MindDrive logoMindDrive logo

Privacy Policy

Effective date: June 11, 2026

This Privacy Policy explains what MindDrive collects, how we use and disclose information, and the choices you have when you use the app, website, AI features, support, subscriptions, and optional integrations.

It covers account data, journal content, AI processing, health and sleep data, regional data storage, subscriptions, support, retention, deletion, and privacy rights.

English version controls. If MindDrive provides a translation of this document, it is for convenience only. To the fullest extent permitted by applicable law, the English version controls if there is a conflict between versions.

At a glance

MindDrive is a private AI journaling, reflection, memory, and personal insight app. You create journal folders, write entries, review them, and may use AI features to summarize, search, reflect on, and chat with your own content.

MindDrive is not a medical device, therapy service, crisis service, diagnosis tool, or substitute for professional advice. AI-generated insights may be incomplete, inaccurate, or not appropriate for your situation.

We collect account information, journal and user-generated content, AI-generated or AI-derived information, optional health, sleep, fitness, connected activity, and listening-history information, optional calendar and image information, subscription and support information, approximate location and weather context, device and diagnostic information, and local app settings.

Some MindDrive features require your content to be processed by MindDrive servers and service providers, including AI providers, to provide the feature you requested. Do not use MindDrive for content you are not comfortable having processed this way.

MindDrive assigns each account to a regional data bucket during signup based on the country you confirm. Core MindDrive app data is stored in the assigned North America, UK, EU, or APAC Firestore database and served through the matching regional backend where the feature allows it.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising or targeted advertising. We do not use journal content or health data for advertising.

Apple and Google process app-store payments. MindDrive does not directly receive your payment card number.

Account deletion deletes your MindDrive account and core MindDrive account data, but it does not cancel subscriptions purchased through Apple or Google. You must cancel those subscriptions through the applicable app store.

Manage Your Data in Settings lets you manage Weather and Analytics preferences, export entries and saved chats, and delete specific AI-generated data.

MindDrive encrypts meaningful user data at rest for supported app data, such as journal entries, chats, AI-derived memories, folder names, tag names, Home Insights, and reminder titles. Operational metadata may remain readable where needed for authentication, billing, delivery, safety, routing, debugging, or app performance. Support submissions are readable to support systems and staff when you send them, exports are plaintext by your action, and AI features decrypt selected content transiently to provide requested features. We do not describe MindDrive as end-to-end encrypted.

Scope

This Privacy Policy applies to:

  • the MindDrive mobile app;
  • the MindDrive website and legal pages;
  • account, subscription, and support services;
  • AI journaling, reflection, memory, chat, summarization, OCR, text-to-speech, and insight features;
  • integrations or permissions you choose to enable, such as HealthKit, Health Connect, Strava or connected fitness services, Spotify listening-history imports, selected Gmail, Google Drive, or YouTube imports, calendar, camera, photo library, notifications, weather, and support attachments.

This Privacy Policy does not apply to third-party services that you access outside MindDrive, such as Apple App Store, Google Play, Apple Health, Android Health Connect, Strava, Spotify, Google services, Apple Sign In, Google Sign-In, or third-party websites. Those services have their own privacy practices.

Who is responsible for your information

MindDrive Inc. is responsible for personal information processed through MindDrive, except where a third party acts as an independent controller under its own terms, such as Apple or Google for app-store billing and account services.

You can contact MindDrive about privacy questions at support@minddrive.io.

Personal information we collect

We collect personal information from you, from your device and app activity, from permissions or integrations you enable, from service providers, and from AI-generated or AI-derived processing.

Account and authentication information may include:

  • email address, display name, account ID, authentication provider IDs, email verification status, login timestamps, account creation date, and session ID;
  • authentication settings, MFA/TOTP metadata, hashed recovery codes, security settings, PIN settings, biometric app-lock settings, and account security settings.

Journal and user-generated content may include:

  • rich text journal entries, plaintext versions of entries, dates and times, tags, folders, folder cards, favorites, and scratchpad content;
  • chat messages in MindDrive, prompts sent to AI features, assistant responses, feedback, comments, text extracted from imported images, selected calendar event details, selected connected fitness activity details, selected Spotify listening-history details, selected Gmail thread details, selected Google Drive file content or metadata, selected YouTube video or channel details, and optional sleep, health, or weather summaries inserted into journal entries.

Your journal content may include sensitive personal information depending on what you write, including information about your mental health, physical health, relationships, beliefs, location, work, family, finances, or other personal matters.

AI-generated and AI-derived information

MindDrive may create information from your content to power app features. This may include:

  • journal and folder summaries; mood, sentiment, emotion, or reflection labels; search tags; search representations used for semantic search; mood statistics; and personal insight summaries built from your content;
  • saved chat context, cross-chat memory that is on by default unless you turn it off in MindDrive chat settings, AI-generated chat titles, summaries from calendar, sleep, health, connected fitness, listening-history, or selected Google data you choose to import, text extracted from images, text-to-speech output, and related metadata.

AI data controls may delete saved MindDrive chats, chat memory, folder-level memories, cross-folder memory, Home Insights, and generated editor prompts.

This information may be linked to your account and may itself be sensitive if it reflects or infers mental, emotional, physical, health, or behavioral information.

Optional health and fitness information

If you choose to enable Apple Health / HealthKit, Android Health Connect, Strava, or another connected fitness service and take action to import information, MindDrive may process sleep sessions, sleep stages, time in bed, sleep efficiency, heart rate, respiratory rate, heart rate variability, oxygen saturation, steps, distance, active calories, exercise time, workout sessions, activity details, and related health, sleep, or fitness summaries you choose to include in MindDrive.

MindDrive uses this information for journaling, reflection, context, and personal insight features. MindDrive does not use this information for medical diagnosis, treatment, emergency intervention, advertising, credit decisions, insurance decisions, employment decisions, data broker sales, or unrelated profiling.

You can manage HealthKit permissions through Apple Health and iOS settings. You can manage Health Connect permissions through Android settings and Health Connect controls. You can manage Strava access through MindDrive connected app settings and Strava account settings.

Optional listening history information

If you choose to connect Spotify and take action to import listening history, MindDrive may process recently played track names, artist names, album names, play times, track duration, explicit-content flags, Spotify track URLs, and limited Spotify account metadata needed to show connection status.

MindDrive uses this information for journaling, reflection, context, and personal insight features. MindDrive does not play music, control playback, modify your Spotify account, use Spotify information for advertising, or request audio-streaming access.

You can manage Spotify access through MindDrive connected app settings and Spotify account settings.

Optional Google import information

If you choose to connect a Google account and take action to import information, MindDrive may process selected Gmail thread subjects, senders, dates, snippets, and message text, selected Google Drive file names, metadata, and file content, and selected YouTube video, channel, or activity details that the YouTube Data API makes available.

MindDrive uses this information for journaling, reflection, context, and personal insight features. MindDrive does not send email, modify your Gmail account, write to Google Drive, modify YouTube activity, run background inbox or file sync, or import a full mailbox.

You can manage Google import access through MindDrive connected app settings and your Google Account permissions.

Calendar, media, location, and weather context

If you grant permission and choose to import calendar or reminder information, MindDrive may process calendar list names, selected event titles, start and end times, recurrence information, notes or descriptions, and selected calendar details you choose to summarize or include in a journal entry.

If you grant permission and choose images or media, MindDrive may process selected images, resized or compressed image versions, text extracted from images, OCR results, and support-ticket attachments. Images may be sent to MindDrive servers and AI providers for text extraction or other requested features.

MindDrive may use IP-based approximate location lookup for region assignment, production infrastructure routing, weather context, location history, security and fraud prevention, support routing, analytics, and service operations.

  • Approximate location fields may include IP address, city, region or province/state, country, approximate latitude and longitude, timezone, visit counts, last known approximate location, and location or region history.
  • We do not use GPS location unless we separately disclose that and obtain any required permissions. IP-based location may be inaccurate and may still be considered location information under some laws.

Subscriptions, support, analytics, and diagnostics

MindDrive uses app-store billing and subscription entitlement providers. We may collect or receive RevenueCat customer ID, app user ID or account ID, entitlement IDs, subscription plan identifiers, such as annual or monthly plan identifiers, subscription status, cancellation status, expiration status, payment-error flags, app-store environment, webhook IDs, subscription management URL, and related metadata.

If you contact us, use live chat, or submit a support request, we may process request reason, message content, account ID, email address, timezone, app version, build, runtime version, release channel, device name, operating system, network status, recent failed API requests, backend error metadata, subscription state, approximate region, support attachments, support ticket identifiers, ticket numbers, and live chat metadata.

Support messages, live chat messages, and attachments are separate from encrypted journal storage. They are readable to support systems and staff when you choose to send them.

We may collect app interactions, feature usage, device and app information, crash logs, performance logs, backend route, status, timing metadata, release channel, operating system, device identifiers or installation identifiers, network status, Cloudflare Turnstile tokens, email validation or reputation results, IP-based geolocation results, security events, authentication events, and anti-abuse signals.

MindDrive does not intentionally send raw journal entries, Learn prompts, AI responses, or health summaries to analytics or diagnostics tools unless we disclose that clearly and obtain any required consent.

Website cookies and consent choices

The MindDrive website uses cookies and similar browser tools in limited ways. Essential cookies keep the website working and remember your choices. Marketing and analytics are off unless you choose to allow them.

Essential cookies remember your cookie preference, keep ordinary website controls working, support security and abuse-prevention features, and avoid repeatedly showing the same cookie prompt after you make a choice. Because these cookies are needed to provide and respect your website choices, they remain active.

MindDrive's website cookie categories are:

  • Essential: always-on cookies or similar tools that remember cookie choices and support ordinary website operation.
  • Marketing: optional cookies or similar tools that may help MindDrive deliver relevant MindDrive advertisements, promotions, and offers, optimize ad delivery, and measure campaign effectiveness.
  • Analytics: optional cookies or similar tools that may help MindDrive understand aggregate website traffic, page visits, referral sources, device or browser categories, approximate region, and whether launch pages are working as intended.

If you choose Accept all, MindDrive may use privacy-safe marketing or analytics cookies and similar tools to understand aggregate website traffic, measure launch campaigns, and improve launch pages. Analytics helps answer questions such as which pages are visited, whether people return to the website, which pages are confusing or underused, and whether website changes improve the launch experience.

MindDrive does not use journal content, Learn prompts, AI responses, health summaries, folder names, tag names, support messages, or other user-authored freeform content for website advertising or website analytics.

You can choose Manage choices, Use essential only, or Accept all in the cookie banner, or change your choice at any time using Cookie Preferences in the website footer. Turning off marketing or analytics does not affect your ability to use the website.

Local and on-device information

MindDrive may store information locally on your device, including:

  • theme and UI preferences; weather, calendar, and sleep preferences; sort and filter order; selected folders and tags; scratchpad content; text-to-speech voice preference; session ID;
  • review, search, and chat caches; local PIN; local security data; app-lock information; encrypted local search or chat indexes; and searchable entry or chat text protected with a device key where available.

MindDrive uses platform security tools, such as secure device storage, for sensitive local settings where available.

Sources and uses of personal information

We collect personal information from:

  • you, when you create an account, write entries, use AI features, contact support, or enable settings;
  • your device, app, browser, permissions, and local storage;
  • Apple, Google, Firebase, RevenueCat, and other service providers;
  • HealthKit, Health Connect, Strava, Spotify, Google services, or connected services, only if you enable permissions or connect an account and import information;
  • calendar or photo services, only if you enable permissions and choose information to import;
  • AI processing, when MindDrive generates summaries, semantic search representations, insights, titles, tags, OCR, chat responses, or saved context.

We use personal information to:

  • create, authenticate, secure, and manage accounts;
  • provide journaling, folders, review, Learn, saved context, search, reflection, AI summaries, insights, tags, semantic search, chat responses, titles, OCR, calendar summaries, sleep summaries, fitness summaries, and text-to-speech features;
  • process optional health, sleep, fitness, listening-history, selected Google import, calendar, photo, image, weather, and location-context features;
  • personalize your experience within MindDrive; manage subscriptions and entitlements; provide support and live chat;
  • detect, prevent, and respond to fraud, abuse, errors, outages, and security incidents;
  • monitor app performance, reliability, and crashes; maintain logs and operational records;
  • communicate with you about your account, security, support, subscriptions, changes, and service messages;
  • comply with legal obligations, enforce our Terms, and protect the rights, safety, and property of MindDrive, users, and others.

Legal bases where applicable

Where laws such as GDPR, UK GDPR, or similar frameworks apply, we rely on one or more legal bases, including contract, consent, legitimate interests, legal obligations, and vital interests or public interest where necessary and legally permitted.

  • We rely on contract to provide MindDrive, manage your account, process subscriptions, and deliver features you request.
  • We rely on consent for optional permissions and features, such as HealthKit, Health Connect, Strava or connected fitness imports, Spotify listening-history imports, selected Gmail, Google Drive, or YouTube imports, calendar imports, photo/image processing, certain AI features, optional weather context, certain communications, and any processing requiring consent.
  • We rely on legitimate interests to secure the service, prevent abuse, debug, improve performance, provide support, understand general app usage, and operate MindDrive where those interests are not overridden by your rights.
  • We rely on legal obligations to comply with applicable law, tax, accounting, consumer protection, app-store, court, or regulatory obligations.

For Canadian users, we seek meaningful consent appropriate to the sensitivity of the information and the reasonable expectations of users. You may withdraw consent to optional processing, subject to legal or contractual limits, by changing app settings, revoking device permissions, deleting content, deleting your account, or contacting us.

Sensitive information, health data, and mental-wellbeing content

MindDrive may process sensitive information because journaling and reflection can involve deeply personal content. Sensitive information may include:

  • mental health or emotional wellbeing information you write or infer through AI features;
  • physical health, sleep, fitness, listening-history, email, file, or video information you import;
  • intimate, family, relationship, religious, political, financial, employment, or similar information you choose to write;
  • biometric-related app-lock settings or Face ID / biometric authentication status, where processed by the device;
  • precise or approximate location information, depending on the feature and applicable law;
  • contents of journal entries, prompts, AI chats, and support messages.

MindDrive processes sensitive information only to provide requested app features, operate the service, maintain security, provide support, comply with law, or as otherwise disclosed with your consent.

MindDrive does not use HealthKit, Health Connect, Strava connected fitness data, Spotify listening history, selected Google import data, journal content, or health-related information for advertising, credit, insurance, employment, lending, data broker sales, or unrelated profiling.

MindDrive is not HIPAA-covered unless a separate written agreement says otherwise. Do not use MindDrive as a substitute for medical, mental health, legal, financial, or other professional advice.

AI processing

MindDrive uses AI to provide features such as journal and folder summaries, mood and emotion reflections, personal insight summaries, search tags, semantic search, chat responses, saved chat context, cross-chat memory, AI-generated titles, image text extraction, calendar summaries, sleep summaries, fitness summaries, listening-history summaries, selected Google import summaries, text-to-speech output, and auto-editing or writing assistance.

Cross-chat memory is on by default and can be turned off in MindDrive chat settings. It uses a saved summary to help future chats remember useful context without carrying every message forward.

To provide AI features, MindDrive may process selected content on MindDrive servers and may send relevant content, prompts, metadata, or selected context to AI providers such as OpenAI or Google Vertex AI / Gemini. We share only what is reasonably needed for the requested feature.

Subject to provider agreements and technical settings, we require AI providers not to use your journal content to train their general models unless you have expressly opted in or we clearly tell you otherwise and obtain any required consent. Provider retention, abuse monitoring, and endpoint-specific storage may vary.

AI outputs may be incomplete, inaccurate, biased, or inappropriate. AI mood, sentiment, emotion, or health-related reflections are informational only and are not medical, mental health, diagnostic, therapeutic, legal, financial, or professional advice.

MindDrive does not promise to monitor journal entries or AI chats for emergencies, self-harm, abuse, or crisis situations. If you may be in danger or need urgent help, contact emergency services, a crisis hotline, or a qualified professional.

When we disclose personal information

We use service providers to operate MindDrive. These may include:

  • Google Firebase and Google Cloud for Auth, Firestore, Storage, Cloud Functions, Cloud Run, KMS, Secret Manager, Firebase Analytics, Crashlytics, and Performance;
  • OpenAI for AI analysis, chat, semantic search support, TTS, and image/text extraction;
  • Google Vertex AI / Gemini for AI fallback or selected AI features;
  • RevenueCat for subscription entitlement management;
  • Apple and Google for app stores, billing, sign-in, HealthKit, Health Connect, and platform services;
  • Strava and connected fitness services when you choose to connect an account and import activity information;
  • Spotify when you choose to connect an account and import listening history;
  • Google services when you choose to connect a Google account and import selected Gmail, Google Drive, or YouTube information;
  • Zoho SalesIQ and Zoho Desk for live chat and support tickets;
  • Cloudflare Turnstile for bot protection;
  • email delivery providers, IP geolocation providers, email validation or reputation providers, analytics, diagnostics, hosting, security, logging, and operational vendors.

These providers may process personal information only as needed to provide services to MindDrive or as otherwise permitted by their agreements and applicable law.

We may disclose information at your direction or with your consent, including when you use Apple or Google sign-in, import HealthKit, Health Connect, connected fitness data, Spotify listening history, selected Google information, or calendar events, upload images for OCR, contact support, or request AI processing.

We may disclose information for app-store billing and subscriptions, legal and safety obligations, fraud and abuse investigations, rights protection, disputes, audits, compliance obligations, and business transfers such as a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising or targeted advertising. We do not use journal content, HealthKit data, Health Connect data, Strava connected fitness data, Spotify listening history, selected Google import data, or health-related information for advertising.

International processing and data residency

MindDrive uses regional Firestore databases and regional Cloud Run backends for core app data in the currently supported countries. During signup, MindDrive asks you to confirm your country and assigns your account to one of four data regions.

Country groupData regionCore Firestore databasePrimary backend location
United States and CanadaNorth America(default), using Firestore multi-region nam5 in the United Statesnorthamerica-northeast2 in Toronto, Canada
United KingdomUKukdb in europe-west2 in London, United Kingdomeurope-west2 in London, United Kingdom
Ireland, Netherlands, Denmark, Sweden, Norway, Finland, Germany, Austria, Switzerland, Belgium, Luxembourg, Iceland, Malta, Portugal, Estonia, Czechia, Poland, Croatia, and SlovakiaEUeudb in europe-west3 in Frankfurt, Germanyeurope-west3 in Frankfurt, Germany
Australia, New Zealand, and SingaporeAPACapac in australia-southeast1 in Sydney, Australiaaustralia-southeast1 in Sydney, Australia

If your country is not in the supported country list, or if a country code cannot be recognized, MindDrive may assign the account to North America unless we provide another supported option.

Regional routing applies to core MindDrive app records such as account app data, journal entries, folders, chats, AI-derived app data, notification state, support mirrors, subscription entitlement mirrors, and regional operational records stored in Firestore. It does not mean every service provider or every processing step is located only in that region.

Firebase Authentication, app-store billing, RevenueCat entitlement services, AI providers, support providers, email providers, analytics, diagnostics, bot protection, security tools, website forms, legal or compliance workflows, and provider logs may process personal information in other countries where those providers or their subprocessors operate.

Some account, security, and support workflows intentionally check across regional databases so MindDrive can prevent duplicate accounts, verify recovery or lockout tokens, find the right support ticket, process a regional webhook, or route a user back to the correct account region. These workflows use limited identifiers or operational records for that purpose and update only the matched account region where the workflow affects user data.

Where personal information is transferred internationally, MindDrive relies on provider agreements, contractual safeguards, adequacy decisions, data privacy frameworks, standard contractual clauses, or other lawful transfer mechanisms as applicable.

Retention

We keep personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

CategoryGeneral retention approach
Account dataKept while your account is active and for as long as needed after deletion for security, fraud prevention, legal, tax, accounting, or compliance purposes.
Journal entries and user contentKept until you delete the content or your account, subject to backups, logs, and processor retention.
AI-derived data and search indexesKept while needed to provide AI, search, memory, insight, and Learn features, or until deleted through app controls or rebuilt under applicable workflows.
Health, sleep, calendar, image, and weather summariesKept as part of journal content, AI-derived data, or feature metadata until deleted or no longer needed.
Subscription recordsKept as needed to manage entitlements, resolve billing issues, comply with app-store rules, and maintain business records. Apple, Google, and RevenueCat may retain records under their own policies.
Support records, analytics, diagnostics, and security logsKept as long as needed for support, reliability, security, abuse prevention, legal, and operational purposes, or according to provider settings.
Backups and local device dataBackups are deleted or overwritten according to backup cycles. Local device data remains until cleared through app features, logout/account deletion flows, cache clearing, app deletion, or device settings.

Deleting content, deleting your account, and canceling subscriptions

MindDrive may allow you to delete entries, chats, and cross-chat memory separately. Delete History for cross-chat memory clears the saved cross-chat memory summary without deleting saved chats. When you delete content, we delete or de-identify the relevant records according to MindDrive's deletion workflow.

Manage Your Data may also let you delete saved MindDrive chats, chat memory, folder-level memories, cross-folder memory, Home Insights, and generated editor prompts. These controls do not delete your journal entries unless you separately delete entries or your account.

If you delete your MindDrive account in the app, MindDrive deletes your account record and associated MindDrive app content according to the account deletion workflow. Some records may remain where retention is required or permitted, as described in this Privacy Policy.

Some information may remain after account deletion, including:

  • subscription and transaction records held by Apple, Google, or RevenueCat;
  • support tickets, attachments, and emails retained for support, legal, security, or compliance purposes;
  • cancellation feedback or administrative records, such as account ID, reason, feedback, and timestamp;
  • security, fraud, and operational logs;
  • backup copies until overwritten;
  • records retained by service providers according to their policies and our agreements;
  • information we must retain for legal, tax, accounting, dispute, or compliance purposes.

Deleting your MindDrive account, deleting the app, or stopping use of MindDrive does not cancel subscriptions purchased through Apple App Store or Google Play. You must cancel your subscription through the applicable app-store subscription settings.

If you cannot access the app to request deletion, contact support@minddrive.io from the email address associated with your account.

Your choices and controls

Depending on your location and app version, you may have choices such as:

  • update account information; delete entries; delete chats; delete cross-chat memory; delete your account;
  • export entries and saved chats from Manage Your Data in Settings;
  • disable analytics where the app provides an analytics setting;
  • revoke HealthKit permissions in Apple Health or iOS settings; revoke Health Connect permissions in Android settings; disconnect Strava in MindDrive connected app settings or Strava account settings; disconnect Spotify in MindDrive connected app settings or Spotify account settings; disconnect Google imports in MindDrive connected app settings or Google Account permissions;
  • revoke calendar, reminder, camera, photo library, microphone, notification, or biometric permissions in device settings;
  • disable weather context if the app provides that setting; turn off cross-chat memory in MindDrive chat settings; disable optional AI features where available;
  • unsubscribe from non-essential emails; contact support to request access, correction, deletion, or other privacy rights.

Bulk entry exports may include all folders or selected folders. Entry and chat exports may be saved as Markdown or plain text through the device sharing flow.

Export files are intentionally readable once you create them. Protect exported copies through your device, storage provider, or sharing destination.

Some features may not work if you revoke permissions or disable optional processing.

Marketing and communications

We may send service, account, security, support, subscription, and transactional messages. These are not marketing and may be necessary to provide MindDrive.

We will send marketing communications only where permitted by law or with any required consent. You can opt out of marketing communications using the unsubscribe link or by contacting us. Opting out of marketing does not stop service or security messages.

California and US state privacy rights

Depending on your state, you may have rights to:

  • know or access personal information we collect, use, disclose, sell, or share;
  • receive a portable copy of personal information;
  • delete personal information;
  • correct inaccurate personal information;
  • opt out of sale or sharing for targeted advertising;
  • limit certain uses or disclosures of sensitive personal information;
  • opt out of certain profiling decisions, where applicable;
  • appeal a privacy request decision;
  • not be discriminated against for exercising privacy rights.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising or targeted advertising. We do not use sensitive personal information for purposes requiring a right to limit under California law unless we provide the required notice and choice.

CategoryExamplesSourcesPurposesDisclosed to
Identifiers and contact informationEmail, account ID, provider IDs, session ID, IP address, name/display nameYou, device, providersAccount, security, support, subscriptions, communicationHosting, auth, support, subscription, security, and email providers
Commercial informationSubscription products, entitlement status, purchase metadataApp stores, RevenueCatBilling, entitlements, supportApple, Google, RevenueCat, support providers
Internet or device activityApp interactions, diagnostics, logs, performance dataDevice, app, backendOperations, analytics, reliability, securityFirebase/GCP and diagnostics providers
GeolocationIP-based approximate city, region, country, timezone, approximate coordinatesDevice/network, IP providerRegion assignment, weather, routing, securityHosting, IP geolocation, analytics/operations providers
User content, health information, listening history, and selected Google importsJournal entries, chats, prompts, images, support messages, sleep, fitness, steps, distance, active calories, exercise time, workout sessions, activity details, heart rate, HRV, respiratory rate, oxygen saturation, sleep summaries, fitness summaries, imported Spotify track and play details, selected Gmail thread details, selected Google Drive file content or metadata, selected YouTube video or channel detailsYou, HealthKit, Health Connect, Strava or connected fitness services, Spotify, Google servicesJournaling, AI, support, storage, optional reflection featuresHosting, AI providers, support providers
Sensitive personal information and inferencesJournal contents, health data, mental-wellbeing inferences, authentication/security data, location depending on law, mood, summaries, insights, tags, semantic search representationsYou, device, providers, AI processingApp functionality, security, optional features, supportService providers as needed

To exercise state privacy rights, contact support@minddrive.io. We may need to verify your identity before responding. Authorized agents may submit requests where permitted by law, subject to verification.

Consumer health data privacy notice

This section applies where consumer health privacy laws, such as Washington's My Health My Data Act or similar laws, apply.

MindDrive may process consumer health data, which may include:

  • health or mental-wellbeing information you write in journal entries;
  • mood, sentiment, emotion, or wellness-related AI inferences;
  • sleep information, heart rate, respiratory rate, heart rate variability, oxygen saturation, time in bed, and sleep efficiency;
  • fitness information, steps, distance, active calories, exercise time, and workout sessions;
  • health, sleep, or fitness summaries;
  • health-related calendar, image, or support information you choose to provide;
  • location or weather context if linked to health-related content or inferences.

We collect and use consumer health data to provide requested journaling, reflection, memory, AI, search, sleep, health, and support features; to secure and operate the service; to comply with law; and for other purposes you consent to.

We may disclose consumer health data to service providers needed to provide MindDrive, such as cloud hosting, AI providers, support systems, security providers, and app-store or entitlement providers when relevant. We do not sell consumer health data. We do not use consumer health data for advertising, credit, insurance, employment, lending, or data broker purposes.

You may request access, deletion, or withdrawal of consent by contacting support@minddrive.io or using in-app controls where available. Withdrawing consent may disable features that require the data.

Canadian, EU, UK, Swiss, and minors' privacy rights

If you are in Canada, you may request access to or correction of your personal information, ask questions about our practices, or withdraw consent to optional processing, subject to legal and contractual limits. We will respond in accordance with applicable Canadian privacy laws.

If you are in the European Economic Area, United Kingdom, or Switzerland, and GDPR, UK GDPR, Swiss data protection law, or similar laws apply, you may have rights to access, correct, delete, restrict, object to, or port personal information, withdraw consent where processing is based on consent, and lodge a complaint with a supervisory authority.

MindDrive is not directed to children and does not knowingly collect personal information from children under 18. If you are under 18, do not use MindDrive. If we learn that we collected personal information from a child under the applicable minimum age without required consent, we will take reasonable steps to delete it.

Security and human access to content

MindDrive uses technical, organizational, and administrative safeguards designed to protect personal information. These may include:

  • TLS/HTTPS in transit;
  • encryption at rest for supported app data;
  • server-side encryption and key management for protected content fields;
  • Firebase Authentication; optional TOTP MFA; PIN and biometric app lock; SecureStore for sensitive local items where appropriate;
  • access controls, security rules, restricted human/admin access, logging, monitoring, and incident response processes.

MindDrive may need to decrypt or process user content transiently on its servers or with AI providers to provide requested AI features. For that reason, we do not describe MindDrive as end-to-end encrypted.

No method of transmission, storage, or security is perfect. We cannot guarantee absolute security.

MindDrive personnel do not routinely review journal content. Human access to user content is limited to circumstances such as providing support you request, investigating bugs or security issues, complying with legal obligations, preventing fraud, abuse, or harm to the service, enforcing our Terms, and operating or maintaining the service where necessary.

Privacy requests and contact

For privacy questions, access or correction requests, deletion requests, or complaints about MindDrive's privacy practices, contact MindDrive Inc.'s Privacy Officer at support@minddrive.io.

Privacy Officer, MindDrive Inc., 2967 Dundas St. W. #495, Toronto, ON M6P 1Z2, Canada.

App-store disclosures and changes

MindDrive's App Store privacy labels, Google Play Data Safety form, iOS privacy manifest, Health Connect declaration, and in-app permission prompts must match this Privacy Policy and actual engineering behavior.

We may update this Privacy Policy from time to time. If changes are material, we will provide notice as required by law, such as through the app, email, website, or app-store update notes. The Effective date shows when this Privacy Policy was last updated.

Questions or privacy requests may be sent to support@minddrive.io.