1. Scope
This policy applies when you use the Brains CSE Training app on the web, in a browser, or in the Capacitor-based Android and iOS builds.
The app is a civil service exam practice tool. It does not offer public posting, social networking, or user-to-user messaging features.
2. Information We Collect
We collect the following categories of information to operate the app:
- Account information: email address, password authentication state, display name, and account status information associated with Firebase Authentication and your user profile.
- Guest access information: anonymous authentication state, guest trial counters, and guest trial eligibility markers.
- Quiz and learning data: quiz attempts, scores, score percentages, timestamps, progress records, and topic mastery records.
- Device and session information: a locally generated device identifier, device name, platform indicator, last login time, and session flags used for single-device access control.
- Content interaction data: the subjects, topics, difficulties, questions, answers, explanations, and question-image URLs that are shown in the app, along with the answers you submit during quizzes.
- Support information: the email address and message you choose to send when you contact support, along with any information you include in that message.
- Technical data: browser or app environment details that are necessary to operate the service, such as touch-capability checks, user-agent signals, storage state, and service-worker caching behavior.
3. How We Use Information
- Create, authenticate, and maintain your account or guest session.
- Restrict guest access and enforce guest trial limits.
- Save quiz results, progress, and mastery information.
- Support single-device sign-in validation and session integrity.
- Provide password reset and account recovery flows.
- Load app content, question text, explanations, and images from our backend.
- Respond to support requests and account-related questions.
- Protect the app, detect abuse, and help maintain exam integrity.
4. Where Information Is Stored
Based on the reviewed source code, your information may be stored or processed in the following places:
- Firebase Authentication: email/password sign-in, anonymous guest authentication, and local auth persistence.
- Cloud Firestore: user profile data, device/session binding records, guest trial state, quiz history, summary statistics, progress, topic mastery, subject metadata, topic metadata, and question content.
- localStorage: a generated device ID, guest mode flags, device validation errors, and question-rotation state.
- sessionStorage: guest trial question caches and active-trial markers.
- Browser cache and service worker storage: app shell assets used for offline readiness and faster loading.
The current source code does not use Firebase Storage for user uploads, and we did not find any dedicated analytics or crash-reporting SDK initialized in the app code reviewed.
5. Cookies, localStorage, and sessionStorage
The app does not intentionally set first-party cookies in the reviewed code. It does use localStorage and sessionStorage to keep the app working across sessions, including device binding, guest mode, question rotation, and guest-trial state. Firebase Authentication also uses persistent browser storage to keep you signed in when persistence is enabled.
6. Account Registration and Login
You can sign in with an email address and password through Firebase Authentication. When you log in, the app records basic profile information such as your email address and display name if available. If a profile record is missing values, the app may create or fill in defaults in Firestore.
If you use the password reset flow, Firebase Authentication sends the reset email to the address you provide. The app does not store or view your password in readable form.
7. Guest Accounts and Anonymous Authentication
Guest access uses Firebase Anonymous Authentication. Guest users are tracked separately from registered users and may be subject to trial limits. Guest trial state is stored in Firestore and in sessionStorage so the app can remember trial usage on the current device and session.
When a guest exits trial mode or signs out, the app clears guest-trial markers and signs out of the anonymous Firebase session.
8. Quiz Results, Progress, and Images
When you finish a quiz as a registered user, the app stores your performance history, summary statistics, progress records, and topic-mastery data in Firestore. These records may include the subject, topic, difficulty, score, score percentage, and timestamps.
Quiz questions, explanations, and images are read from Firestore content documents. The app does not provide user file uploads or public content posting features.
9. Device Binding and Session Management
To support single-device access control, the app generates and stores a local device identifier and records device/session details in Firestore. During sign-in, the app may compare the current device with the registered device for that account and sign you out if a mismatch is detected or the account is locked.
On mobile and web, the app also checks for touch-capable devices and shows privacy protections when the app loses focus or when screenshot-like events are detected.
10. App Permissions and Device Signals
Based on the reviewed Android and iOS configuration, the app requests network access and does not request camera, microphone, location, contacts, or photo-library permissions in the checked app manifests. The app may read basic device or browser signals such as user agent and touch capability to enforce mobile-only and exam-integrity behavior.
11. Password Reset and Support
Password reset requests are handled through Firebase Authentication. Support requests are handled by opening your email client or by letting you copy our support email address. We do not use an in-app support ticket system that stores your message on our servers.
If you contact support, your email provider and email client may process the message you send, including any personal information you choose to include.
12. Third-Party Services
The app uses Google and Firebase services to provide authentication, Firestore storage, cloud functions, and hosting-related infrastructure. Those services process data under their own terms and privacy policies.
If you leave the app to use the registration website, support email, or external browser pages, those destinations may collect and process information under their own privacy terms. The app itself does not process payments.
13. Security
We use technical and organizational safeguards designed to protect the information we process, including authenticated access, device binding, privacy-screen protection on supported native builds, and measures intended to reduce copying or screenshot exposure during exams. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
14. Data Retention and Deletion
We keep account, quiz, progress, device-binding, and guest-trial data for as long as needed to operate the service, maintain exam integrity, comply with legal obligations, and resolve disputes.
The current app code does not provide a self-service account deletion button. If you want to request deletion, correction, or help with account data, contact us using the support details above. Some records may need to be retained for security, legal, fraud-prevention, or operational reasons.
15. Children's Privacy
The app is intended for exam preparation and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can review the request and take appropriate action.
16. International Transfers
Because we use Google and Firebase infrastructure, your information may be processed and stored in the Philippines, the United States, and other countries where our service providers operate. By using the app, you understand that your information may be transferred across borders.
17. Your Choices and Rights
- You may sign out of the app at any time.
- You may stop using guest access by logging in with a registered account.
- You may contact us to ask about access, correction, or deletion of your account data.
- You may clear your browser or app storage to remove locally stored data such as device IDs, guest flags, or cached quiz state.
18. Policy Updates
We may update this Privacy Policy from time to time. If we make material changes, we will post the revised policy on this page and update the effective date.
19. Contact Us
If you have questions about this Privacy Policy or your data, contact us at Sharpen@brains.com.ph.