What you write here, stays here.

✓Your journal is yours. We can't read it without your active session.

✓Every word is encrypted (AES-256) before it's saved to our database.

✗We never sell your data. Not to anyone. Not ever.

✗We never use your entries to train AI models — ours or anyone else's.

✗We never run ads, analytics, or “personalisation” off the content of your reflections.

✗We never share your data with a third party except the strict cases listed below.

Only you, when you're signed in.

Our staff, contractors, and operators cannot read your entries. The encryption key decrypts content only inside the brief, authenticated request that fetches it for you, and the result is never logged, cached, or stored anywhere else.

Law enforcement requests are handled the way you'd want: we'd require a valid legal order from a competent court, we'd notify you unless prohibited, and we'd push back on anything overbroad. We have not received any such request to date.

When you ask for a reflection, your entry is sent — in transit and over TLS — to Anthropic's API (Claude Sonnet 4.5) so it can write a response. When you record audio, the audio is sent to OpenAI's API (Whisper-1) for transcription.

Per their published API terms, Anthropic and OpenAI do not use API content to train their models. They retain inputs only briefly for abuse monitoring. We pay for these APIs precisely so your entries are not used as training data.

We do not enable any “improve the model” toggle on either provider. If that ever changes, we'll tell you here first and ask for your consent before continuing.

Your entries — encrypted text, AI reflection, AI actions, tags, mood, and timestamp — so the journal is yours to revisit.

Account basics — your email, name, and a salted/hashed password (or a Google account identifier). We don't keep your raw password.

Sessions — short-lived tokens so you stay signed in. Revoked when you sign out, deactivate, or delete.

Operational logs — minimal request logs (timestamps, status codes, no entry content) for 30 days, used only to keep the service running.

✗Sell, rent, or trade your data.

✗Send your entries to advertisers, data brokers, or affiliate networks.

✗Use your entries as examples, screenshots, or marketing material — even anonymised.

✗Train any model — ours or a third party's — on the content of your journal.

✗Email you marketing about other products without explicit opt-in.

✗Read your entries to “improve the experience” or for any internal analytics.

Data is stored in our managed MongoDB cluster. Encryption keys live separately from the ciphertext. We pick providers that respect GDPR / UK GDPR / Swiss FADP / California CCPA principles by default — even for users outside those regions.

Wherever you are in the world, the same rules apply.

You can, at any time, from your Account page:

• Deactivate — pause sign-in; entries are kept encrypted. Sign in again to reactivate.
• Delete permanently — your account, every entry, every token, every session is removed from our database. We do not keep “soft-deleted” copies.

You also have the right to access, export, correct, and object to processing of your data under GDPR / CCPA. Email privacy@mindmirror.app and we'll respond within 30 days.

We'll tell you — by email and in-app banner — at least 14 days before any change that broadens how your data is used. If the change makes things stricter (e.g. shorter retention), we'll just do it and note it here.

This is version 1.0, dated 29 May 2026.