Privacy Policy

Last Updated: February 22, 2026

1. Introduction

Welcome to MindSpace. We are committed to protecting your privacy and ensuring the security of your personal and mental health information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our mobile application.

2. Information We Collect

2.1 Personal Information

  • Email address (for account creation, login, and OTP verification)
  • Name (optional, for personalization)
  • Profile picture (optional)
  • Language preference
  • Device information (device model, operating system, app version)
  • Push notification tokens (for sending notifications)

2.2 Mental Health Data

  • Journal entries and content
  • Mood tracking data (mood levels, dates, patterns)
  • Personal insights and questionnaire responses
  • AI analysis requests and results
  • Social posts and comments (if you choose to share)

2.3 Usage Data

  • App usage statistics (features used, session duration)
  • Error logs and crash reports (via Firebase)
  • Analytics data (via Google Analytics for website)

2.4 Payment Information

  • In-app purchase data (transaction IDs, purchase dates, token packages)
  • Payment processing is handled entirely by Apple and Google - we do not store credit card information

3. How We Use Your Information

We use your information to:

  • Provide AI-powered insights: Analyze your journal entries to generate personalized psychological advice
  • Track your progress: Display mood trends and statistics
  • Improve our service: Enhance app features and user experience
  • Communicate with you: Send notifications, updates, and support messages
  • Ensure security: Protect your account and prevent fraud

4. Data Security

We take your privacy seriously and implement industry-standard security measures:

  • Encryption: All data is encrypted in transit (HTTPS) and at rest
  • Secure storage: We use FlutterSecureStorage for sensitive data on your device
  • Passcode protection: Optional 4-digit passcode lock for app access
  • Limited access: Only authorized personnel can access your data for support purposes
  • Regular audits: We conduct security audits to identify and fix vulnerabilities

5. Data Sharing

We DO NOT sell your personal or mental health data. We may share data only in these limited circumstances:

  • With your consent: When you choose to share posts or comments in the social feed
  • Service providers: Third-party services that help us operate (e.g., cloud hosting, analytics)
  • Legal requirements: If required by law or to protect rights and safety
  • Anonymous data: Aggregated, anonymized data for research and improvement

6. Your Rights

You have the right to:

  • Access your data: Request a copy of your personal information
  • Correct your data: Update inaccurate or incomplete information
  • Delete your data: Request account deletion (all data will be permanently removed)
  • Export your data: Download your journal entries and data
  • Opt-out: Disable notifications and data sharing features

7. Data Retention

We retain your data as follows:

  • Active accounts: Your data is stored indefinitely while your account is active
  • Journal entries: Kept until you manually delete them or request account deletion
  • Account deletion: When you request account deletion, all personal data and journal entries will be permanently deleted within 30 days
  • Legal requirements: Some data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution)
  • Anonymized data: Aggregated, anonymized analytics data may be retained indefinitely

8. Children's Privacy

MindSpace requires users to be at least 13 years old. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately at support@mindspaceapps.com, and we will delete the account and all associated data.

9. Third-Party Services

We use the following third-party services to operate MindSpace. Each has its own privacy policy:

  • Amazon Web Services (AWS): Cloud hosting and data storage (EC2, S3) - Singapore region
  • AWS Simple Email Service (SES): Email delivery for OTP and notifications
  • Firebase: Crash reporting, analytics, and Cloud Messaging for push notifications
  • Google Analytics: Website traffic analysis (uses cookies)
  • Apple In-App Purchase: Payment processing for iOS (subject to Apple's privacy policy)
  • Google Play In-App Purchase: Payment processing for Android (subject to Google's privacy policy)

These services have their own privacy policies and terms. We encourage you to review them:

10. Cookies and Tracking Technologies

10.1 Website Cookies

Our website uses cookies and similar tracking technologies:

  • Google Analytics Cookies: Track website visitors, page views, and user behavior to help us improve the website experience
  • Session Cookies: Temporary cookies that expire when you close your browser
  • Preference Cookies: Remember your settings and preferences

10.2 Mobile App

The mobile app does not use browser cookies but may store data locally on your device using secure storage mechanisms for app functionality.

11. International Data Transfers

MindSpace is operated from Malaysia, and our data is stored on AWS servers in Singapore. If you access MindSpace from outside Malaysia or Singapore, your data will be transferred to and processed in Singapore.

By using MindSpace, you consent to the transfer of your data to Singapore and other countries where our service providers operate. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy, regardless of where it is processed.

12. Security Breach Notification

In the unlikely event of a data breach that affects your personal information:

  • We will investigate the breach and assess the risk to your data
  • We will notify affected users via email within 72 hours of discovering the breach
  • We will notify relevant authorities as required by applicable law
  • We will take immediate steps to secure the breach and prevent further unauthorized access
  • We will provide guidance on steps you can take to protect yourself

13. GDPR Compliance (For European Union Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

13.1 Legal Basis for Processing

We process your data based on:

  • Consent: You provide consent when creating an account and using the app
  • Contract: Processing is necessary to provide the services you requested
  • Legitimate interests: Improving our services and preventing fraud

13.2 Your GDPR Rights

  • Right to access: Request a copy of all data we hold about you
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): Request deletion of your data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time
  • Right to lodge a complaint: File a complaint with your local data protection authority

13.3 Data Protection Contact

To exercise your GDPR rights, contact us at support@mindspaceapps.com with "GDPR Request" in the subject line. We will respond within 30 days.

14. CCPA Compliance (For California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

14.1 Categories of Personal Information Collected

We collect the following categories as described in Section 2:

  • Identifiers (email, name, device ID)
  • Internet/network activity (usage data, analytics)
  • Sensitive personal information (mental health data, journal entries)
  • Commercial information (purchase history)

14.2 Your CCPA Rights

  • Right to know: Request information about data we collect and how it's used
  • Right to delete: Request deletion of your personal information
  • Right to opt-out of sale: We do NOT sell your personal information
  • Right to non-discrimination: We will not discriminate against you for exercising your rights
  • Right to correct: Request correction of inaccurate personal information
  • Right to limit use of sensitive information: Request limits on use of sensitive data

14.3 Do Not Sell My Personal Information

We do NOT sell your personal information to third parties for monetary or other valuable consideration. We only share data with service providers as necessary to operate the app.

14.4 Exercising CCPA Rights

To exercise your CCPA rights, contact us at support@mindspaceapps.com with "CCPA Request" in the subject line. We will respond within 45 days. You may designate an authorized agent to make requests on your behalf.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes via email or in-app notification at least 7 days before the changes take effect. Your continued use of MindSpace after changes indicates acceptance of the updated policy. We encourage you to review this policy periodically.

16. Contact Us

If you have questions about this Privacy Policy or your data, or wish to exercise your privacy rights, please contact us:

  • Email: support@mindspaceapps.com
  • Website: www.mindspaceapps.com
  • App: MindSpace Mental Health Journal
  • Operator: Individual operation - Malaysia
  • Data Location: AWS Singapore

For GDPR requests, include "GDPR Request" in the subject line.
For CCPA requests, include "CCPA Request" in the subject line.
For general privacy inquiries, include "Privacy Question" in the subject line.

Your Privacy Matters

At MindSpace, we believe mental health data deserves the highest level of protection. We're committed to transparency and giving you full control over your information.