Privacy Policy

Last updated: June 11, 2026

Mindima (“we”, “us”) is a mental-training app. We built it to be private by default: your personal data lives on your device, there are no accounts and no ads, and anything anonymous leaves your phone only if you opt in. This policy explains what we handle, the legal bases we rely on, and the choices you have.

Who is responsible (data controller)

The data controller for Mindima is Noah Kanyo, [PLACEHOLDER: street address required before launch], Germany. Contact: support@mindima.com.

The controller is established in Germany, inside the EU, so no separate EU representative under Article 27 GDPR is required.

This website (mindima.com)

Hosting and server logs. This site is hosted by [PLACEHOLDER: hosting provider, e.g. Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA]. When you visit, the hosting provider processes the data your browser transmits (IP address, date and time, requested page, user agent) in server logs to deliver the site and keep it secure. Legal basis: our legitimate interest in operating a secure website (Art. 6(1)(f) GDPR). Logs are retained for [PLACEHOLDER: retention period] and are not merged with other data. [PLACEHOLDER falls US-Anbieter: Hinweis auf EU-US Data Privacy Framework-Zertifizierung bzw. Standardvertragsklauseln.]

Fonts. The fonts on this site are hosted on our own server. No connection to Google or any other third-party font service is made when you load this site.

Launch list (newsletter). If you enter your email address in the signup form, we use it solely to send you the launch announcement and a roughly weekly tip email. Provider: [PLACEHOLDER: e.g. Buttondown / Brevo, with address]. We use double opt-in: you receive a confirmation email and are only subscribed once you confirm. Legal basis: your consent (Art. 6(1)(a) GDPR). You can unsubscribe at any time via the link in every email; we then delete your address [PLACEHOLDER: deletion period].

Local storage.We store your light/dark theme choice in your browser’s localStorage. This is strictly necessary to provide a function you request (§ 25(2) TDDDG); it never leaves your device, and we set no cookies.

No tracking. This website uses no analytics, no advertising trackers, no third-party embeds, and no cookies.

The mindima app

• On-device app data. Your game results, progress, stats, streaks, moods, reflections, journal entries, survey answers, and settings are stored locally on your device. We never receive this data; there is no account and no server-side copy of it.
• Anonymous usage diagnostics (opt-in, off by default).If you turn on “Share anonymous diagnostics” in Settings, the app sends anonymous event counts (for example, that a session was completed) tied only to a random, app-generated identifier. Never your moods, journals, surveys, or anything you typed. Off by default; nothing is sent until you opt in.
• Crash reports (opt-in, off by default).If you turn on “Crash reports” in Settings, a crash sends a technical report via Sentry: the stack trace and your device model, never your content. Off by default.
• Update checks.The app checks for updates against Expo’s update service (a CDN). Like any internet request, that check transmits your IP address and the app version. It carries none of your personal app data.
• Purchases. Subscriptions and one-time purchases are processed by the Apple App Store or Google Play. We receive your purchase/entitlement status from the store, never your card number or full payment details.
• Notifications. If you enable reminders, we schedule local notifications on your device. They are not sent through our servers.

Legal bases (GDPR Art. 6 and Art. 9)

• Consent (Art. 6(1)(a) and Art. 9(2)(a)). Mood check-ins, reflections, and survey answers can reveal information about your mental state, which the GDPR treats as special-category (health-related) data under Article 9. The app therefore asks for your explicit consent on an in-app consent screen before any of it is recorded. Processing happens on your device; you can withdraw consent at any time by deleting your data in-app or deleting the app.
• Consent (Art. 6(1)(a)). Optional anonymous usage diagnostics are sent only after you opt in from Settings and stop when you opt out.
• Legitimate interest (Art. 6(1)(f)). Once you have opted in to crash reports, we process the resulting technical crash data (stack trace, device model) on the basis of our legitimate interest in keeping the app working. The opt-in toggle remains the gate; turning it off stops the reports.
• Contract (Art. 6(1)(b)). Purchase and entitlement status, so the features you paid for stay unlocked.

How we use it

To run the app, save your progress on your device, show you which exercises help your focus and mood, process purchases, fix crashes you have chosen to report, and improve the app from anonymous counts you have chosen to share. Mindima shows no ads and we do not use your data to build advertising profiles.

What we never do

We do not sell your personal data to anyone, and we do not share it with third parties except the service providers needed to run the app (below).

Third-party services

• Apple App Store / Google Play (payments, subscriptions).
• Expo (app update delivery via CDN; sees your IP address and app version when the app checks for an update).
• Sentry (crash reporting, only if you opt in; receives stack traces and device model, never your moods, journals, or surveys).

These providers handle data under their own privacy policies.

Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you (for on-device data, the in-app export gives you a complete copy).
• Rectification of inaccurate data.
• Erasure(“right to be forgotten”): use the delete controls in Settings, delete the app, or email us about anything server-side.
• Data portability: the in-app backup exports everything as a single JSON file you control.
• Withdraw consent at any time, without affecting prior processing.
• Complain to a supervisory authority, in particular the data protection authority of your EU member state or of Germany.

Your choices & controls

• Delete your data in-app using the data controls in Settings, or by deleting the app, which removes the local database from your device.
• Opt in or out of anonymous diagnostics and crash reports at any time in Settings. Both are off by default.
• Request deletion of anything you believe we hold by emailing us (below).

Data retention

On-device data remains until you clear it or delete the app. Opt-in diagnostics and crash reports are kept only as long as needed to improve and debug the app.

Children

Mindima is intended for users aged 16 and over, in line with the age of digital consent in Germany (Art. 8 GDPR). The in-app consent screen requires confirmation that you are 16 or older. We do not knowingly process personal data of younger children; if you believe a child has provided us data, contact us and we will delete it.

Security

No method of storage or transmission is perfectly secure, but we keep data on-device by default, offer an optional app lock, and minimize what we collect to reduce risk.

Changes

We may update this policy; we’ll revise the “last updated” date above and, for material changes, notify you in the app.

Contact

Questions or requests: support@mindima.com, or the controller directly at support@mindima.com.