Version 2.0 — Last updated: April 2026
At MenteBrillante we take our users' privacy very seriously. This policy explains in a detailed and transparent manner what data we collect, for what purpose, what your rights are and how you can exercise them.
This is a courtesy translation provided solely to help you understand our policies more easily. In the event of any discrepancy, error or ambiguity between this version and the Spanish-language version, the Spanish text shall prevail and is the only legally binding version.
The controller responsible for the processing of the personal data collected through the MenteBrillante application is MenteBrillante (hereinafter, "the Controller"), with an address for communications at contacto@mentebrillante.app. In compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights (LOPD-GDD), and Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE), this Privacy Policy is made available to users.
We process your personal data on the following legal bases pursuant to Article 6 of the GDPR:
(a) Consent: by creating your account and accepting this policy, you give us your express consent to process the data necessary for the operation of the service.
(b) Performance of a contract: processing is necessary for the provision of the gaming service, the management of your account, leaderboards and Premium subscriptions.
(c) Legitimate interest: improving the service, anonymised statistical analysis, fraud prevention and platform security.
(d) Legal obligation: compliance with tax regulations and data retention obligations where applicable.
Data provided by the user:
- Username, email address and country of residence upon registration.
- Password (stored encrypted by means of a hash, never in plain text).
- Language preference (Spanish Spain, Latin American Spanish or English).
Data generated automatically:
- Gameplay data: score, daily streak, badges obtained, puzzle progress, solving time.
- Technical device data: model, operating system, app version, anonymous installation identifier.
- Usage data: frequency of access, screens visited, interactions with features.
- IP address (for approximate geolocation and security, not stored permanently).
- Advertising identifiers (IDFA on iOS, GAID on Android), only if the user has not opted to restrict ad tracking.
We do not collect special categories of data (health, sexual orientation, political opinions, biometric data, etc.).
We use your personal data for the following purposes:
- Provision of the service: management of your account, access to puzzles, saving of progress, leaderboards and badge system.
- Communications: sending daily game reminders (if you enable them), notifications about your account and important service updates.
- Personalisation: tailoring the gaming experience to your language, level and preferences.
- Advertising: showing relevant ads to free-plan users through Google AdMob.
- Analytics and improvement: understanding the use of the app in order to improve features, fix bugs and develop new functionality.
- Security: detection and prevention of fraud, score manipulation and abusive activity.
- Subscription management: processing Premium payments through the Apple and Google platforms.
Free-plan users see ads provided by Google AdMob. AdMob may use device advertising identifiers (IDFA/GAID), ad interaction data and technical device data to personalise the advertising shown.
Premium users do not see any advertising whatsoever.
How to manage personalised advertising:
- On Android: Settings > Google > Ads > Opt out of Ads Personalisation.
- On iOS: Settings > Privacy > Tracking > Turn off "Allow Apps to Request to Track".
If you disable personalisation, you will still see ads, but they will not be based on your interests.
We do not use our own cookies within the app. Third-party SDKs (Firebase Analytics, AdMob) may employ equivalent technologies for their operation.
Your personal data may be disclosed to the following third parties, solely for the purposes described:
- Google Firebase (Google LLC): data storage, authentication, real-time database and push notifications.
- Google AdMob (Google LLC): management of advertising for free-plan users.
- Google Analytics for Firebase: analysis of app usage on an aggregated basis.
- Apple App Store / Google Play Store: processing of Premium subscription payments.
We do not sell, rent or share your personal data with third parties for direct marketing purposes. All service providers are subject to data processing agreements in accordance with Article 28 of the GDPR.
Your data may be transferred to and processed on servers located outside the European Economic Area (EEA), specifically in the United States, where Google LLC has its main servers.
These transfers are carried out under:
- The EU-U.S. Data Privacy Framework, to which Google adheres.
- Standard Contractual Clauses (SCCs) approved by the European Commission.
You may request additional information about the applicable safeguards by contacting us at privacidad@mentebrillante.app.
We will retain your personal data for as long as your account remains active and for the following periods:
- Account and gameplay data: for as long as you keep your account active. When you delete your account, your data will be erased within a maximum of 30 calendar days.
- Premium transaction data: for 5 years after the last transaction, in accordance with applicable tax regulations.
- Technical support data: for 2 years from the last communication.
- Security logs (IPs, access records): 12 months.
Once the indicated periods have elapsed, the data will be deleted or irreversibly anonymised.
In accordance with Articles 15 to 22 of the GDPR, as a user you have the following rights:
- Right of access (Art. 15): to know what personal data of yours we are processing.
- Right to rectification (Art. 16): to request the correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): to request the deletion of your data ("right to be forgotten").
- Right to restriction of processing (Art. 18): to request that the use of your data be restricted in certain circumstances.
- Right to data portability (Art. 20): to receive your data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21): to object to the processing of your data, including profiling for advertising purposes.
- Right not to be subject to automated decisions (Art. 22): we do not subject you to decisions based solely on automated processing that produce legal effects concerning you.
To exercise any of these rights, send an email to privacidad@mentebrillante.app indicating your username and the right you wish to exercise. We will respond within a maximum of 30 days.
Under Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights (LOPD-GDD), users resident in Spain additionally enjoy:
- The right to digital disconnection in the workplace (Art. 88): although MenteBrillante is an entertainment app, we respect users' right not to receive communications outside reasonable hours.
- The right to a digital will (Art. 96): in the event of death, legitimate family members or heirs may request access to, rectification of or deletion of the deceased's data.
- The rights of minors (Art. 92): we guarantee special protection for the data of minors.
All complaints relating to data protection may be addressed to the Spanish Data Protection Agency (AEPD).
If you reside in California (USA), the California Consumer Privacy Act (CCPA) grants you additional rights:
- Right to know: what personal data we collect, for what purpose and to whom we disclose it.
- Right to delete: to request the deletion of your personal data.
- Right to opt out of sale: we do NOT sell our users' personal data to third parties under any circumstances.
- Right to non-discrimination: we will not treat you differently for exercising your privacy rights.
To exercise these rights, contact us at privacidad@mentebrillante.app. We will verify your identity before processing the request.
MenteBrillante is committed to the protection of minors:
- In accordance with COPPA (USA): we do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13 without verifiable parental consent, we will delete it immediately.
- In accordance with the GDPR (EU): the processing of data of minors under 16 (or the age set by each Member State, being 14 in Spain) requires the consent of the holder of parental responsibility.
- If you are a parent or legal guardian and believe that your child has provided personal data without your consent, contact us immediately at privacidad@mentebrillante.app and we will proceed to delete it within 48 hours.
In compliance with the LSSI-CE and the ePrivacy Directive:
- We will only send electronic commercial communications (promotional emails) if you have given your prior express consent.
- Daily reminder push notifications are service communications, not commercial ones, and are activated only if the user expressly enables them.
- The SDKs integrated into the app (Firebase, AdMob) may use local storage technologies equivalent to cookies for their technical operation.
- You may withdraw your consent for communications at any time from the app settings or by contacting us.
MenteBrillante complies with the privacy and data policies of Google Play and the Apple App Store:
- The information in the "Data safety" section on Google Play faithfully reflects our collection and processing practices.
- The Apple App Store "Privacy Labels" accurately describe the data collected.
- Data is collected and processed in accordance with Google's Families guidelines and Apple's guidelines for apps aimed at a general audience.
- We provide account and data deletion mechanisms accessible within the app.
We implement appropriate technical and organisational measures to protect your data:
- Encryption in transit: all communications between the app and our servers use TLS 1.3.
- Encryption at rest: data stored in Firebase Firestore is encrypted using AES-256.
- Secure authentication: passwords encrypted with bcrypt hashing algorithms; support for multi-factor authentication.
- Access control: access to personal data restricted exclusively to authorised personnel under the principle of least privilege.
- Monitoring: systems for detecting unauthorised access and security alerts.
- Incident response plan: in the event of a security breach, we will notify the competent supervisory authority within a maximum of 72 hours (Art. 33 GDPR) and affected users without undue delay (Art. 34 GDPR).
We reserve the right to modify this Privacy Policy at any time. In the event of substantial changes:
- We will notify you at least 30 days in advance by means of a prominent notice in the app and, where possible, by email.
- The new version will indicate the effective date and the version number.
- If you do not agree with the changes, you may delete your account before they take effect.
- Continued use of the app after the effective date constitutes acceptance of the new policy.
You may contact our data protection officer for any query relating to the processing of your personal data:
Email: privacidad@mentebrillante.app
Subject: "DPO - [Your query]"
We undertake to respond within a maximum of 30 calendar days.
If you consider that the processing of your personal data infringes current regulations, you have the right to lodge a complaint with the competent supervisory authority:
- In Spain: Spanish Data Protection Agency (AEPD)
Address: C/ Jorge Juan, 6, 28001 Madrid
Website: www.aepd.es
Telephone: 901 100 099
- In other EU countries: the data protection authority of your country of residence.
Nevertheless, we encourage you to contact us first so that we can try to resolve any issue amicably.
This Privacy Policy is governed by:
- Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).
- Organic Law 3/2018 of 5 December (LOPD-GDD).
- Law 34/2002 of 11 July (LSSI-CE).
- The California Consumer Privacy Act (CCPA), for users resident in California.
- The Children's Online Privacy Protection Act (COPPA), for the protection of minors.
- Any other data protection regulations applicable in the user's jurisdiction.
For any query relating to this Privacy Policy or to the processing of your personal data:
General email: contacto@mentebrillante.app
Privacy email: privacidad@mentebrillante.app
Legal email: legal@mentebrillante.app
We undertake to handle all requests as quickly as possible and always within the established legal deadlines.
A daily challenge for your mind. Coming soon to Android and iOS.