Privacy Policy
1. Introduction
2. Information We Collect
2.1 Information from Google Sign-In
We use Google OAuth 2.0 for authentication only. When you sign in with Google, we receive:
- Your name and email address
- Your Google profile picture
- Your Google account ID
We do not request or access any other Google account data beyond basic profile information. To revoke BrainPay's access to your Google account, visit Google Account Permissions and remove BrainPay from the list of connected apps.
2.2 Profile & Location Data
- Location data: pincode, area, city, state, latitude, longitude (captured once at profile setup via browser geolocation)
- Profile data: name, email, house number/address
- Device and session information
2.3 Usage & Transaction Data
- Video watch history and percentage completion
- Coin earn and redemption history
- Wallet top-up and recharge transaction records
3. How We Use Your Information
- Account creation and authentication via Google Sign-In
- Awarding coins for completing financial literacy videos hosted on our own platform
- Processing wallet top-ups via Razorpay and recharge payments via MyPayStore
- Location used solely for profile setup and service area determination — not for tracking or advertising
- Fraud prevention and single-session enforcement
- Admin review of new user registrations
- Sending OTP messages for authentication (via SmartPing SMS)
- Improving our platform and customer support
- Complying with applicable legal obligations
4. Google API Services
BrainPay uses Google OAuth 2.0 solely for sign-in authentication. We request only basic profile scopes (name, email, profile picture) — no sensitive or restricted Google API scopes are requested. Our use of Google Sign-In is subject to the Google Privacy Policy.
BrainPay's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. Video Watch Data
6. Coin Wallet and Recharge
7. Location Data
8. Data Sharing
- Razorpay — payment processing for wallet top-ups
- MyPayStore — recharge API provider for mobile and utility recharges
- SmartPing — SMS provider for OTP delivery
- Legal authorities — if required by law, court order, or government authority
9. Data Retention
10. Data Security
11. Children's Privacy
12. User Rights
- Right to request access to your personal data
- Right to request correction of inaccurate data
- Right to request deletion of your account and data
- Right to withdraw Google Sign-In access via Google Account settings