Your data, in plain language.

MindType is behavioral identity intelligence infrastructure. We process the smallest amount of data we can to map your behavioral identity profile and run the product. We do not sell your data, we do not use it for cross-app advertising, and we do not let third parties track you through us.

Effective May 19, 2026 · Version 3.0

The short version

What you can expect.

We do not sell your data.

Never have. There is no advertising business model behind MindType.

Not used for cross-app tracking.

We don't share identifiers with ad networks. No data brokers. No SDKs that follow you between apps.

You're in control.

Export it, edit it, or delete it any time. We respond to data requests within 30 days.

01 · Data we collect

Exactly what we have on you.

This list is the same set of items declared in our App Store privacy label. Each item is linked to your user ID so we can run the product for you. None of it is used for tracking across other apps or websites.

Data item

Why we have it

Status

Email address

Account creation, sign-in, account recovery, and product communication.

Required

First name

Personalizing your reports and how the app addresses you.

Required

Date of birth

Used for identity anchoring when finding behavioral markers to build your identity code.

Required

Residency city

The city you currently live in. A text field you type in — not GPS. If you move and update it, we keep the most recent city you entered. Used as part of your identity context.

Required

Social handle

Optional. Helps you find friends and partners on the app.

Optional

Profile photo

Optional. Shown only inside your account and your own reports.

Optional

User ID

An internal identifier tied to your account so we can attach reports, settings, and subscription state to you.

Required

In-app purchase history

Which subscription you bought, when it renews, and whether it is active. Provided by Apple.

Required

Product interaction (PostHog)

Anonymized events about which screens you open and which features you use. Used to fix bugs and prioritize what to build next.

Required

Crash data

Automatic. If the app crashes we get a stack trace so we can fix it.

Required

Performance data

Automatic. Latency and load times so we can keep the app fast.

Required

Behavioral identity profile

Generated from the identity signals above. Sometimes called your behavioral fingerprint or identity code. This is how we map a person and how we personalize reports, Mind Match, and the Mind Coach. Stored on your account so we don't recompute it on every request.

Required

We do not collect precise location, contacts, browsing history, search history, health or fitness data, financial data beyond purchase history, advertising identifiers (IDFA), or device identifiers tied to advertising.

02 · How we use it

What we actually do.

Run the product.

Generate your reports, save them to your account, let you ask the Mind Coach questions, sync state between web and iOS.

Personalize your experience.

Show you content tied to your behavioral identity profile. Recommend Mind Matches. Surface your patterns over time.

Bill you correctly.

Track which subscription tier you're on, when it renews, and whether your scan quota has been used.

Keep MindType working.

Crash logs, error traces, performance metrics. We use this to find bugs and ship fixes.

Improve the product.

Anonymized usage analytics tell us which features land and which don't. We do not use prompts or report text for training.

Stop abuse.

Rate limiting, fraud prevention, blocking shared accounts that exceed subscription limits.

03 · Cross-app tracking

We don't track you across apps.

In Apple's sense of the word, "tracking" means linking data from our app with data from other companies' apps, websites, or offline properties for advertising or measurement purposes. We do not do that.

✓We do not request IDFA.
✓We do not share device identifiers with advertisers.
✓We do not embed ad-network SDKs.
✓We do not sell or rent your data to data brokers.

04 · Who else touches your data

Third-party processors.

We use the providers below to run the app. They process data on our behalf under written data processing agreements. None of them are allowed to use your data for their own marketing.

Anthropic

What it does · Powers the Mind Coach. Your prompt and your behavioral identity context are sent to Anthropic so the Mind Coach can answer.

What it sees · Mind Coach prompts, your behavioral identity profile, the other person's behavioral identity profile when relevant.

OpenAI

What it does · Legacy LLM. Generates parts of report text. Being phased out in favor of Anthropic.

What it sees · Report generation prompts, your behavioral identity context. No raw account credentials.

PostHog

What it does · Product analytics. Tells us which screens you open and which features you use so we can fix bugs and prioritize what to build.

What it sees · Pseudonymous event stream, your user ID, the screen names you visited. No prompts, no report content.

Apple

What it does · Sign in with Apple and In-App Purchases. Apple is your payment processor for iOS subscriptions.

What it sees · Apple ID identifier, subscription transactions and receipts.

Google

What it does · Sign in with Google. Optional — only used if you choose Google as your sign-in method.

What it sees · Google account email and identifier.

Railway

What it does · Hosts our servers and our database.

What it sees · Everything we store on your behalf lives on Railway-managed Postgres infrastructure.

05 · Retention

How long we keep things.

Data

How long

Account data (name, email, DOB, residency city, social handle, profile photo, behavioral identity profile)

While your account is active, plus a 30-day grace period after you delete your account.

Saved reports

While your account is active. Removed within 30 days of account deletion.

Product analytics (PostHog events)

90 days, then aggregated and anonymized.

Server logs and error traces

30 days.

In-app purchase receipts

7 years. Tax and legal requirements force us to keep payment records this long.

06 · Your rights — GDPR

What you can ask us to do.

If you live in the EU, UK, EEA, or Switzerland, you have these rights under the GDPR. We honor them globally — you get the same rights wherever you live.

Access

Ask for a copy of everything we have on you.

Correction

Fix anything that's wrong.

Deletion

Have it erased. Right to be forgotten.

Portability

Get your data in a format you can move elsewhere.

Restriction

Tell us to pause specific processing of your data.

Objection

Object to particular processing on legitimate-interest grounds.

Withdraw consent

Pull back any consent you previously gave, at any time.

To exercise any of these, email privacy@mindtype.io. We respond within 30 days. You also have the right to lodge a complaint with a data protection authority if you believe we have not handled your data correctly.

07 · California — CCPA / CPRA

If you live in California.

Right to know

Ask us what personal information we have collected about you in the last 12 months.

Right to delete

Ask us to delete the personal information we hold about you, subject to legal exceptions.

Right to opt out of sale

We do not sell your personal information. There is nothing to opt out of, but the right exists.

08 · Age

MindType is for 17 and up.

We don't knowingly collect data from anyone under 17. The app is age-gated at sign-up and on the App Store. If you are a parent or guardian and you believe your child has created an account, email privacy@mindtype.io and we will delete the account.

09 · International

Where the data lives.

Our servers run in the United States on Railway. If you use the app from outside the US, your data is transferred to the US for processing. When we transfer personal data of EU/UK residents to the US, we rely on Standard Contractual Clauses approved by the European Commission. We also assess each subprocessor for adequate data protection before relying on them.

10 · Security

How we protect your account.

✓TLS 1.2+ encryption for every request between your device and our servers.
✓Passwords stored as bcrypt hashes — we never see your plaintext password.
✓Database access scoped by row to your user ID. Engineers do not browse user data casually.
✓Audit logs for any admin-level access to your account.

11 · Changes

When this policy changes.

We bump the version number on this page and update the effective date at the top. For material changes (new data items, new processors, new uses), we email account holders at least 14 days before the change takes effect. Continued use of the app after the effective date counts as acceptance of the updated policy.

Questions about your data?

Anything in this policy — what we collect, how we use it, what your rights are — write to us. Real humans read these.

privacy@mindtype.io Contact form

Effective May 19, 2026 Version 3.0 Applies to mindtype.io and MindType for iOS