BrainLaddersBRAINLADDERS
How It WorksLeaderboardPremium
How It WorksLeaderboardPremium
Back

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how we collect, use, store, and share personal data when you use the BrainLadders mobile application (the “App”) and the website at brainladders.com (the “Site”).

1. Who we are

The data controller is Colibri Consulting DOO, Jurija Gagarina 231/329, 11197 Novi Beograd, Republic of Serbia (registration MB: 21962651, tax ID PIB: 114045995). BrainLadders is operated under the 1130 Studio brand.

For any privacy-related question or to exercise your rights, contact contact@1130.studio.

2. What data we collect

We collect only what we need to run the service. Data we process falls into the following categories:

  • Account data — email address, display name, avatar, password (stored only as a salted hash), and the sign-in identifier from Apple or Google when you use Sign in with Apple or Sign in with Google.
  • Profile preferences — language, timezone, favourite topics, and notification preferences (streak / weekly / leaderboard / content reminders).
  • Gameplay data — quiz answers, scores, MMR rating, streaks, leaderboard position, questions you have seen, duel history, and related timestamps.
  • Referral data — your referral code, codes you redeemed, and the link between you and people you referred (only the minimum needed to credit rewards).
  • Purchase data — the fact that you hold an active Premium subscription, the platform that processed it (Apple or Google), and the original transaction identifier. We do not receive your card number or billing address — payment is handled entirely by Apple or Google.
  • Device and diagnostic data — model, operating system version, app version, language, push notification token, a device identifier used for anti-fraud and ban-evasion prevention, and crash/error logs sent by the operating system to help us fix bugs.
  • Support correspondence — any message you send to us by email.

The Site at brainladders.com does not use any third-party advertising or analytics SDKs, web trackers, or advertising cookies. Inside the App we may process aggregated, anonymised usage statistics (e.g. number of quizzes started per day) for product improvement; this aggregated data cannot be used to identify you. We do not sell or share your personal data for cross-context behavioural advertising.

3. Why we use it (legal basis)

  • To provide the service — authenticate you, run quizzes, calculate MMR, display the leaderboard, manage your Premium subscription. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
  • To keep the game fair — detect cheating, multi-accounting, and abuse. Legal basis: legitimate interests (GDPR Art. 6(1)(f)).
  • To fix bugs and improve the App — process diagnostic data and aggregated gameplay statistics. Legal basis: legitimate interests.
  • To comply with the law — keep payment and tax records as required by Serbian and EU accounting law. Legal basis: legal obligation (GDPR Art. 6(1)(c)).

4. Third parties who process your data

We share the minimum necessary data with the following processors:

  • Apple Inc. — Sign in with Apple, App Store payments and subscriptions, App Store Connect crash reporting, and Apple Push Notification service (APNs) for delivering notifications to iOS devices.
  • Google LLC — Sign in with Google, Google Play payments and subscriptions, Google Play crash reporting, and Firebase Cloud Messaging (FCM) for delivering notifications to Android devices.
  • Cloud hosting provider — for server infrastructure that stores your account and gameplay data. Data is encrypted in transit (TLS) and at rest.

We do not sell your personal data and we do not share it with advertisers or data brokers.

5. Where your data is stored

Data may be stored and processed in the Republic of Serbia and in the European Economic Area. Where data is transferred outside the EEA (for example to Apple or Google data centres in the United States), we rely on the Standard Contractual Clauses approved by the European Commission and the equivalent safeguards under Serbian law.

6. How long we keep it

  • Account, profile and gameplay data: for as long as your account is active.
  • After you request account deletion: your account enters a 30-day grace period during which it is deactivated but can still be restored by signing back in. After 30 days, all personal data is permanently and irreversibly deleted, except for the items below.
  • Payment and tax records: up to 10 years where required by Serbian and EU tax law.
  • Abuse and ban records: a minimal hashed identifier may be retained to prevent ban evasion.
  • Crash and diagnostic logs: typically 90 days.

7. Your rights

Under the EU GDPR and the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti) you have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data (“right to be forgotten”);
  • restrict or object to processing;
  • receive your data in a portable, machine-readable format;
  • withdraw consent at any time where processing is based on consent;
  • lodge a complaint with the Serbian Commissioner for Information of Public Importance and Personal Data Protection (Poverenik), or with your local EU data protection authority.

If you are a California resident, the CCPA/CPRA give you the right to know what we collect, request deletion, correct inaccurate information, and opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under the CCPA.

To exercise any of these rights, email contact@1130.studio. We will respond within 30 days.

8. Deleting your account

You can delete your account at any time from Settings → Delete Account inside the App, or by following the instructions on our Delete Account page.

9. Children

BrainLadders is not directed at children under 13 (or under 16 in jurisdictions where that is the minimum digital-consent age). We do not knowingly collect personal data from such children. If you believe a child has provided us with personal data, contact contact@1130.studio and we will delete it.

10. Security

We protect your data with TLS in transit, encryption at rest, access controls, and audit logging. No system is perfectly secure, but we take industry-standard steps to keep your data safe.

11. Changes to this policy

We may update this policy to reflect changes to the service or the law. We will update the “Last updated” date at the top and, for material changes, notify you in-app or by email.

12. Contact

Colibri Consulting DOO
Jurija Gagarina 231/329, 11197 Novi Beograd, Republic of Serbia
Email: contact@1130.studio

See also our Terms of Service and Support page.

BrainLaddersBRAINLADDERS
PrivacyTermsSupportDelete AccountLeaderboard
© 2026 Colibri Consulting DOO. All rights reserved.Designed & built by 1130.studio