Privacy Policy

Last updated: January 15, 2025

Privacy First Promise

Your thoughts are sacred. We built MindVault with zero-knowledge architecture, meaning we cannot read your personal data even if we wanted to. This isn't just a policy—it's built into our code.

1. Information We Collect

Personal Information You Provide

  • Account Information: Email address, password (hashed), and optional profile information
  • Your Thoughts and Memories: All content you create is encrypted end-to-end before leaving your device
  • Usage Preferences: Settings, themes, and app configurations

Automatically Collected Information

  • Technical Data: Device type, app version, crash reports (anonymized)
  • Usage Analytics: Feature usage patterns (aggregated and anonymized)
  • Performance Data: Load times, error rates (no personal content)

2. How We Use Your Information

Your Encrypted Content

We cannot and do not read your thoughts, memories, or insights. All processing happens on your device or through encrypted, zero-knowledge systems.

What We Can See

Only anonymized usage patterns to improve the app experience. Think "users clicked the insights tab 40% more this week" not "John wrote about his anxiety."

3. Data Sharing and Disclosure

We do not sell your personal information. Ever.

We may share limited, non-personal information with:

  • Service Providers: Cloud infrastructure (all data encrypted before transmission)
  • Analytics Partners: Aggregated usage statistics only
  • Legal Requirements: If required by law, though encrypted data is unreadable

4. Data Security

Our Security Measures

  • End-to-End Encryption: 256-bit AES encryption
  • Zero-Knowledge Architecture: We cannot decrypt your data
  • Local Processing: AI insights generated on your device when possible
  • Regular Security Audits: Third-party penetration testing
  • SOC 2 Type II Compliance: Audited annually

5. Your Rights

You have the right to:

  • Access: Download all your data in open formats
  • Delete: Permanently delete your account and all data
  • Portability: Export your memories to other platforms
  • Correction: Update or correct your information
  • Opt-out: Disable analytics or marketing communications

6. Data Retention

  • Active Accounts: Data retained as long as your account is active
  • Deleted Accounts: All data permanently deleted within 30 days
  • Backups: Encrypted backups deleted within 90 days of account deletion

7. International Data Transfers

Your encrypted data may be processed in countries where our service providers operate, including the United States and European Union. All transfers comply with GDPR and other applicable privacy laws.

8. Children's Privacy

MindVault is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email and by posting the new policy on our website with an updated "Last modified" date.

10. Contact Us

If you have any questions about this privacy policy or our practices, please contact us:

  • Email: privacy@mindvault.io
  • Address: MindVault Inc., 123 Privacy Lane, San Francisco, CA 94105
  • Data Protection Officer: dpo@mindvault.io

Related Documents

→ Terms of Service→ Security Overview→ GDPR Compliance→ Data Export Guide