainCloud may assist Customers in responding to privacy rights requests to the extent required by applicable law, contractual obligations, or applicable agreements.
brainCloud recognizes the importance of protecting children’s privacy.
Customers are responsible for determining whether their applications are directed toward children and for complying with applicable legal requirements.
Customers remain responsible for determining the legal basis for processing children’s information and obtaining required permissions.
brainCloud may provide functionality that assists customers in supporting compliance obligations.
Individuals who believe information relating to a child has been processed improperly may contact brainCloud.
Customers remain responsible for evaluating and complying with applicable children’s privacy laws and regulations, including where applicable:
brainCloud may use cookies, pixels, local storage technologies, SDKs, web beacons, and similar technologies to operate, secure, maintain, and improve the Services.
brainCloud may utilize strictly necessary cookies, functional cookies, performance and analytics cookies, security-related cookies, and other technologies described in the Cookie Policy.
Customers may independently utilize cookies, tracking technologies, analytics tools, advertising technologies, or similar technologies within their applications.
Individuals may manage cookie preferences through browser settings, device settings, consent management tools, or other available mechanisms.
Additional information regarding cookies and tracking technologies is available in the brainCloud Cookie Policy.
brainCloud may engage subprocessors, service providers, contractors, and affiliates to support operation of the Services.
brainCloud requires subprocessors that process personal information on its behalf to be subject to appropriate contractual obligations.
brainCloud maintains an up-to-date Subprocessor List through the brainCloud Trust Center or other designated location.
brainCloud may add, remove, or replace subprocessors from time to time.
Where required by applicable law, contractual obligations, or applicable agreements, brainCloud may provide notice of material subprocessor changes
brainCloud may modify this Privacy Policy from time to time to reflect changes in the Services, legal requirements, business practices, technology, security practices, and other developments.
The current version of this Privacy Policy will identify its effective date and last updated date.
Where changes are material, brainCloud may provide notice through the Services, administrative dashboards, email communications, website notices, or other reasonable means.
Continued use of the Services following the effective date of an updated Privacy Policy constitutes acknowledgment of the revised Privacy Policy to the extent permitted by law.
Questions, concerns, requests, or complaints relating to this Privacy Policy or brainCloud’s privacy practices may be directed to brainCloud at <pr*****@***********ud.com>.
Individuals seeking to exercise privacy rights may submit requests using methods designated by brainCloud.
Where brainCloud processes personal information solely on behalf of a customer, individuals may be directed to the applicable customer.
Suspected security vulnerabilities, privacy incidents, or concerns regarding unauthorized processing may be reported through brainCloud at <se******@***********ud.com>.
brainCloud will cooperate with lawful inquiries from applicable regulatory authorities.
brainCloud has designated personnel responsible for overseeing privacy compliance and privacy-related inquiries.
Privacy-related requests may be directed through the contact channels identified by brainCloud.
Individuals located in Quebec may contact the Person Responsible for Personal Information regarding privacy-related concerns.
Individuals who believe their privacy rights have been violated may submit complaints to brainCloud.
Where applicable, individuals may also have the right to lodge complaints with relevant supervisory authorities, privacy regulators, or governmental agencies.
We’ll get back to you as soon as we can.
