WonderBrain
Sign inGet started

Privacy Policy

Last updated 13 May 2026

Wonderbrain Enterprises ("WonderBrain", "we", "us") respects your privacy. This policy explains what personal information we collect, why we collect it, and your rights. We comply with the Australian Privacy Principles ("APPs") under the Privacy Act 1988 (Cth) and, where applicable, the EU/UK GDPR.

1. Information we collect

  • Account information: name, email, password hash, role (parent or practitioner), avatar.
  • Practitioner profile: practice name, profession, logo, brand colour, footer text.
  • Child profiles you create: first name, age, pronouns, interests, sensory profile, neurotype tags, and notes you choose to add. Provide minimum information necessary.
  • Generated content: the prompts, customisations, and printable images generated for you.
  • Usage and technical data: log data, error reports, generation counts, IP address, device and browser information.
  • Billing data: handled by Stripe — we store only a customer reference, plan, status, and renewal date.

2. How we use it

  • To provide the Service, generate Outputs, and personalise resources for the child profile you choose.
  • To enforce quotas, prevent abuse, and detect security incidents.
  • To send transactional emails (account, password, billing, generation completion).
  • To improve the Service through aggregate analytics. We do not train AI models on your child's data.

3. Legal bases (EU/UK users)

We process personal data on the bases of contract performance (delivering the Service), legitimate interest (security, service improvement), legal obligation (tax, accounting), and consent (where requested, e.g. marketing).

4. Children's data

Child profiles are created and managed by a parent, guardian, or treating practitioner with informed consent. Children do not interact with the Service directly and do not have accounts. You are responsible for the lawfulness of providing a child's information.

5. Sub-processors

  • Lovable Cloud (Supabase Inc.) — hosting, database, authentication, file storage.
  • Kie.ai — AI image generation. Prompts and customisations are sent to generate the requested Output.
  • Stripe — payment processing.
  • Email provider — transactional email delivery.

These providers may store data outside Australia. We choose providers with appropriate security and contractual safeguards.

6. Retention

  • Account, child profiles, and printables are retained while your account is active.
  • If you delete your account, we delete your personal data within 30 days, except where law requires retention (e.g. tax records up to 7 years).
  • Aggregate, de-identified analytics may be retained indefinitely.

7. Your rights

  • Access — request a copy of your data.
  • Correction — update inaccurate data via settings or by contacting us.
  • Deletion — delete your account from settings, or contact us. EU/UK users have GDPR erasure rights.
  • Portability — request export of your data in a machine-readable format.
  • Complaint — to the Office of the Australian Information Commissioner (OAIC), or your local data protection authority.

8. Security

We use HTTPS, encrypted storage at rest, scoped database access (Row Level Security), and limit staff access. No system is perfectly secure; you are responsible for keeping your password safe.

9. Breach notification

If we become aware of an eligible data breach likely to result in serious harm, we will notify the OAIC and affected users in accordance with the Notifiable Data Breaches scheme.

10. Cookies

We currently use only essential cookies required to keep you signed in and protect against abuse. See our Cookies notice for details. We will update this policy and ask for consent before introducing analytics or tracking cookies.

11. Changes

We will post material changes here and notify you by email at least 14 days before they take effect.

12. Contact

Privacy questions or requests: privacy@wonderbrain.app or our contact page. Wonderbrain Enterprises, Queensland, Australia.