Privacy Policy

1. Information We Collect

a) Account Information
When you register, we collect your email address and optionally a display name or nickname. If you sign in with Google, we receive your name and email from Google.

b) Journal Entries & Mood Data
All journal entries, mood check-ins, gratitude entries, sleep/energy logs, intentions, and goals you create are stored securely in our database. This content is private to you and is never shared with third parties.

c) AI Analysis Data
When you submit a journal entry, the text is sent to an AI service to detect mood, provide empathetic responses, and identify potential crisis signals. This analysis is stored as part of your entry.

d) Device & Session Information
With your consent, we collect device model, operating system, app version, platform (iOS/Android), and IP-based geolocation (country, city, timezone). This helps us understand how Mindflow Sync is used and improve the experience.

e) Usage Analytics
With your consent, we log anonymous session events (app opens, feature usage) to understand engagement patterns. No personally identifiable information is included in analytics unless you have accepted analytics cookies.

f) Push Notification Tokens
If you enable notifications, we store your device push token to send reminders and wellness nudges you have opted into.

2. How We Use Your Information

We use your information to:

• Provide, operate, and improve the Mindflow Sync app
• Personalise your experience (daily suggestions, mood-aware responses)
• Send notifications and reminders you have opted into
• Detect potential mental health crises and surface appropriate resources
• Generate insights and weekly reports from your journal entries
• Analyse aggregate usage patterns to improve the product (analytics only with consent)
• Comply with legal obligations and enforce our Terms of Service

3. Cookies & Analytics

Mindflow Sync uses two categories of cookies and local storage:

Essential cookies: Required for the app to function. These store your session token, theme preference, biometric settings, and offline data cache. You cannot opt out of essential cookies.

Analytics cookies: Optional. These collect device information and IP-based geolocation to help us understand how users interact with the app. You can accept or decline these on first launch via the cookie consent card. You can change your preference by clearing app data or contacting us.

4. Data Storage & Security

Your data is stored in a secure cloud database with row-level security (RLS) ensuring each user can only access their own data. Data is encrypted in transit (HTTPS/TLS) and at rest.

We implement rate limiting on authentication endpoints to prevent brute-force attacks, and we maintain an audit log of sensitive account changes.

5. Data Sharing

We do not sell your personal data. We may share data only in the following limited circumstances:

• With AI service providers solely to process your journal entries - they do not retain your data for training
• With our infrastructure provider, bound by their data processing agreement
• If required by law or to protect legal rights
• With your explicit consent for specific purposes

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your data is permanently removed within 30 days, except where we are required to retain it for legal compliance.

Analytics events that contain no personally identifiable information may be retained in aggregate form indefinitely for product improvement purposes.

7. Your Rights

Depending on your location, you may have the following rights:

• Right to access - request a copy of your personal data
• Right to rectification - correct inaccurate data
• Right to erasure - request deletion of your account and data
• Right to data portability - export your data in a common format
• Right to object - opt out of analytics data collection
• Right to withdraw consent - for cookie/analytics consent at any time

To exercise any of these rights, contact us here.

8. Children's Privacy

Mindflow Sync is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Crisis Detection

Mindflow Sync uses AI to detect potential mental health crises in journal entries. When crisis language is detected, a flag is stored on the entry and crisis resources are surfaced within the app. This feature does not automatically contact emergency services or third parties - it is an in-app support tool only.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via an in-app notice or email. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us:

Mindflow Sync
Contact: umarashraf.vercel.app/contact