Back to Mindsay

Legal

Privacy Policy

Last updated: July 6, 2026

Mindsay is a calm AI operating system for households. This Privacy Policy explains what we collect, why we collect it, and the controls you have over your family's data.

1. Data we collect

Account data — name, email, and authentication metadata you provide when creating a Mindsay account.

Family data — schedules, tasks, shopping lists, memories, and other content you and invited family members add to Mindsay.

AI prompts — the requests you send to Mindsay agents. We use them only to generate responses and improve reliability. We do not sell prompt data.

Device & usage — browser, device type, IP address, and coarse interaction analytics used to keep the service secure and performant.

2. How we use data

We use your data to operate Mindsay, personalize AI responses to your household, provide customer support, prevent abuse, and comply with law. We do not use family content to train third-party foundation models.

3. Legal bases (GDPR)

We process personal data under the following bases: performance of contract (delivering the service), legitimate interests (security, fraud prevention, product improvement), consent (marketing, non-essential cookies), and legal obligation.

4. Sharing

We share data only with sub-processors that help us run Mindsay (hosting, AI inference, payments, email delivery), all under strict data-protection agreements. We never sell personal data.

5. Retention

We keep account and family data for as long as your account is active. After deletion, backups are purged within 30 days. Billing records are retained as required by tax law.

6. Your rights

You can access, correct, export, or delete your data at any time from Settings, or by writing to [email protected]. EU/UK residents have the right to lodge a complaint with a supervisory authority.

7. Children

Mindsay is designed for households and may be used by minors under a parent or guardian's supervision. Parents control what child profiles can see and share.

8. Security

Data is encrypted in transit and at rest. Access is restricted to authorized personnel and audited.

9. Changes

We will notify you of material changes to this policy by email or in-app notice at least 14 days before they take effect.

Questions? Email [email protected].