Privacy Policy

thebraindump.ai (“thebraindump.ai”, “we”, “us”, “our”) publishes an email newsletter and provides a website where you can subscribe and complete onboarding.

We are based in Australia and handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where the GDPR or UK GDPR applies to you, we act as the data controller of your personal data.

Contact: oliver@mezcorp.co
Postal address: 6/21 Eric Rd Artarmon 2064, NSW, Australia
Legal entity and ABN: MEZ STUDIOS PTY LTD (ABN 21 697 707 190)

We collect:

• Email address (required to subscribe).
• Onboarding information (some optional, some required): first name, last name, AI learning goal, job level, day-to-day function, industry, company size range, AI tools used, and an optional “other” tool.
• Technical and usage data: IP address, approximate location derived from IP, browser and device type, user agent, referring URL, UTM parameters, timestamps, and standard server logs.
• Cookies and local storage: see Section 7.

We do not knowingly collect sensitive information (for example, health, biometric, or financial data) as defined under the Privacy Act 1988 (Cth).

We use your information to:

• Deliver the newsletter and manage your subscription.
• Personalise and improve content based on aggregate onboarding data.
• Segment subscribers (for example, by goal or role) so we can send more relevant emails.
• Monitor and improve site reliability, prevent abuse, and debug issues.
• Comply with our legal obligations, including under the Spam Act 2003 (Cth) and equivalent overseas laws.

We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects on you.

If you are in the UK or EEA, we process your personal data on the following bases:

• Consent (Article 6(1)(a)) for subscribing and providing onboarding details.
• Legitimate interests (Article 6(1)(f)) for running and improving the newsletter and website, ensuring security, and analysing aggregate trends. You can object at any time.
• Legal obligation (Article 6(1)(c)) where applicable.

You may withdraw consent at any time, including by unsubscribing.

We use the following third-party providers to operate the newsletter and website:

• Beehiiv (US): email delivery, subscriber management, and custom-field segmentation. See https://www.beehiiv.com/privacy
• Supabase (US): database storage for subscriber and onboarding data. See https://supabase.com/privacy
• Vercel (US): website hosting and standard server logs. See https://vercel.com/legal/privacy-policy

These providers may process your data outside Australia, including in the United States. Where required, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms.

We do not sell your personal information.

We may share information with:

• The service providers listed in Section 5, strictly to operate the service.
• Authorities, regulators, or other parties if required to comply with the law or to protect our legal rights.
• A successor entity in the event of a merger, acquisition, restructure, or asset sale.

We use cookies and browser local storage to:

• Remember onboarding progress.
• Maintain session state.
• Improve site functionality.

We do not currently run analytics or third-party advertising pixels on the website. If we add analytics or advertising tools in the future (for example, PostHog, GA4, or Meta Pixel), we will update this policy and, where required, request consent.

You can control cookies through your browser settings. Disabling cookies may affect site functionality.

We retain your information for as long as reasonably necessary to operate the newsletter and website, including while you remain subscribed. You can unsubscribe at any time using the link in any email.

We may retain limited records (for example, a suppression record) to honour unsubscribe requests and comply with legal obligations.

Depending on where you live, you may have the right to:

• Access, correct, or delete your personal information.
• Object to or restrict certain processing.
• Data portability (receive your data in a structured, machine-readable format).
• Withdraw consent.
• Lodge a complaint with a regulator.

Australia: you can complain to the Office of the Australian Information Commissioner (OAIC) at http://oaic.gov.au
UK: you can complain to the Information Commissioner’s Office (ICO) at http://ico.org.uk
EEA: you can complain to your local supervisory authority.

To exercise your rights, email oliver@mezcorp.co. We aim to respond within 30 days.

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another US state with a comprehensive privacy law, you may have additional rights, including:

• The right to know what personal information we collect and how we use it.
• The right to delete personal information.
• The right to correct inaccurate personal information.
• The right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioural advertising).
• The right not to be discriminated against for exercising these rights.

To exercise these rights, contact us at oliver@mezcorp.co.

If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), and any other authority required by applicable law (for example, the ICO under UK GDPR).

We use reasonable administrative, technical, and organisational measures to protect your information, including:

• TLS encryption in transit.
• Encryption at rest (provided by Supabase and Vercel).
• Role-based access controls and the principle of least privilege.
• Periodic review of access logs and provider configurations.

No method of transmission or storage is 100% secure.

The newsletter and site are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information, contact us to request deletion.

We may update this policy from time to time. We will update the effective date and, where the changes are material, provide notice by email or on the website. Previous versions are available on request.