Privacy Policy

Effective Date: February 9, 2026 · Last Updated: February 20, 2026

1. Introduction

MIND AI ("MIND," "we," "us," or "our") is operated by Astra Way LLC. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at m-i-n-d.ai, our mobile applications for iOS and Android, and all related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Username, email address, and password when you register.
• Profile Information: Display name, bio, avatar, and other optional profile details.
• User Content: Documents you upload, journal entries, chat messages, thoughts, Life items, and any other content you create within the Service.
• Payment Information: When you purchase credits or subscriptions, payment is processed by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details.
• Communications: When you contact us for support, we collect your name, email address, and the content of your message.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, queries made, timestamps, and interaction patterns.
• Device Information: Browser type, operating system, device type, device model, screen resolution, and unique device identifiers.
• Log Data: IP address, access times, and referring URLs.
• Mobile Device Data: When you use our mobile app, we may collect device model, operating system version, app version, and unique device identifiers. We do not access your camera, microphone, contacts, or location unless you explicitly grant permission for a specific feature.

2.3 Voice Data

When you use our voice dictation feature, audio is processed by your device's built-in speech recognition (e.g., Web Speech API in browsers, native speech recognition on iOS/Android). We do not record, store, or transmit your audio. Only the resulting text transcript is used within the app.

3. How We Use Your Information

• To provide, maintain, and improve the Service.
• To build and maintain your personal knowledge graph.
• To generate AI-powered responses, insights, action plans, and recommendations personalized to you.
• To process transactions and manage your account.
• To send you service-related notifications (e.g., account updates, security alerts).
• To send push notifications on mobile devices, if you have opted in.
• To detect, prevent, and address technical issues, fraud, and abuse.
• To comply with legal obligations.
• To respond to your support requests and communications.

4. AI Processing & Third-Party Models

MIND uses third-party AI model providers (including OpenAI, Anthropic, Google, and others via OpenRouter) to process your queries and generate content. When you send a query:

• Your query text and relevant context from your knowledge graph are sent to the selected AI model provider.
• We select the minimum context necessary to generate a useful response.
• We rely on each provider's data processing agreements. Major providers (OpenAI, Anthropic, Google) do not use API inputs to train their models.
• AI-generated outputs are stored in your account to maintain conversation history.

You can choose which AI model to use for each interaction. We recommend reviewing the privacy policy of your preferred AI provider.

5. Data Storage & Security

• Your data is stored on secure cloud infrastructure (MongoDB Atlas).
• All data is encrypted in transit (TLS/HTTPS) and at rest.
• Access to production databases is restricted and audited.
• We use industry-standard authentication (JWT tokens, bcrypt password hashing).
• Payment processing is handled entirely by Stripe, a PCI DSS Level 1 compliant provider.

While we implement commercially reasonable safeguards, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in these cases:

• Service Providers: Third-party AI model providers (to process queries), Stripe (for payment processing), and cloud hosting providers (to operate the Service). These providers only receive the minimum data necessary to perform their function.
• With Your Consent: When you share thoughts to your public feed, share Life items with communities, or publish content within the Service.
• Legal Requirements: If required by law, subpoena, court order, or other legal process.
• Safety: To protect the rights, property, or safety of MIND, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data: Retained until you delete your account.
• User Content: Documents, entries, and chat history are retained until you delete them individually or delete your account.
• Usage Logs: Retained for up to 12 months for service improvement and security purposes, then anonymized or deleted.
• Payment Records: Retained as required by applicable tax and financial regulations.

When you delete your account, all associated personal data, documents, knowledge graph data, and chat history are permanently deleted within 30 days, except where retention is required by law.

8. Your Rights & Choices

• Access & Export: You can view and export your data at any time through your account settings.
• Deletion: You can delete individual documents, journal entries, Life items, or your entire account. Account deletion removes all associated data.
• Correction: You can update your profile and content at any time.
• Opt-Out of Notifications: You can opt out of non-essential notifications and push notifications through your app or device settings.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@theastraway.com. We will respond within 30 days.

9. Account Deletion

You may request deletion of your account and all associated data at any time by:

• Using the "Delete Account" option in your account settings within the app.
• Emailing privacy@theastraway.com with the subject "Account Deletion Request."

Upon receiving a deletion request, we will permanently delete your account, personal data, uploaded documents, knowledge graph data, chat history, and all associated content within 30 days. Some data may be retained where required by law (e.g., transaction records for tax purposes).

10. Tracking, Advertising & Analytics

We do not track you across other apps or websites. We do not use advertising cookies, advertising identifiers (IDFA/GAID), or any third-party advertising SDKs. We do not participate in ad networks or sell data to advertisers.

We use browser local storage to store your authentication token and user preferences. We do not use third-party tracking cookies.

11. Children's Privacy

The Service is not intended for users under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected information from a child under the applicable age, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@theastraway.com.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, email privacy@theastraway.com. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on: (a) your consent, (b) performance of our contract with you (providing the Service), (c) our legitimate interests (improving the Service, security), and (d) compliance with legal obligations.
• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate data.
• Right to Erasure: You may request deletion of your personal data.
• Right to Restrict Processing: You may request that we limit how we use your data.
• Right to Data Portability: You may request a machine-readable copy of your data.
• Right to Object: You may object to processing based on legitimate interests.
• Right to Lodge a Complaint: You may file a complaint with your local data protection authority.

To exercise these rights, contact us at privacy@theastraway.com. We will respond within 30 days.

14. International Data Transfers

If you are accessing the Service from outside the United States, your information may be transferred to and processed in the United States where our servers are located. We take steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it. By using the Service, you consent to this transfer.

15. Third-Party Links & Services

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last Updated" date, and, where appropriate, sending you a notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@theastraway.com
• Operator: Astra Way LLC
• General support: support@theastraway.com