Mindkeeper Privacy Policy

    Last updated: 25 January 2026

    This Privacy Policy explains how Mindkeeper ("Mindkeeper," "we," "us") collects, uses, stores, and shares information when you use the Mindkeeper app and related services (the "Services"). It is written to reflect common patterns in competitor privacy policies for AI wellbeing apps (e.g., clear crisis notice, data minimization, security overview, retention, user rights, and international transfers).

    1) Important safety note (not emergency care)

    Mindkeeper is not an emergency service and cannot provide crisis intervention. If you are experiencing thoughts of self-harm, suicide, or harming others, stop using the Services and contact your local emergency number or a qualified professional immediately.

    2) Who controls your data / contact

    Data controller: Mindkeeper
    Legal address: Zumurud Tower, Dubai, UAE
    Contact email (privacy): legal@getmindkeeper.com

    If you have questions or want to exercise privacy rights, email us at legal@getmindkeeper.com.

    3) Core principle: we minimize data and don't read your full conversations

    3.1 We do not view your real conversation transcripts

    Mindkeeper is designed so that human staff do not view or access your full chat transcripts or journals. Our goal is to provide support while collecting as little personal data as possible, respecting your privacy.

    3.2 What we do store: summaries + limited identifying profile data

    To provide your in-app history and generate insights/reports, we store:

    • Conversation summaries (the same summary you can see in your account), and
    • Age (or age range), gender (if you provide it), country (if you provide it), phone number (if you provide it), email address (if you provide it), orientation (if you provide it), full name (if you provide it), card payment details (if you provide them), answer to other registration questions (if you provide them).

    We seek to exclude direct identifiers from summaries wherever possible. Nevertheless, in limited circumstances, we are required by law to retain such information. For the avoidance of doubt, we do not have access to the underlying transcripts; this relates solely to the session summaries.

    Important: If you type names, contact details, or other identifying information into a chat, it could appear in a summary depending on how the summary is generated. Please avoid sharing identifying details in conversations.

    3.3 Encryption and access controls

    We use strong encryption and strict access controls to protect accounts and conversations. Our systems are designed so that conversation content is encrypted and not routinely accessible to Mindkeeper personnel, and we do not use human review of chat transcripts as part of ordinary operations.

    4) What information we collect

    We collect information in three ways: (A) what you provide, (B) what we generate, and (C) what is collected automatically.

    4.1 Information you provide

    • Age, gender, country, phone number, email address, full name, card payment details, answer to registration questions.
    • Support communications: if you email us, we receive what you send (email address, message content, attachments).

    4.2 Information we generate from use of the Services

    • Conversation summaries (generated for your account view and internal reporting).
    • De-identified reports and analytics: aggregated statistics (e.g., topic frequency, feature usage trends) created from summaries.

    4.3 Information collected automatically (device/usage data)

    Like most apps, we may collect basic technical data necessary to operate securely and reliably, such as:

    • device type, operating system version, app version
    • crash logs, performance logs
    • approximate region/country (derived from IP), language, time zone
    • feature interaction data (e.g., which screens are used, session counts)

    5) How we use your information

    We use the limited data we collect to:

    • Provide and operate the Services (e.g., show your summaries in your account; deliver features).
    • Create reports and improve the Services using summaries and aggregated/de-identified data (e.g., product improvements, safety improvements, feature prioritization).
    • Security and fraud prevention (e.g., detecting abuse, protecting accounts).
    • Support and communications (responding to messages you send us; service notices).
    • Legal compliance (e.g., responding to valid legal requests where required).

    6) Legal bases for processing (EEA/UK and similar frameworks)

    Where GDPR/UK GDPR (or similar laws) apply, we rely on the following legal bases, consistent with common competitor approaches:

    • Performance of a contract: to deliver the Services you request (e.g., account features, summaries).
    • Consent: where required for certain processing or optional features (and you can withdraw consent).
    • Legitimate interests: to operate, secure, and improve the Services (balanced against your rights).
    • Legal obligation: to comply with laws and lawful requests.
    • Vital interests: to protect someone's vital interests in limited scenarios permitted by law (noting Mindkeeper is not a crisis service).

    7) How we share information

    7.1 We do not sell your concrete personal data

    We do not sell concrete personal data and do not share it with third parties for their own advertising purposes.

    7.2 Service providers (processors)

    We share the minimum necessary data with vendors that help us run the Services, under contracts that restrict their use of the data.

    Based on your current stack, this includes:

    • Google Cloud BigQuery (data warehousing / reporting): stores conversation summaries and aggregated reporting datasets.
    • Supabase (application database/auth/storage): stores account-related data and may store summaries depending on implementation.
    • Lovable (app creation/platform tooling): may process limited data required to run/maintain the app environment.

    We may also use additional providers for:

    • Payments/subscription management (e.g., Apple/Google in-app purchases; or a payment processor if you buy on web),
    • Email delivery (service emails),
    • Crash reporting / performance monitoring (technical logs),
    • Analytics (preferably aggregated/de-identified usage trends).

    7.3 Legal and safety disclosures

    We may disclose information if we believe it is reasonably necessary to: comply with a valid legal process, enforce our terms, prevent fraud or security incidents, protect the rights, safety, and security of users or others.

    7.4 Business transfers

    If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

    8) AI, profiling, and automated decision-making

    Mindkeeper uses AI to generate responses and to generate/store summaries.

    • No high-impact decisions: Mindkeeper does not make decisions that produce legal or similarly significant effects about you (e.g., insurance eligibility, employment decisions).
    • You can limit what you share; you can request deletion as described below.

    9) International data transfers

    Mindkeeper is based in Dubai, UAE, and our service providers (e.g., Google Cloud, Supabase, Lovable) may process or store data in multiple countries.

    Where laws like GDPR apply and transfers occur to countries without an adequacy decision, we use appropriate safeguards such as:

    • Standard Contractual Clauses (SCCs) and/or equivalent contractual protections, and
    • other legally recognized transfer mechanisms where applicable.

    10) App Tracking Transparency (ATT) Choices on iOS

    On iOS devices, users may receive a system permission request asking whether they allow the app to track their activity across apps and websites owned by other companies. This permission is provided through Apple’s App Tracking Transparency (ATT) framework.

    If You Select “Allow”

    If you choose to allow tracking, we may use certain identifiers and technologies to:

    • Measure the effectiveness of advertising campaigns.
    • Understand how users discover our app.
    • Improve marketing performance.
    • Deliver more relevant advertisements.
    • Analyze interactions with advertisements and marketing campaigns.

    This may include the use of advertising and analytics partners that help us understand app installs, conversions, and campaign performance.

    If You Select “Ask App Not to Track”

    If you choose not to allow tracking:

    • We will not use your device’s advertising identifier (IDFA) for cross-app or cross-website tracking purposes.
    • We will not track your activity across apps or websites owned by other companies for targeted advertising purposes.
    • We will not use prohibited fingerprinting techniques to attempt to identify your device.

    However, we may still collect and process certain limited information that is necessary to:

    • Operate and secure the app.
    • Maintain app functionality.
    • Perform internal analytics and performance measurement.
    • Monitor crashes and technical issues.
    • Measure feature usage within our own app.
    • Manage subscriptions and account functionality.
    • Prevent fraud, abuse, and unauthorized access.

    This data is used solely for our own internal operations and is not used to track you across third-party apps or websites.

    Please note that your ATT choice can be changed at any time in your iPhone or iPad Settings under:Settings > Privacy & Security > Tracking.

    11) Data retention

    We keep personal data only as long as necessary for the purposes described in this Policy.

    A practical retention approach for Mindkeeper:

    • Summaries + basic personal information: retained while your account is active to provide your account history and reporting features.
    • Technical logs: retained for a limited period for security/troubleshooting (often up to 12–24 months after account has been inactive for at least 12 months).
    • Support emails: retained as needed to handle requests and for recordkeeping.

    Account deletion

    When you delete your account (or request deletion), we delete or de-identify personal data unless we must retain certain information for legal, security, or dispute-resolution reasons.

    We delete or de-identify personal data following an account deletion request, unless we must retain certain information to: (a) comply with a legal obligation; (b) establish, exercise, or defend legal claims; (c) protect freedom of expression and information (where applicable); (d) carry out tasks in the public interest or under official authority (where applicable); (e) meet public health obligations (where applicable); or (f) support archiving in the public interest, research, or statistics with appropriate safeguards.

    Request handling (legal response deadline)

    1) We will respond to your deletion request within 1 month. If the request is complex or numerous, we may extend by up to 2 additional months, and we will inform you of the extension within the first month. Your account will become inaccessible within those first 30 days.

    2) We retain limited security logs (e.g., authentication, abuse-prevention, incident investigation) up until 24 months after we received the request to delete your account and remove your data.

    Account deletion means removal from active systems and de-identification where feasible; backup removal occurs on the backup rotation schedule.

    12) Security

    We implement technical and organizational measures to protect information, including:

    • encryption in transit (e.g., TLS) and encryption at rest,
    • strict access controls and least-privilege practices,
    • monitoring and logging for security events,
    • secure development and vendor risk management.

    13) Children's privacy

    Mindkeeper is not intended for children under 16. If we learn we collected personal data from a child under 16 without appropriate authorization, we will delete it. More information regarding this policy in our Terms & Conditions, article 4.

    14) Your privacy rights

    Depending on where you live, you may have rights including:

    • access to your personal data,
    • correction/rectification,
    • deletion/erasure,
    • data portability,
    • restriction or objection to processing,
    • withdrawal of consent (where processing is based on consent),
    • the right to complain to a supervisory authority (EEA/UK and similar jurisdictions).

    How to exercise rights: email legal@getmindkeeper.com.
    We may request information to verify your identity before fulfilling your request.

    15) Cookies and tracking (website)

    We use cookies and similar technologies (together, "cookies") to make our website work, to improve performance, and, where you choose, to personalize your experience and measure the effectiveness of our communications.

    Types of cookies we use

    1. Strictly necessary cookies — These cookies are required for the website to function (e.g., page navigation, security, fraud prevention, load balancing, and remembering your cookie preferences). Because they are essential, they are set on the basis of our legitimate interests in operating the site.

    2. Preferences (functional) cookies — These remember choices you make (e.g., language or country) to provide enhanced features. We set these only where you have provided consent, unless they are strictly necessary for the service you request.

    3. Analytics cookies — These help us understand how visitors use the site (e.g., pages visited, time on page, error messages) so we can improve usability and performance. We use analytics cookies only with your consent.

    Your choices and how to manage cookies

    When you first visit our site, you will be asked to set your cookie preferences via our cookie banner or settings tool. You can accept, reject, or customize non-essential cookies at any time by reopening the cookie settings (where available). You can also control cookies through your browser settings (including deleting existing cookies). Note that disabling cookies may affect site functionality.

    Third parties and international transfers

    Some cookies are placed by third-party providers (e.g., analytics or advertising partners). These providers may process data in accordance with their own privacy notices. If data is transferred outside your country/region, we use appropriate safeguards (such as contractual protections) where required.

    Retention

    Cookies may be session-based (deleted when you close your browser) or persistent (stored for a defined period). We keep cookie data only as long as needed for the purposes described above.

    16) Changes to this Privacy Policy

    We may update this Policy from time to time. If changes are material, we will provide notice (e.g., in-app or by email) and update the "Last updated" date.

    17) Contact

    Mindkeeper
    Zumurud Tower, Dubai, UAE
    legal@getmindkeeper.com