Security
Effective date: June 11, 2026
This Security page explains how MindDrive protects private journal content with encrypted transit, protected storage, secure account controls, optional app lock, and careful AI processing.
It covers encryption, AI processing, regional data boundaries, account and device safeguards, access controls, monitoring, and vulnerability reporting.
English version controls. If MindDrive provides a translation of this document, it is for convenience only. To the fullest extent permitted by applicable law, the English version controls if there is a conflict between versions.
Security from day one
MindDrive is a private AI journaling, reflection, memory, and personal insight app. Security and privacy are part of the product foundation because journal entries, notes, folders, tags, reflections, and AI-derived insights can be deeply personal.
MindDrive is built around a simple security principle. Protect the user's private life data by default, keep access tightly scoped, and process sensitive content only when needed to provide the feature the user requests.
This page summarizes the safeguards MindDrive uses for encrypted transit, protected storage, AI processing, account access, local device data, service operations, and vulnerability reporting.
Protection at a glance
MindDrive protects your journal with encrypted transit, protected storage, secure account controls, optional app lock, and careful AI processing that uses content only as needed for the features you request.
| Protection | What it does |
|---|---|
| Protected private data | Keeps journal entries, chat content, AI summaries, search data, folder names, folder descriptions, tag names, and other private organization data in protected storage with encryption at rest. |
| Feature-scoped processing | Uses protected content only when the signed-in user's own account takes an action that needs it, such as opening entries, searching, asking a question in MindDrive's chat, or generating insights. |
| Regional data boundaries | Assigns supported accounts to North America, UK, EU, or APAC app data regions and routes core app data through the matching Firestore database and backend service. |
| PIN and biometric app lock | Adds an app-level lock on the user's device, with PIN and Face ID or biometric unlock where supported. This protects access to the app; it is separate from cloud encryption. |
| Authenticator-app MFA | Adds an optional second sign-in factor through a compatible authenticator app, so an email and password alone are not enough to access the account. |
| Recovery codes | Provides single-use recovery codes for MFA recovery. Recovery codes are stored as hashes rather than ordinary readable codes. |
| Single-device sessions | Limits active app sessions so a newer signed-in device can replace an older active session. |
| Privacy-safe analytics | Keeps journal entries, Learn prompts, AI responses, health summaries, folder names, tag names, and raw freeform text out of analytics events. |
Encryption and protected data
MindDrive uses HTTPS/TLS in transit and encryption at rest for protected app data. This protects content while it moves between the app and MindDrive services, and while it is stored in protected systems. Protected user data includes journal entries, entry plaintext used for search and AI features, AI summaries, search tags, chat content, saved chat memory, folder names, folder descriptions, tag names, and other user-authored organization data.
Cloud-hosted protected content is encrypted through Google Cloud Key Management Service. MindDrive uses managed key infrastructure so sensitive content fields are stored as ciphertext and decrypted only through controlled backend paths that require authentication, authorization, and the user's own product action.
The current key-management configuration uses a Google Cloud KMS key in the global KMS location. Core app records still use the assigned regional Firestore database and matching regional backend service, but key-management operations and some providers should not be treated as limited to the user's app data region.
Core app data is stored in the user's assigned regional Firestore database. MindDrive currently uses a North America database, a UK database, an EU database, and an APAC database, with matching regional backend services for authenticated user-data routes.
MindDrive also protects local search and chat indexes on the user's device. These local indexes use AES-256 encryption with per-user device keys stored through platform secure storage where available, so searchable local text is not left as ordinary readable SQLite data.
Exporting entries or chats requires your signed-in action and may temporarily decrypt selected content to create the file you requested. The exported file is intentionally readable plaintext or Markdown after you create it.
Support requests, live chat messages, and attachments are separate from encrypted journal storage. They are readable to support systems and staff when you choose to send them.
Some operational records must remain usable by infrastructure systems, such as account identifiers, subscription state, security events, request timing, processing status, timestamps, and abuse-prevention logs. MindDrive protects those records with authentication, authorization, restricted access, and operational controls.
AI processing and temporary decryption
MindDrive's AI features work by temporarily decrypting and processing selected content so the service can summarize entries, create mood and sentiment reflections, generate search tags, build semantic search representations, answer questions in MindDrive's chat, process selected images, summarize imported calendar or sleep information, and create text-to-speech output.
Private content is decrypted only when the signed-in user's own account takes an action in MindDrive that needs that content, such as opening entries, searching, asking a question in MindDrive's chat, generating insights, updating an entry, or using an import or AI feature. Some actions start short background processing tied to that user's request, but the access remains scoped to the requested product feature.
Outside those product flows, protected content stays encrypted in storage. MindDrive does not provide routine administrative browsing of decrypted journal content, MindDrive chats, folder names, tag names, or saved memory. Tightly scoped operator decrypts may occur only for test data, user-consented support, legal, security, or abuse investigation needs under internal policy.
When MindDrive sends content to AI providers, it sends only the relevant content and context needed for the requested feature. MindDrive requires provider handling to respect privacy commitments, including restrictions against using journal content to train general models unless the user clearly opts in or applicable disclosures and consent allow it.
MindDrive personnel do not browse private content from admin tools or operational consoles as routine support or operations work. Company access policies restrict support and operational work to account, billing, diagnostic, security, and encrypted-record metadata unless a user request, legal need, security need, abuse investigation, or test-data diagnosis requires a narrower decrypt.
Account and device protection
MindDrive protects account access through layered controls, including:
- Firebase Authentication for email/password, Google sign-in, and Apple sign-in;
- email verification for account setup and selected recovery flows;
- optional authenticator-app MFA with single-use recovery codes stored as hashes;
- single-device session enforcement that signs out an older session when a new active session appears;
- optional app PIN and Face ID or biometric app lock where supported by the device;
- PIN lockout protections that require account verification after repeated failed attempts.
The user's device remains part of the security boundary. MindDrive's app lock, PIN, biometric unlock, and local encrypted indexes reduce risk if a device is borrowed, lost, or briefly unattended, while platform device security remains important.
Access controls and data boundaries
MindDrive separates each user's app data under that user's account and checks authentication before reading or changing account-scoped records. Firestore security rules restrict user data access to the signed-in account, while backend handlers verify Firebase ID tokens on authenticated routes.
Region validation keeps authenticated requests aligned with the user's assigned app data region. App startup resolves the account region before user-scoped Firestore reads, writes, local user state, or regional API calls begin. Backend services use the configured regional Firestore database for authenticated user-data routes and reject wrong-region requests.
Decryption routes enforce ownership before returning decrypted entry fields. Backend APIs use rate limits, App Check on app-owned routes, token validation, and route-specific ownership checks to reduce abuse.
A small number of identity, recovery, lockout, support, and webhook flows may search limited operational records across regional databases to find the correct account or ticket. Those flows are designed to avoid raw secret values in logs and to write user-affecting changes only to the matched regional database.
MindDrive analytics and diagnostics are designed to avoid sensitive user-authored content. Journal entries, Learn prompts, AI responses, health summaries, folder names, tag names, and raw freeform text are not sent to analytics events.
Manage Your Data controls can remove saved AI outputs and related memory records, including saved chats, chat memory, folder-level memories, cross-folder memory, Home Insights, and generated editor prompts.
Operational security
MindDrive uses operational safeguards for service reliability and abuse prevention, including request rate limits, Cloudflare Turnstile bot protection on public forms, scheduler authentication for automated backend jobs, webhook validation for provider callbacks, structured monitoring, crash reporting, and performance telemetry.
Sensitive server credentials are kept out of client apps and restricted to backend infrastructure. Production access is limited to people and systems that need it to operate, secure, support, or comply with obligations for MindDrive.
Security logs and operational telemetry are used to detect errors, service abuse, suspicious activity, reliability issues, and infrastructure problems. MindDrive avoids logging plaintext journal content in operational logs.
Security limits and user responsibilities
MindDrive uses strong safeguards, but security also depends on user choices and platform controls. Users should protect their email account, keep device operating systems updated, use strong authentication, avoid sharing PINs or recovery codes, and keep control of devices where MindDrive is signed in.
MindDrive depends on third-party infrastructure and platform services such as Apple, Google, Firebase, Google Cloud, OpenAI, RevenueCat, Zoho, Cloudflare, and email providers. Those providers have their own security programs and controls.
MindDrive does not market itself as a system where no server can ever process user content. AI, search, summaries, imports, and other requested features need temporary processing by MindDrive servers and service providers.
After you save or share an exported file outside MindDrive, that copy is protected by your device, storage provider, or sharing destination.
MindDrive keeps security claims specific to the product architecture. MindDrive does not claim medical, health-care, or formal compliance certifications on this page unless they are separately completed and published.
Responsible disclosure
If you believe you have found a security vulnerability in MindDrive, submit a support ticket from Get Help in the MindDrive app with enough detail for us to reproduce and understand the issue.
Helpful reports include:
- the affected app version, browser, platform, or endpoint;
- the steps needed to reproduce the issue;
- screenshots, logs, or request details that do not include another person's private data;
- the potential impact and whether the issue appears account-specific or system-wide.
Please do not access, modify, delete, or disclose another user's data; disrupt MindDrive services; or test against accounts you do not own or control.