Mindality Privacy Policy
This Privacy Policy (the “Policy”) describes how Aston Traders Ltd (“Mindality”, “we”, “us”, “our”) collects, uses, discloses, and otherwise processes personal data when you access or use the Mindality mobile application and related services (collectively, the “Services”). This Policy forms part of our contractual framework together with our Terms & Conditions. Mindality provides tools for mood logging, emotional reflection, and optional AI-powered chat and insights. Information you choose to enter may relate to your well-being and may constitute special category data under the EU General Data Protection Regulation (“EU GDPR”) and the UK GDPR (together, “GDPR”).1. Data Controller
1.1 Aston Traders Ltd is the controller responsible for your personal data for the purposes of GDPR. 1.2 Company number: 10399056. 1.3 Contact email: support@mindality.io.2. Key Points
2.1 We process only the data that is reasonably necessary to provide, secure, and operate the Services. 2.2 Our primary processors are: (i) Supabase (EU hosting region) for authentication and backend storage, and (ii) OpenAI (via the OpenAI API) for optional AI chat and insights. 2.3 We do not sell personal data. We do not disclose personal data for third-party advertising or cross-app tracking. 2.4 AI features are optional. We transmit user content to OpenAI only where AI features are enabled and you have provided consent. 2.5 You can access this Policy at any time at: https://mindality.io/privacy-policy/.3. Definitions
3.1 “Personal data” means information relating to an identified or identifiable natural person. 3.2 “Processing” means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion. 3.3 “Special category data” may include data concerning health or mental well-being where applicable.4. Categories of Personal Data We Process
4.1 Account and identifiers: email address; internal account identifiers; authentication-related metadata; and session/security logs. 4.2 Usage data: last interaction timestamp and limited feature usage necessary to operate the Services. 4.3 User-generated content: mood logs (scores and timestamps), comments/reflections, and AI chat messages (where you use the AI feature). 4.4 Derived data: chat context summaries generated within Mindality to reduce the amount of prior text sent to OpenAI and maintain relevance. 4.5 We do not use third-party advertising SDKs. We do not engage in cross-app tracking as defined by Apple.4.6 Automatically Collected Technical Data
4.6.1 When you use the Services, our systems may automatically collect limited technical data necessary for security, reliability, and service operation. 4.6.2 This may include: IP address; device and app information (such as device model, operating system version, app version, language and time zone settings); timestamps; and server/security logs. 4.6.3 We use such technical data to maintain service security, detect abuse, troubleshoot issues, and ensure reliable performance. We do not use this information for cross-app advertising or tracking.5. Purposes of Processing and Lawful Bases
5.1 The table below describes the main categories of personal data we process, the purposes for which we process them, and the applicable lawful bases under GDPR.| Data Type | Purpose(s) | Lawful Basis (GDPR) |
|---|---|---|
| Email address | Account creation, authentication, account recovery, and customer support communications. | Performance of a contract (Art. 6(1)(b)); Legitimate interests (security and support) (Art. 6(1)(f)). |
| Last interaction timestamp | Service continuity, account activity management, and security monitoring. | Performance of a contract (Art. 6(1)(b)); Legitimate interests (security) (Art. 6(1)(f)). |
| IP address; device/app information; server/security logs | Security, fraud prevention, abuse detection, reliability, and troubleshooting. | Legitimate interests (service security and integrity) (Art. 6(1)(f)); where required, compliance with legal obligations (Art. 6(1)(c)). |
| Diagnostics (error logs) | Identify, diagnose, and fix technical issues; maintain reliability. | Legitimate interests (service reliability) (Art. 6(1)(f)). |
| Mood logs (scores and timestamps) | Provide mood history, trends, and in-app insights. | Performance of a contract (Art. 6(1)(b)). |
| Mood comments / reflections | Store and display reflections; if AI is enabled, provide AI insights and recommendations. | Performance of a contract (Art. 6(1)(b)); Consent for AI processing (Art. 6(1)(a)) and explicit consent for special category processing where required (Art. 9(2)(a)). |
| AI chat messages | Generate AI responses and recommendations; store chat history within the app. | Consent (Art. 6(1)(a)) and explicit consent where special category data is involved (Art. 9(2)(a)); Performance of a contract for storing history (Art. 6(1)(b)). |
| Chat context summary | Maintain relevance while minimizing the volume of data sent to OpenAI. | Consent (Art. 6(1)(a)); explicit consent where required (Art. 9(2)(a)). |
| Mood score history (limited lookback for AI) | Provide context to generate AI insights and recommendations regarding mood history and patterns. | Consent (Art. 6(1)(a)); explicit consent where required (Art. 9(2)(a)). |
6. AI Processing and Automated Features
6.1 Mindality offers optional AI-powered chat and insights. These features are enabled only where you have provided consent. 6.2 When AI features are used, we transmit to OpenAI the minimum content required to generate an output, including: chat messages; mood logs and comments/reflections; a chat context summary; and mood score history (limited lookback). 6.3 We do not transmit your email address or other direct account identifiers to OpenAI. 6.4 The AI generates text outputs intended for wellness support. Mindality does not make decisions producing legal effects or similarly significant effects about you.6.5 AI Vendor Data Handling
6.5.1 OpenAI processes the data we send for the purpose of providing AI-generated outputs. We configure the OpenAI API in accordance with OpenAI’s applicable terms for API customers. 6.5.2 We do not authorize OpenAI to use the content we send via the OpenAI API to train its models, except to the extent required or permitted under applicable OpenAI terms for API usage. 6.5.3 Deletion: you may delete your chat history and mood entries within the Services and you may delete your account. Deleting content in-app removes it from our primary systems (including Supabase) subject to the retention periods in Section 9. We cannot guarantee immediate deletion from OpenAI systems where OpenAI must retain limited records for safety, security, or legal compliance, but we do not send further data after you withdraw AI consent.6.6 User Chat Input (“What’s on your mind?”)
6.6.1 The Mindality chat feature allows users to type messages describing what they are thinking or feeling (for example through the prompt “What’s on your mind?”). When a user submits a message, the text entered by the user is collected and processed in order to generate an AI response.
6.6.2 The information a user enters into the chat may include personal reflections, emotional thoughts, feelings, or other personal information voluntarily provided by the user. This information is considered user-generated content and may constitute personal data or special category data relating to mental well-being under applicable data protection laws.
6.6.3 When the chat feature is used, the following information may be transmitted to our AI service provider:
- The message the user types into the chat (for example, what the user writes in response to the prompt “What’s on your mind?”)
- Relevant previous chat messages required to maintain conversation context
- Mood logs or reflections previously entered by the user when required to generate relevant insights
- A summarized conversation context generated by Mindality to reduce the amount of data transmitted
6.6.4 This information is transmitted to OpenAI (OpenAI, L.L.C.), which provides the artificial intelligence technology used to generate responses within the chat feature.
6.6.5 The purpose of sending this information to OpenAI is solely to allow the AI system to analyze the user’s message and generate a relevant conversational response or wellness insight.
6.6.6 Mindality does not transmit the user’s email address or account identifiers to OpenAI when processing chat messages.
6.6.7 AI chat processing occurs only after the user actively sends a message in the chat interface and only if the user has consented to the use of AI features within the application. Users may withdraw their consent for AI processing at any time in the application settings.
6.6.8 OpenAI processes the data solely for the purpose of generating AI responses. Mindality does not permit OpenAI to use this content to train AI models unless permitted under OpenAI’s API terms applicable to the service.
7. Disclosures to Third Parties and Processors
7.1 We do not sell personal data. We do not disclose personal data for third-party advertising or cross-app tracking. 7.2 We disclose personal data only to processors that help us provide the Services and only to the extent necessary. 7.3 The table below lists the processors we use and the data disclosed to them.| Processor | Role / Purpose | Data Disclosed | Location |
|---|---|---|---|
| Supabase | Authentication and backend database hosting; storage of user data within the Services. | Email address; last interaction timestamp; and any content you store in Mindality (including mood logs, reflections, chat history, and associated metadata). | EU hosting region |
| OpenAI (OpenAI, L.L.C.) | AI processing for chat responses and insights (only if AI is enabled and consent is provided). | Chat messages; mood logs and comments/reflections; chat context summary; mood score history (limited lookback). Email address is not disclosed. | United States (and other jurisdictions where OpenAI operates) |