Privacy Policy

1. Introduction

MindFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name (optional), and profile preferences when you create an account.
• Voice Recordings: Audio recordings you create using the Service.
• Transcriptions and Notes: Text generated from your voice recordings and any notes you create.
• Tasks and Organization Data: Tasks, tags, summaries, and organizational structures you create within the app.

2.2 Automatically Collected Information

• Device Information: Device type, operating system version, unique device identifiers, and app version.
• Usage Data: How you interact with the Service, including features used, recording duration, and time spent.
• Log Data: IP address, browser type, access times, crash reports, and error logs for troubleshooting.

2.3 Information We Do NOT Collect

• Location data (we don't access your GPS)
• Contacts or address book
• Photos or camera roll (unless you explicitly share)
• Browsing history outside the app

2.4 Information from Third Parties

If you choose to link your account with third-party services (such as calendar applications), we may receive information from those services in accordance with their privacy policies and your settings.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process and transcribe your voice recordings
• Generate summaries and extract action items using AI
• Sync your data across your devices (when enabled)
• Send you technical notices and support messages
• Respond to your comments and questions
• Analyze aggregated usage patterns to improve user experience
• Detect, investigate, and prevent fraudulent or illegal activities

4. Local Processing and On-Device AI

MindFlow is designed with a local-first architecture. This means:

• On-Device Processing: When supported by your device, transcription occurs entirely on-device without sending audio to our servers.
• Local Data Storage: Your voice notes, transcriptions, and tasks are stored locally on your device by default.
• Offline Functionality: Core features work without an internet connection.
• Optional Cloud Features: Sync, backup, and certain AI features may require sending data to our servers. You control which features to enable.

5. AI and Machine Learning

MindFlow uses AI to provide transcription, summarization, and organization features. When cloud processing is enabled:

• Third-party AI providers process your data under strict data processing agreements
• Providers are contractually prohibited from using your data for their own purposes
• Data is not retained after processing (zero data retention for API calls)
• We may use aggregated, anonymized data to improve our services, but this cannot be linked back to you

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third parties who assist in operating our Service (e.g., cloud hosting, AI processing, analytics), bound by confidentiality agreements.
• Legal Requirements: When required by law, subpoena, or legal process.
• Safety: To protect the rights, property, or safety of MindFlow, our users, or others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
• With Your Consent: For any other purpose with your explicit consent.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption in Transit: All data transmitted uses TLS/SSL encryption
• Encryption at Rest: Stored data uses AES-256 encryption
• Access Controls: Strict limits on who can access user data
• Regular Audits: Security assessments and penetration testing
• Secure Infrastructure: SOC 2 compliant cloud providers

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

• Local Data: Remains on your device until you delete it
• Cloud Data: Retained while your account is active
• After Deletion: Removed within 30 days of account closure
• Backups: Removed from backup systems within 90 days
• Aggregated Data: May be retained indefinitely in anonymized form

9. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Export: Export your data in a portable format
• Opt-out: Opt out of certain data collection and marketing communications
• Restrict Processing: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at team@heymind.app or use the in-app privacy controls.

10. Regional Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it's used
• Delete your personal information
• Opt-out of the sale of personal information (we don't sell your data)
• Non-discrimination for exercising your privacy rights

European Economic Area (GDPR)

If you are in the EEA, UK, or Switzerland, you have additional rights including:

• Data Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Lodge a Complaint: File a complaint with your local supervisory authority

Legal Bases for Processing: Contract (to provide the Service), Consent (for optional features), Legitimate Interests (to improve and secure the Service), and Legal Obligation (to comply with laws).

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@heymind.app.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from your country.

We ensure appropriate safeguards are in place when transferring data internationally, including Standard Contractual Clauses (SCCs) approved by relevant authorities.

13. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify affected users within 72 hours, notify relevant authorities as required by law, and provide information about the breach and steps you can take.

14. Cookies and Tracking (Website)

The MindFlow mobile app does not use cookies. Our website uses:

• Essential Cookies: Required for website functionality
• Analytics Cookies: To understand website traffic (opt-out available)

You can manage cookie preferences through your browser settings.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and sending you a notification through the app where appropriate. We encourage you to review this policy periodically.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: