Privacy Policy for Scrambled Brain

Effective Date: November 15, 2025
Last Updated: April 9, 2026

This Privacy Policy explains how River's Lab OY ("we," "us," or "our") handles information in connection with our mobile application, Scrambled Brain (the "App"), and our website, scrambledbrain.app (the "Site").

Data Controller:
Balázs Attila Szász
River's Lab OY
Kiikkulankatu 7D 28
15950 Lahti, Finland
Email: hello@scrambledbrain.app

Summary: What You Need to Know

  • ✅ Your health data never leaves your device — we cannot access it
  • ✅ You control everything — delete anytime, no accounts
  • ✅ Optional analytics are truly optional and anonymized
  • ✅ We comply with EU GDPR and Finland Data Protection Act

1. Our Core Promise

Your privacy is the foundation of everything we build. Our promise to you is simple: We cannot see, access, share, or analyze your personal health data entered into the Scrambled Brain App. Period.

This isn't just a policy — it's how we built the software. Your tracking data never leaves your device. We have no servers that store your symptoms, moods, notes, or any other health information.

2. Understanding Health Data & GDPR

Under the EU GDPR and Finland's Data Protection Act (1050/2018), health information is classified as "special category data" requiring extra protection. Because your data is stored exclusively on your device with 256-bit AES encryption, River's Lab is not a data controller or processor of your personal health tracking data. Your device itself is the storage system; you are in complete control.

3. Data Related to the Scrambled Brain App

A. Your Tracking Data (Stored On-Device Only)

Symptoms, moods, habits, and notes are stored exclusively on your device's local storage, protected with industry-standard 256-bit AES encryption. This data is never transmitted to our servers or any third party.

B. Anonymous Usage Analytics (Optional)

To help us fix bugs, with your explicit consent, we may collect anonymous usage analytics through PostHog. We collect device type, app version, and feature usage patterns, but never the content of your trackers or any health data.

C. PDF Reports (Data You Export)

When you generate and share a PDF report, that data is no longer under our control. You are responsible for how you share or store that PDF.

D. Subscription Management (Future Feature)

Scrambled Brain is currently free. Future paid features will use Apple/Google for payments and RevenueCat for subscription status management. We will never receive your payment card information.

4. Data Related to Our Website

Our website collects standard server log files (IP address, browser type, date/time) to ensure technical security and functionality. These logs are deleted after 90 days. We use essential cookies for basic functionality and analytics cookies only with your consent.

5. Your Data Rights Under GDPR

Under GDPR and Finnish law, you have rights to access, rectification, erasure, and more regarding data we process (website logs/analytics). To exercise these rights, email hello@scrambledbrain.app.

6. Data Security

We use 256-bit AES encryption for on-device data and SSL/TLS for website connections. You are responsible for protecting your device with a passcode or biometric lock.

7. Children's Privacy

Scrambled Brain is intended for users aged 16 and older. We do not knowingly collect data from children under the age of digital consent.

8. Third-Party Services

Service Purpose Location Privacy Policy
PostHog Anonymous analytics EU-based posthog.com/privacy
RevenueCat Subscription management USA (SCCs) revenuecat.com/privacy
Apple Payment processing Various apple.com/privacy

9. International Data Transfers

All primary data processing occurs within Finland and the EU. Transfers to third parties like RevenueCat use Standard Contractual Clauses (SCCs) approved by the EU Commission.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be notified via in-app notifications or email.

11. Future Features: Scrambled Brain Insights

We're developing a companion app for healthcare professionals. The core privacy promise remains: patient health data stays on the patient's device.

12. Contact Us

Questions? Email us at hello@scrambledbrain.app. If we cannot resolve an issue, you may contact the Finnish Data Protection Ombudsman at tietosuoja.fi.

Privacy Policy: An overview of data protection

General

The following gives a simple overview of what kind of personal information we collect and how we handle your data when you visit our website. Personal information is any data with which you could be personally identified.

Data collection on our website

The data collected on this website are processed by the website operator. We collect data when you provide it to us or automatically via our IT systems (technical data like browser type). You have the right to request information about your stored data and its deletion at any time.

Analytics and third-party tools

Statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. This analysis is anonymous and encrypted.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored. You also have the right to have your data corrected, blocked or deleted.