Legal

Privacy Policy

Last updated: March 2026

Your data is processed on-device. It is never sold, shared with advertisers, or transmitted to third-party servers without your explicit consent.

1. Who We Are

Cerebro is developed and operated by 404 Training Pty Ltd. If you have any questions about this policy, contact us at cerebro@404training.com.

2. What Data We Collect

Cerebro integrates with WHOOP and Apple HealthKit to provide biometric insights. Depending on which integrations you enable, we may access:

Via WHOOP API (OAuth 2.0, read-only):

Heart rate variability (HRV)
Resting heart rate
Sleep duration, stages, and efficiency scores
Daily recovery scores
Strain and activity cycle data

Via Apple HealthKit:

Heart rate and HRV readings
Sleep analysis
Activity and movement data

User-generated content:

Memories, notes, and journal entries you create within the app
App preferences and settings

3. How We Use Your Data

All biometric data and notes are processed locally on your device. We use this data to:

Calculate your cognitive offload and mental bandwidth scores
Surface stress patterns and recovery trends
Personalise your second-brain experience over time

We do not use your data for advertising, profiling, or any purpose beyond the core functionality of the app.

4. WHOOP Integration

When you connect your WHOOP account, you will be redirected to WHOOP's official OAuth flow. We request read-only access to your recovery, sleep, and cycle data. We do not write to your WHOOP account or modify any data held by WHOOP.

You can revoke Cerebro's access to your WHOOP account at any time via WHOOP App → Settings → Connected Apps. Revoking access will prevent Cerebro from fetching new data; previously cached data on your device will remain until you delete the app.

5. Data Storage and Retention

All data is stored locally on your device using on-device storage. We do not operate a cloud database that holds your personal or biometric information.

When you uninstall the app, all locally stored data is permanently deleted. We do not retain copies of your data after uninstallation.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties. The only external services Cerebro communicates with are:

WHOOP API — to fetch your biometric data with your explicit authorisation
Apple HealthKit — governed by Apple's own privacy framework

7. Children's Privacy

Cerebro is not directed at individuals under the age of 17. We do not knowingly collect data from children.

8. Changes to This Policy

If we make material changes to this policy, we will update the date at the top of this page and notify you within the app. Continued use of Cerebro after changes constitutes your acceptance of the updated policy.

9. Contact

For privacy-related enquiries, reach us at cerebro@404training.com.