Privacy Policy

Last updated: June 26, 2026

Brain Dump is a Pebble smartwatch app built by Adrien Thiery. This policy explains what data the app accesses, where it goes, and what is never collected.

What data the app processes

Brain Dump processes the voice notes you dictate on your Pebble watch. Depending on the destinations you configure in settings, a note may be sent to:

• Google Tasks — to create a task in your Google account, and to mark it completed when you delete the corresponding reminder on your watch
• Notion — to create a page in your Notion database
• An AI provider — to generate a reply (e.g. NVIDIA, Groq, Mistral, OpenRouter, or a local model via Ollama / LM Studio)
• A custom webhook URL — to a destination you configure yourself
• On-watch local storage — stored only on your Pebble device

No note text is ever sent to any server operated by the developer.

Google user data

Brain Dump is a Pebble smartwatch app that can optionally connect to Google Tasks. If you enable this integration, the sections below describe exactly how the app accesses, uses, stores, shares, and deletes Google user data, in compliance with the Google API Services User Data Policy.

Brain Dump requests a single OAuth scope: https://www.googleapis.com/auth/tasks. The app does not access Gmail, Google Drive, Google Calendar, Contacts, your Google profile, or any other Google service.

Data accessed

When you connect Google Tasks, Brain Dump may access the following Google user data:

• OAuth credentials — an access token and refresh token issued by Google after you sign in and grant permission.
• Task list metadata — the names and internal IDs of your Google Task lists, fetched only when you open the app settings or tap Refresh next to the task-list picker.
• New task content you create — when you dictate a voice note routed to Google Tasks, the app sends a new task to Google containing the task title (derived from your note), and optionally a due date and a time note parsed from your speech. The app stores the Google-assigned task ID locally on your watch so it can update that task later.
• Task completion status — when you delete a reminder from the on-watch list that was previously sent to Google Tasks, the app updates that task in Google to mark it as completed.

Brain Dump does not read or list the contents of your existing Google Tasks (beyond task list names for the settings picker). It does not permanently delete tasks in Google Tasks — removing a reminder on your watch marks the linked task as done in Google Tasks instead.

Data usage

Google user data is used solely to provide the Google Tasks integration you opt into:

• Authentication — OAuth tokens are used to authenticate API requests to Google on your behalf.
• Task list selection — task list names and IDs are displayed in the settings screen so you can pick a destination list.
• Task creation — when you send a voice note to Google Tasks, the app calls the Google Tasks API to create one new task in the list you selected.
• Task completion — when you delete a reminder from your watch that was sent to Google Tasks, the app calls the Google Tasks API to mark that task as completed.
• Token refresh — the refresh token is used periodically to obtain a new access token so the integration keeps working without requiring you to sign in again.

Google user data is not used for advertising, analytics, profiling, machine-learning model training, or any purpose unrelated to creating and completing tasks on your behalf.

Data sharing

Brain Dump does not sell, rent, or transfer Google user data to third parties.

• Developer servers — Google user data is never sent to servers operated by the developer. All Google API calls are made directly from your phone (the Pebble companion app's JavaScript layer) to Google's servers.
• Google — data is transmitted only to Google via the official Google Tasks API and OAuth endpoints (tasks.googleapis.com, oauth2.googleapis.com, accounts.google.com) as required to authenticate, create tasks, and mark tasks as completed in your account.
• Other third parties — no other third party (including Notion, AI providers, webhooks, or analytics services) receives Google user data. Those integrations are separate and opt-in; they never receive your Google OAuth tokens or task data.

Data storage & protection

Google-related credentials and settings are stored locally on your phone and watch. On your phone, the Pebble app's settings storage (browser localStorage used by the companion settings page) holds your access token, refresh token, and selected task list ID. On your watch, local storage holds your on-watch reminders and, for items sent to Google Tasks, the associated Google task ID needed to mark them complete when you delete them from the watch.

• Tokens are never uploaded to, logged by, or accessible from any server run by the developer.
• All communication with Google uses HTTPS.
• OAuth sign-in uses PKCE (Proof Key for Code Exchange) to protect the authorization flow.
• Tasks you create are stored in your Google Tasks account and are subject to Google's privacy policy and security practices.

Data retention & deletion

Locally stored data (on your phone):

• OAuth tokens and your selected task list ID are retained until you remove them.
• To delete this data, tap Disconnect in the Brain Dump settings page under Google Tasks, then tap Save. This clears your stored tokens and disconnects the integration.
• You can also revoke Brain Dump's access at any time from your Google Account permissions page, which invalidates the stored tokens.

Data in your Google account:

• Tasks created by Brain Dump remain in your Google Tasks account until you delete them in Google Tasks or through any Google-provided deletion tools. If you delete the corresponding reminder on your watch, the task is marked as completed in Google Tasks but remains in your account until you remove it there.
• Brain Dump does not retain copies of created tasks beyond what is stored in your Google account.

Requesting deletion: To request deletion of any data the developer may hold (the developer does not collect or store Google user data on its own servers), open an issue on GitHub or contact the developer through that repository. For data stored in your Google account, use Google's account tools or delete the tasks directly in Google Tasks.

Google OAuth connection flow

Connecting Google Tasks is entirely optional. The OAuth flow works as follows:

• Initiated from the app's settings page on your phone
• Completed in your system browser (Chrome or Safari)
• After you grant permission, tokens are stored locally on your phone as described above

AI providers

If you enable the AI Agent destination, the text of your note is sent to the AI provider you configure (e.g. NVIDIA NIM, Groq, Mistral, OpenRouter, or a local model). The API key you supply is stored locally on your phone and is never shared with anyone other than the provider you chose. Refer to your chosen provider's privacy policy for how they handle request data.

Third-party services

All third-party integrations (Google, Notion, webhooks, AI APIs) are opt-in and configured entirely by you. Brain Dump acts only as a local relay between your voice and the services you explicitly connect.

Data collection

The developer does not collect, store, or have access to:

• Your voice recordings or transcriptions
• Your Google account data
• Your Notion content
• Your AI conversations
• Any analytics, crash reports, or usage data

Children's privacy

Brain Dump is not directed at children under 13 and does not knowingly collect information from them.

Changes to this policy

If this policy changes, the updated version will be posted at this URL with a new "Last updated" date.

Contact

Questions? Open an issue on GitHub.