Here is your brain

Privacy policy

Here is your brain (hereisyourbrain.app)

Last updated: 27 May 2026

About this policy

This is the privacy policy for Here is your brain, a habit-tracking application operated by Juliette Ryan from Brisbane, Australia. If you've applied to use the app via hereisyourbrain.app/curious, this policy explains what data is collected, how it's stored, and what your rights are.

I've written this in plain language because the data you're entrusting to me is personal — habits, compulsions, urges, thoughts, things you've struggled with for years. You deserve to know exactly what happens to it. If anything in this policy is unclear, email me at juliette.hiyb@gmail.com and I'll explain.

Who I am

I'm Juliette Ryan, a neuroscience and behavioural science engineer based in Brisbane, Australia. I'm the operator and sole administrator of Here is your brain. I publish neuroscience writing at hereisyourbrain.substack.com.

I built this app because I worked through my own addiction recovery using the principles it implements, and I wanted others to have access to the same framework. The data you log is what makes the app work for you — and over time, it's what will help me understand what works for others, so the framework can keep improving.

The short version

  • I collect the data you log in the app (urges, decisions, triggers, thoughts) and the minimum identifying information needed to make the app work (your email for login).
  • I store it on servers located in Sydney, Australia.
  • I'm the only person who can access identifiable data. No-one outside the operating team sees it.
  • I use anonymised, aggregated data to improve the app and write about what the patterns reveal. I never sell data to anyone. I never use it to train AI models. I never share identifiable data with third parties for any purpose.
  • You can request deletion of your account at any time.
  • The app complies with the Australian Privacy Act 1988 and the Australian Privacy Principles.

What data I collect

When you apply via hereisyourbrain.app/curious, you provide:

  • Your name and email address
  • Information about the habit you're trying to break: what it is, how long you've struggled with it, what you've tried before
  • Lifestyle context: your sleep, exercise, and screen time patterns
  • Your commitment to the practices the app involves

Once you're approved and using the app, the data collected is the data you log:

  • Urges and decisions— every time you log an urge, the app records the time, the urge's intensity (“mild” / “moderate” / “strong”), what triggered it, whether you acted on it or not, and any notes you write
  • Habit-building data — for the awareness practice and any other making-habit experiments, the app records your daily entries (thought counts, exercise sessions, written notes)
  • Experiment configuration— the framing language you choose during phase transitions (your “I am doing this because…” statement, the words you choose for your urges)
  • Account activity — login timestamps, which screens you visit, and aggregate usage patterns the app needs to function

I do not collect:

  • Location data beyond what your timezone setting reveals
  • Contact lists, photos, or other device content
  • Browsing activity outside the app
  • Any data from third-party accounts you may have linked elsewhere

Why I collect it

Two reasons.

To make the app work for you.Most of the data is operational — without recording your urges, the app couldn't track your extinction curve, show you progress, or compute the personalised values that drive the experience.

To improve the framework over time.The patterns across many users' data — what makes Rewiring succeed for some people, where most people slip, what triggers are most common — is what teaches me how to keep refining the protocols, the welcome content, the math, and the writing. This is the research use referenced in the application form. It's done only by me, never sold or shared with third parties, never used to train AI models, and only ever uses data that's been stripped of anything that could identify you.

Where your data is stored

Your data is stored in a managed PostgreSQL database hosted by Neon, located in their Sydney, Australia region. Neon is a database hosting provider; they store the data on infrastructure that meets standard industry security practices, but they do not access or process its contents.

The application itself is hosted by Vercel, which serves the web pages and handles secure user authentication. Vercel's infrastructure for Here is your brain operates from servers in the Sydney region.

Email sent by the app (your application confirmation, welcome messages, etc.) is delivered through Resend, an email-sending service. Resend processes your email address and the contents of those specific messages, but does not access the data you log within the app.

These three services — Neon, Vercel, and Resend — are the only third-party services involved in operating the app. Each has its own privacy policy and security commitments; the app's design ensures that none of them have access to data they don't strictly need to perform their function.

Who can access your data

The data you log is accessible only to me, in my capacity as the operator of Here is your brain. I review applications, approve users, monitor the app's performance, and use anonymised behavioural data for the research purposes described above.

No-one else — no employees, no contractors, no advisors, no investors, no marketing partners — has access to any identifiable data. There is no operating team beyond me.

When I refer to “anonymised behavioural data” being used for research, that means data with all identifying information (name, email, account identifiers) removed, presented and analysed in a form that cannot be traced back to you individually. I might write a Substack post about “the average urge intensity follows this pattern in the first two weeks” — that's anonymised behavioural data. I would never write a post that says “User X did this on Tuesday.”

Your rights

You have several rights regarding your data:

Access. You can request a copy of the data I hold about you. Email juliette.hiyb@gmail.com and I'll send you a structured export within 30 days.

Correction.If any information about you is inaccurate (your name spelled wrong, an event logged incorrectly), you can edit it directly in the app, or email me and I'll fix it.

Deletion.You can delete your account at any time from the Settings page within the app. When you do this, your account is closed and your identifying information (name, email, login credentials) is permanently removed. Your behavioural data — the urges, decisions, and patterns you logged — is retained in anonymised form, severed from your identity, and used only for the research purposes described in “Why I collect it” above. Once anonymised, the data cannot be linked back to you.

If you want your behavioural data also fully erased rather than retained in anonymised form, email juliette.hiyb@gmail.com explaining your request, and I'll process the full erasure within 30 days.

These rights apply regardless of your location. If you're an Australian resident, they're additionally protected by the Australian Privacy Act 1988. If you're in the European Union or United Kingdom, GDPR additional rights apply. If you're in California, CCPA additional rights apply.

How long I keep your data

While your account is active, your data is retained for as long as you continue to use the app.

If you delete your account, your identifying information is removed immediately. Your anonymised behavioural data is retained indefinitely for research purposes, unless you request full erasure as described above.

If your account becomes inactive (no logins or events for 24 months), I may contact you to ask whether you'd like to keep the account or close it. If you don't respond, the account stays open — I won't close an account on your behalf.

Children's data

Here is your brainis not intended for use by anyone under 18. The /curious application form is designed to filter out applications from minors, and I will not knowingly approve an under-18 user. If you become aware that a minor has somehow gained access to the app, please email me and I'll close their account immediately.

Changes to this policy

If I change this policy materially — for example, if I add new types of data collection, expand who can access data, or change how research use works — I'll notify active users by email at least 30 days before the change takes effect. Minor wording updates that don't change the substance won't trigger a notification, but the “Last updated” date at the top of this page will always reflect the most recent revision.

Security

All communication between you and the app is encrypted (HTTPS). The database requires authentication, and I'm the only person with credentials. There are no stored passwords for attackers to steal — the app uses magic-link login, which sends a one-time link to your email instead of relying on a password.

No system is fully impenetrable. If a data breach does occur that affects your information, I'll notify you in accordance with Australia's Notifiable Data Breaches scheme.

How to contact me

For any questions, requests, or concerns about your data or this policy:

  • Email: juliette.hiyb@gmail.com
  • I aim to respond within 7 days for most queries, and within 30 days for formal requests (access, deletion, etc.)

Complaints

If you're not satisfied with my response to a privacy-related concern, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

For users in other jurisdictions: you also have the right to lodge complaints with your local data protection authority.