Back to Home

Privacy Policy

Effective Date: March 20, 2026

1. Introduction

Welcome to Dual N-Back! This Privacy Policy explains how Dual N-Back, LLC ("we," "us," or "our") collects, uses, shares, and protects information in relation to our web application, website (dualnback.com), mobile application available on the Google Play Store, and associated services (collectively, the "Service").

Your privacy is important to us. Please read this Privacy Policy carefully. By accessing or using our Service, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. If you do not agree to this policy, please do not use the Service. This Privacy Policy is incorporated into and subject to our Terms of Use.

2. Information We Collect

We collect information to provide, operate, improve, understand, customize, support, and market our Service. The types of information we collect depend on how you use our Service:

A. Information You Provide Directly:

  • Account Information: When you create an account, we collect your email address and a hashed version of your password. If you sign up using Google Sign-In, we receive information from Google such as your email address and potentially your name and profile picture, as permitted by your Google account settings.
  • Profile Information: We collect the unique username you choose for each profile, along with your training progress data including your current N-Back level, current difficulty (N.00-N.95), highest achieved N-Back level, and consecutive success streak.
  • Settings: We store your profile-specific settings, such as customized key bindings and preferences like instant feedback enablement.
  • Communications: If you contact us directly (e.g., via support@dualnback.com), we may receive additional information about you such as your name, email address, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
  • Feedback Data: If you submit feedback through the in-app feedback form, we collect your message, selected category, email address (optional), and page URL. You may optionally choose to include technical console logs to help us troubleshoot issues.
  • Cohort Participation Data: If you join a Cohort Training program, we collect your cohort enrollment, daily session completion status (completed, missed, or rest day), cohort progress throughout the 28-day program, and real-time presence and activity data as described below.
  • Presence and Activity Data: If you participate in Cohort Training and have presence sharing enabled, we collect real-time presence data to display your status to other cohort members. This includes your online/idle/offline status (determined via periodic connectivity signals sent approximately every 30 seconds while you have the app open), your current training activity (e.g., "playing," "paused," "viewing results"), and, if you have activity sharing enabled, details about your current session such as N-back level, difficulty, game mode, and trial progress. This data is ephemeral — it reflects only your current state and is overwritten with each update. You control what is shared via your Cohort Privacy settings (see Section 8).

B. Information Collected Automatically:

  • Session & Performance Data: When you use the training features, we automatically collect detailed data about your sessions, including timestamps, duration, N-back level played, difficulty level played, modality (dual, visual, audio), specific stimuli presented (visual positions, audio letters), your responses (match/no-match, timing), accuracy, hits, misses, false alarms, and calculated metrics like d-prime sensitivity.
  • Replay Data: For standard sessions, we collect a log of events including stimulus presentations, user responses, and feedback timing to enable the session replay feature.
  • Usage Data & Analytics: We may automatically collect information about how you interact with the Service using tools like Firebase Analytics (if enabled). This may include features used, session durations, general usage patterns, device type, browser type, IP address (which may infer general location), operating system, and crash reports. This data is primarily used in aggregated or anonymized form.
  • Crash and Error Data: We use Sentry, a third-party error monitoring service, to automatically collect crash logs, error stack traces, and device identifiers to diagnose and fix bugs.
  • Device Identifiers: Firebase automatically generates a Firebase Installation ID for your device. Sentry may also collect device-related identifiers for crash reporting purposes.
  • Advertising Data: Third-party advertising partners, including Google AdSense, automatically collect information when you use the Service. This may include cookies, your IP address, device identifiers, browser type, operating system, pages visited, and interaction with advertisements. Google uses cookies (including the DoubleClick cookie) to serve ads based on your prior visits to this Service and other websites. For more details, see Section 5 (Advertising and Cookies) below.

3. How We Use Information

We use the information we collect for various purposes, including:

  • To Provide and Operate the Service: To authenticate users, manage accounts and profiles, deliver the core dual n-back training, calculate performance, store progress, provide analytics, and allow session replays and sharing.
  • To Improve and Personalize the Service: To understand user behavior and trends, analyze performance data (including aggregated/anonymized usage data) to improve the training algorithms and user experience, develop new features, conduct research related to cognitive training, and personalize settings.
  • To Communicate With You: To respond to your support requests or inquiries, send important service-related notices (e.g., updates to Terms or Privacy Policy), and potentially provide information about beta programs or new features (with options to opt-out where applicable).
  • For Security and Fraud Prevention: To monitor for suspicious activity, prevent abuse, enforce our Terms of Use, and protect the security and integrity of the Service and our users.
  • To Comply with Law: To comply with applicable legal obligations, respond to valid legal requests, or protect our rights or the rights of others.

4. How We Share Information

We do not sell your personal information in the traditional sense for monetary consideration. However, under California law (CCPA/CPRA), sharing personal information with advertising partners for cross-context behavioral advertising may be considered a "sale" or "sharing." For more details, see Section 9 (California Privacy Rights) below. We may share information under the following limited circumstances:

  • Service Providers: We share information with third-party service providers that help us operate, provide, improve, understand, customize, support, and market our Service. These include Google Cloud Firebase (for authentication, database hosting, cloud functions, and hosting), Sentry (for crash and error monitoring), Stripe (for web payment processing), RevenueCat (for mobile subscription management via Google Play billing), and Google AdSense (for displaying third-party advertisements to free-tier users). These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • User-Controlled Sharing:
    • Replays: If you choose to share a session replay publicly, the replay data (which may include performance data and your username) will be accessible via a public link. You are responsible for managing your sharing settings.
    • Cohort Training: If you join a Cohort Training program, the following information is visible to other members of your cohort (up to 7 other users) based on your privacy settings:
      • Your username and daily completion status (completed, missed, or rest day) via the shared progress board — this is always visible to cohort members.
      • Your online/idle/offline status — visible if you have "Show Online Status" enabled in your Cohort Privacy settings (enabled by default).
      • Your current training activity and session details (N-back level, difficulty, game mode, and trial progress) — visible if you have "Show Game Activity" enabled in your Cohort Privacy settings (enabled by default).
      You can disable presence and activity sharing at any time via Settings > Cohort Privacy. No historical session data, cumulative scores, or d-prime metrics are shared with cohort members.
  • Aggregated or Anonymized Data: We may share aggregated or anonymized information (data that does not personally identify you) for research, statistical analysis, industry reporting, or other legitimate business purposes.
  • Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the Service, protect the personal safety of users of the Service or the public, or protect against legal liability.
  • Business Transfers: If Dual N-Back, LLC is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.

5. Advertising and Cookies

  • Cookies and Similar Technologies: We and our third-party partners use cookies, pixel tags, and similar technologies to collect information, provide features, and deliver advertisements. A cookie is a small text file stored on your device. You can manage cookie preferences through your browser settings; however, disabling cookies may affect the functionality of the Service.
  • Types of Cookies We Use:
    • Essential Cookies: Required for basic Service functionality such as authentication and security. These cannot be disabled.
    • Analytics Cookies: Used by Google Analytics to understand how users interact with the Service, measure traffic, and improve user experience.
    • Advertising Cookies: Used by Google AdSense and its partners to serve, target, and measure advertisements. These cookies enable personalized ads based on your browsing history across websites.
  • Google AdSense and Advertising Partners: The free tier of the Service displays third-party advertisements served by Google AdSense. Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to this website or other websites. Google's use of advertising cookies enables it and its partners to serve ads to users based on their visit to this Service and/or other sites on the Internet. Google and its partners may collect and use data including your IP address, browser information, device identifiers, and browsing activity to serve personalized advertisements and measure ad performance.
  • How Google Uses Data: You can learn more about how Google uses data when you use our partners' sites or apps by visiting https://www.google.com/policies/privacy/partners/. Google's collection and use of information is also governed by Google's Privacy Policy at https://policies.google.com/privacy.
  • Your Advertising Choices: You have several options to control advertising cookies and personalized ads:
    • You may opt out of personalized advertising by visiting Google Ads Settings at https://www.google.com/settings/ads.
    • You may opt out of third-party vendors' use of cookies for personalized advertising by visiting www.aboutads.info.
    • You may opt out of targeted advertising from Network Advertising Initiative members at www.networkadvertising.org/choices.
    • Most browsers allow you to block or delete cookies through their settings. Note that blocking advertising cookies will not remove advertisements but will make them less relevant to you.
  • EEA/UK/Swiss Users: If you are located in the European Economic Area, United Kingdom, or Switzerland, we will obtain your consent before setting non-essential cookies (including advertising and analytics cookies) in accordance with applicable law. You may withdraw your consent or manage your cookie preferences at any time by clicking the "Cookie Settings" link in the footer of the Service. Even when you opt out of personalized advertising, non-personalized ads may still use cookies for frequency capping, aggregated reporting, and fraud prevention, which also requires consent. For additional information about your rights under the GDPR, see Section 10 (EEA, UK, and Swiss Privacy Rights) below.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service.

Upon account deletion request (submitted via https://dualnback.com/delete-account or by contacting us at support@dualnback.com), we will delete your personally identifiable information within 30 days. This includes your account credentials, profile details, and session history linked directly to you. Billing and transaction records will be retained for up to 1 year for tax reporting, chargebacks, and payment dispute purposes. Stripe and RevenueCat may retain their own records per their respective policies.

We may retain certain data for longer periods if required by law, for necessary security purposes (e.g., fraud prevention), to resolve disputes, enforce our agreements, or for our legitimate business needs, such as maintaining aggregated/anonymized analytical data derived from your usage. Anonymized data is information that can no longer be used to identify you.

Presence Data: Real-time presence information (online/idle/offline status, current activity) is ephemeral. It reflects only your current state and is overwritten with each connectivity signal. We do not maintain historical logs of when you were online or what training activities you were engaged in. Presence data is automatically cleared when you close the app or after 15 minutes of inactivity.

7. Data Security

We implement reasonable technical and organizational measures designed to protect your information from unauthorized access, use, alteration, or disclosure. We utilize Firebase's security features, including secure connections (HTTPS), Firestore security rules, and password hashing. We use Sentry for error monitoring to help identify and resolve security and stability issues. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the absolute security of your information. You are responsible for maintaining the security of your account password.

8. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. These may include the right to:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information, subject to legal and operational retention needs (see Section 5 and Section 9 of the Terms of Use).
  • Manage Settings: Update your profile settings (e.g., key bindings, feedback preferences) within the Service.
  • Manage Sharing: Manage sharing settings for replays where applicable features are provided.
  • Manage Presence Visibility: If you participate in Cohort Training, you can control whether cohort members see your online status and current training activity via Settings > Cohort Privacy. You can disable presence sharing entirely or disable only activity details while remaining visible as online/idle. Changes take effect immediately.

You can typically exercise these rights through your account settings page or by contacting us at support@dualnback.com. We will respond to your requests in accordance with applicable laws.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"). This section also addresses California's "Shine the Light" law (Cal. Civ. Code § 1798.83).

  • Categories of Personal Information Collected:
    • Identifiers: Email address, username, IP address, device identifiers (Firebase Installation ID, Sentry device ID). Retained for the life of your account, or 30 days after account deletion request.
    • Commercial Information: Subscription status, purchase and billing history via Stripe and RevenueCat. Retained for up to 1 year after account deletion for tax and chargeback purposes.
    • Internet or Electronic Network Activity: Browsing history, pages visited, interaction with advertisements, session and performance data, cookies, analytics data, and real-time presence and activity data within Cohort Training features (online/idle status, current training activity, session details shared with cohort members). Analytics data retained per Google Analytics defaults (up to 26 months); Sentry error data retained per Sentry's default retention period (90 days); presence data is ephemeral and not retained beyond your active session.
    • Geolocation Data: Approximate location inferred from IP address. Not stored separately; retained only as part of analytics and error data above.
    • Inferences: Cognitive training performance metrics (N-back level, d-prime sensitivity, accuracy) used to personalize difficulty. Retained for the life of your account.
  • Categories Sold or Shared for Behavioral Advertising: We share the following categories of personal information with advertising and analytics partners (Google AdSense, Google Analytics) for cross-context behavioral advertising, which may constitute a "sale" or "sharing" under CCPA/CPRA:
    • Identifiers: IP address, device identifiers, cookie IDs.
    • Internet or Electronic Network Activity: Browsing activity, ad interactions, pages visited.
    We do not sell or share the personal information of consumers we know to be under 16 years of age.
  • Financial Incentive Disclosure: We offer a free tier of the Service that displays third-party advertisements via Google AdSense. This free tier provides access to core Dual N-Back training in exchange for allowing advertising partners to collect and use data for behavioral advertising as described above. Users who prefer not to participate may upgrade to our ad-free Pro tier at any time. You may also opt out of personalized advertising while remaining on the free tier (see "Your California Rights" below), though non-personalized ads will still be displayed. This incentive program is reasonably related to the value provided by the data, as advertising revenue supports the free tier of the Service.
  • Your California Rights: As a California resident, you have the right to:
    • Know and Access: Request the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties with whom we have shared it.
    • Delete: Request deletion of your personal information, subject to certain legal exceptions.
    • Correct: Request correction of inaccurate personal information.
    • Opt-Out of Sale/Sharing: Direct us to stop selling or sharing your personal information for cross-context behavioral advertising. Click the "Do Not Sell or Share My Personal Information" link in our footer, or contact us at support@dualnback.com. We will process your request within 15 business days.
    • Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by CCPA/CPRA (such as Social Security numbers, financial account credentials, precise geolocation, or biometric data).
    • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
  • How to Exercise Your Rights: You may submit a request by emailing support@dualnback.com or by using the links in the footer of the Service. We will acknowledge your request within 10 business days and respond within 45 days, which may be extended by an additional 45 days if reasonably necessary (we will notify you of any extension). We will verify your identity before fulfilling your request. You may also designate an authorized agent to submit requests on your behalf; we may require proof of authorization and identity verification.
  • Global Privacy Control: We honor Global Privacy Control (GPC) signals sent by your browser. When we detect a GPC signal, we treat it as a valid opt-out request for the sale and sharing of your personal information and will disable personalized advertising and analytics cookies accordingly.
  • "Shine the Light" (Cal. Civ. Code § 1798.83): California residents may request a list of third parties to whom we have disclosed personal information for their direct marketing purposes during the preceding calendar year, along with the categories of information shared. To make this request, please email support@dualnback.com with the subject line "Shine the Light Request." We will respond within 30 days.

10. EEA, UK, and Swiss Privacy Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Act on Data Protection (FADP), respectively. This section supplements the general rights described in Section 8.

  • Legal Bases for Processing: We process your personal data on the following legal bases:
    • Performance of a Contract (Art. 6(1)(b) GDPR): Account creation and management, delivering the core dual n-back training experience, calculating performance metrics (including d-prime sensitivity), adaptive difficulty progression, session replay functionality, subscription billing via Stripe and RevenueCat, and real-time presence and activity features within Cohort Training (processing your connectivity signals to display your status to cohort members you have opted to share with).
    • Consent (Art. 6(1)(a) GDPR): Analytics cookies (Google Analytics), advertising cookies and personalized ads (Google AdSense on web, AdMob on mobile), and sharing of your presence status and training activity details with cohort members (controllable via Cohort Privacy settings, which default to enabled; you may disable sharing at any time). We implement Google Consent Mode v2, which defaults to denied for EEA, UK, and Swiss regions until you provide consent. You may withdraw your consent at any time by clicking the "Cookie Settings" link in the footer of the Service or by contacting us at support@dualnback.com. Withdrawal of consent does not affect the lawfulness of processing performed before the withdrawal.
    • Legitimate Interests (Art. 6(1)(f) GDPR): Error diagnostics and stability monitoring via Sentry (which may include IP addresses, device identifiers, and console errors), fraud prevention, security monitoring, and service improvement based on aggregated usage patterns. You have the right to object to processing based on legitimate interests (see "Your Additional Rights" below).
    • Legal Obligation (Art. 6(1)(c) GDPR): Retaining billing and transaction records for tax reporting and compliance purposes (up to 1 year after account deletion).
  • Your Additional Rights: In addition to the rights described in Section 8, you have the following rights under the GDPR:
    • Data Portability (Art. 20): You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where processing is based on consent or contract performance and is carried out by automated means.
    • Right to Object (Art. 21): You have the right to object to the processing of your personal data based on our legitimate interests (including Sentry error monitoring and diagnostics). Upon receiving your objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
    • Right to Restrict Processing (Art. 18): You have the right to request restriction of processing when: (a) you contest the accuracy of your personal data, for the period needed to verify accuracy; (b) the processing is unlawful and you prefer restriction over deletion; (c) we no longer need the data but you require it for legal claims; or (d) you have objected to processing pending verification of whether our legitimate grounds override yours.
    • Right to Erasure (Art. 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, you withdraw consent, you object to processing and there are no overriding legitimate grounds, or the data has been unlawfully processed. This right is subject to exceptions, including where retention is necessary for compliance with legal obligations (such as tax records) or the establishment, exercise, or defense of legal claims. To request erasure, visit dualnback.com/delete-account or contact us at support@dualnback.com.
    • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you have the right to withdraw your consent at any time. You may do so by clicking the "Cookie Settings" link in the footer, or by contacting us at support@dualnback.com. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.
    • Right to Lodge a Complaint (Art. 77): You have the right to lodge a complaint with a supervisory authority. You may contact your local data protection authority, or:
      • EEA: Your national data protection authority — see the full list at edpb.europa.eu.
      • UK: The Information Commissioner's Office (ICO) at ico.org.uk.
      • Switzerland: The Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.
  • Automated Decision-Making and Profiling: The Service uses automated processing to adjust training difficulty based on your d-prime sensitivity and accuracy metrics. This profiling is performed server-side via Cloud Functions and is necessary for the performance of our contract with you (providing adaptive cognitive training). Free-tier users receive difficulty adjustments across 5 coarse steps per N-back level; Pro-tier users receive adjustments across 100 fine-grained steps per level. This automated processing does not produce legal effects or similarly significant effects on you — it solely determines the difficulty of your next training session. You may contact us at support@dualnback.com to request further information about the logic involved.
  • Data Protection Officer: We have not appointed a Data Protection Officer as we do not meet the mandatory threshold under Article 37 GDPR. For all privacy-related inquiries, please contact us at support@dualnback.com.
  • EU and UK Representatives: As we are established outside the EEA and UK, we are in the process of appointing representatives in the EU (under Article 27 GDPR) and the UK (under Article 27 UK GDPR). Until appointments are finalized, you may direct any data protection inquiries to us at support@dualnback.com, and we will respond within the timeframes required by applicable law.
  • How to Exercise Your Rights: You may submit a request by emailing support@dualnback.com. We will respond within 30 days of receiving your request. This period may be extended by an additional 60 days where necessary, taking into account the complexity and number of requests; we will inform you of any such extension within the initial 30-day period. We may need to verify your identity before processing your request.

11. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers. If you believe that we might have any information from or about a child under 18, please contact us at support@dualnback.com.

12. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States (where Firebase servers are primarily located) and process it there.

For users in the EEA, UK, and Switzerland, we rely on the following safeguards for international data transfers in accordance with applicable data protection law:

  • Google Cloud / Firebase: EU-US Data Privacy Framework certification and Standard Contractual Clauses (SCCs) incorporated into Google's Data Processing Terms.
  • Sentry: EU-US Data Privacy Framework certification and Standard Contractual Clauses.
  • Stripe: EU-US Data Privacy Framework certification and Standard Contractual Clauses.
  • RevenueCat: Standard Contractual Clauses for international transfers.

For transfers from the UK, our service providers rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, as applicable. For transfers from Switzerland, our service providers rely on the Swiss-US Data Privacy Framework where certified, and the Swiss Federal Data Protection Act-approved Standard Contractual Clauses.

You may obtain a copy of the relevant safeguards by contacting us at support@dualnback.com.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page (https://dualnback.com/privacy) and updating the "Effective Date" at the top. We may also provide notice through the Service or via email if you have provided one. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after the effective date constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

support@dualnback.com

Dual N-Back, LLC