Privacy Policy

1. Introduction

KindMind Labs LLC (“Company,” “we,” “us,” or “our”) operates the KindMind platform (the “Service”). This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use the Service. By using the Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

• Account information: display name, email address, and password when you create an account.
• Journal entries: text content you write in your journal entries.
• Guided reflections: messages you send and AI-generated responses in reflection sessions.
• Growth journeys: your progress and written responses to guided journaling prompts.
• Daily check-ins: mood selections, habit tracking, and optional notes you record.
• Lists: titles and items in lists you create (goals, gratitudes, etc.).
• Testimonials: if you choose to submit a testimonial, the text content and optional author name you provide.
• Referral codes: if you share or use a referral code, we track the code and its usage.
• Payment information: when you subscribe to a paid plan, payment details are collected and processed directly by Stripe, Inc. We do not store your credit card number, bank account details, or other payment instrument information on our servers.

2.2 Information Collected Automatically

• Authentication cookies: session tokens managed by our authentication provider (Supabase) to keep you logged in.
• Local preferences: theme selection (dark/light mode), journal font preferences, and tour completion status are stored in your browser’s local storage. These do not contain personal information and are never sent to our servers.

2.3 Information We Do Not Collect

We do not use analytics services, tracking pixels, advertising networks, or any third-party tracking technologies. We do not collect IP addresses, device fingerprints, browsing history, or location data for analytics or advertising purposes.

3. How We Use Your Information

We use your information solely to:

• Provide, operate, and maintain the Service.
• Authenticate your identity and secure your account.
• Store and retrieve your personal wellness content (journal entries and reflections).
• Transmit your exercise conversation messages to our AI provider to generate responses during guided exercise sessions.
• Process subscription payments through Stripe.
• Send transactional emails related to your account (welcome emails, trial reminders, password changes, and email verification).
• Respond to your inquiries or support requests.

We do not use your personal information for advertising, marketing, profiling, or any purpose other than providing the Service to you.

4. Encryption and Data Protection

We use zero-knowledge, client-side encryption to protect your data. All user-generated content (including journal entries, reflection messages, journey responses, check-in notes, list titles, list items, and display names) is encrypted with AES-256-GCM on your device before it is transmitted to our servers. As we add new features, any user-generated content will follow the same encryption model.

Your encryption key is derived from your password on your device. We never receive, store, or have access to your encryption key or your password in plaintext. This means we are technically unable to read your encrypted content (not that we’d want to). This is commonly referred to as zero-knowledge encryption.

A recovery key is generated during account creation so you can regain access to your data if you forget your password. You are solely responsible for storing this recovery key securely. If you lose both your password and recovery key, your encrypted data cannot be recovered by anyone, including us.

Certain metadata is stored unencrypted to enable the Service to function, including: your email address, session identifiers, timestamps, subscription identifiers, mood selections, and habit completion records.

5. Third-Party Services

We use a limited number of third-party service providers, solely as necessary to operate the Service. These fall into the following categories:

• AI provider: when you use guided reflections, your conversation messages are transmitted to our AI provider to generate responses. Our current provider’s API does not retain conversation data and does not use it for model training.
• Payment processing: subscription payments are processed by a third-party payment processor. All payment instrument details (credit card numbers, etc.) are collected directly by the processor and never pass through our servers.
• Database and authentication: your account information, encrypted content, and authentication sessions are stored on our infrastructure provider’s servers.
• AI request routing: AI reflection conversations are routed through a secure edge proxy. Your conversation content passes through this infrastructure during reflection sessions only and is not stored.
• Transactional email: your email address is shared with our email provider to deliver account-related messages such as welcome emails and trial reminders.
• Application hosting: our hosting provider processes incoming requests and may have access to IP addresses and request metadata as part of standard web hosting operations.

We may change, add, or remove service providers from time to time as needed to operate the Service. We will update this policy to reflect material changes.

We will never sell, rent, or trade your personal information to any third party. We do not share your data with advertisers, data brokers, or analytics services. The only third parties that receive any of your information are infrastructure and service providers as described above, and only as strictly necessary to operate the Service.

6. Cookies and Local Storage

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or any non-essential cookies. Your browser’s local storage is used solely to remember your visual preferences (theme, font settings) and does not contain personal information.

7. Data Retention

We retain your personal information and User Content for as long as your account is active or as needed to provide the Service. You may delete individual journal entries and exercise sessions at any time through the Service, which permanently removes that content and all associated data from our databases (via cascading deletion).

You may delete your entire account and all associated data directly through your account settings in the app. Account deletion is immediate and permanent. Backup copies of deleted data are purged within 30 days. You may also contact us at hello@kindmind.com and we will process the request within 30 days.

8. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including AES-256-GCM encryption at rest for sensitive content, secure authentication via Supabase, Row Level Security policies on all database tables to prevent cross-user data access, and HTTPS for all data in transit.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: update your display name, email address, or password through your account settings.
• Deletion: delete individual content items through the Service, or request full account deletion by contacting us.
• Data portability: request an export of your data in a machine-readable format.
• Objection/Restriction: object to or request restriction of certain processing of your personal information.

To exercise any of these rights, contact us at hello@kindmind.com We will respond to requests within 30 days.

10. California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt out of the sale of your personal information — we do not sell your personal information; and (d) not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at hello@kindmind.com

11. European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for processing your personal information is: (a) performance of a contract (providing the Service to you); (b) your consent (where applicable); and (c) our legitimate interests (security, fraud prevention, and improving the Service), balanced against your rights and freedoms.

Your data is processed and stored in the United States. Our infrastructure providers maintain Data Processing Agreements that include Standard Contractual Clauses (SCCs) for international data transfers. By using the Service, you consent to the transfer of your information to the United States.

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

12. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at hello@kindmind.com

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on this page with a revised “Last updated” date. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

KindMind Labs LLC
Email: hello@kindmind.com