Terms & Privacy

By using this website (mindsera.com) or our application (beta.mindsera.com), you consent to our "Terms & Conditions" and "Privacy Policy", as well as those of our subprocessors. If you have any questions, you can catch us at hello@mindsera.com

tl;dr

  • We are not a big evil corporation and don't sell your data. We believe in the freedom and privacy of thought.
  • We’re an independent company, so we only answer to our members. This allows us to grow carefully while ensuring our values are reflected in everything we do.
  • Your writing is fully encrypted at rest (AES-256) and in transit (TLS 1.2 or greater). End-to-end encryption is impossible to use with AI at the moment. AI systems need access to the data in the backend to work.
  • Our data is securely hosted on Fly.io servers in the US. Fly.io complies with GDPR and the EU-U.S. Data Privacy Framework, holding industry-standard certifications, including ISO 27001 and SOC 2.
  • You can export your data at any time.
  • Your data is not used to train or improve AI models.
  • We use Google Analytics to measure the amount of users, their location, and the device used. We also track how users interact with our application.
  • We use PostHog to track how users interact with our app, including their location and device, to help us improve functionality and understand usage patterns. No sensitive data is shared with or processed by PostHog.
  • We use social media pixels for our marketing campaigns.
  • We strive to collect the minimum amount of information required to operate our services.

✌️

Privacy Policy

Last updated January 13, 2025

1. Introduction

Mindsera (website address: mindsera.com & beta.mindsera.com) appreciates your trust. We are a EU-based company, creating products and services focused on mental health and fitness. Please read and consent to this Privacy Policy in order to have permission to use our services.

2.1 Data collected (mindsera.com)

Data storage location: We are a EU-based company and operate web servers hosted in Estonia. Our hosting provider Veebimajutus adheres to the EU/US Privacy Shield, ensuring that your data is securely stored and GDPR compliant.

Emails: When you register to our newsletter, your email address will be stored by our email service provider Convertkit. You can unsubscribe at any time by clicking on the link at the bottom of each newsletter. When you use our journal (website address: journal.mindsera.com) well store your email address securely on our web servers hosted in Estonia by Veebimajutus.

Analytics: We use Google Analytics on our site for anonymous reporting of site usage. No personalised data is stored. If you would like to opt-out of Google Analytics monitoring your behaviour on our website please use this link: Google Analytics Opt-out.

2.2 Data collected (beta.mindsera.com)

Hosting platform: Our application and data is hosted on Fly.io servers, which are located in the United States. Fly.io complies with the EU-U.S. Data Privacy Framework, UK Extension to EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework (collectively, “DPF”). Fly.io is certified under DPF principles, including onward transfer liability, and is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Fly.io privacy policy: For more details, see Fly.io’s Privacy Policy and Data Privacy Framework Policy.

Image hosting: We use Cloudinary to host images. You can find their privacy policy at https://cloudinary.com/privacy

Voice recordings: User voice recordings are stored securely in encrypted format in Amazon S3. Encryption ensures that recordings remain private, and Amazon S3 has no access to the content of these recordings. Recordings are used solely for the purpose of backups and are not utilized in any other way. If a user deletes a recording or associated entry, the voice recording is permanently deleted from our servers.

Emails: Our email systems are powered by SendGrid. You can find their privacy policy at https://sendgrid.com/policies/security/

Sign in with Google: We give users the option to use their Google Account to sign-up and sign-in to out application. When you choose to use Sign in with Google, we will collect and use the following information from your Google account:

  • Your name and email address: This information is used to identify you and personalize your experience within our application.
  • Your Google profile picture: This information is used to personalize your account within our application.
  • Your Google user ID: This information is used to associate your Google Account with your account within our application.

We use this information to provide you with access to our application and to personalize your experience within it. We also use this information to communicate with you about your account and to provide you with customer support. We will not share your Google Account information with any third-party services, except as required by law or to protect our rights or property.

AI content generation: Our AI services are powered by OpenAI. With the new update on March 1, 2023, OpenAI will not use API data to train or improve their models. This means that your content is completely private. If you choose to use the Mindsera AI feature(s), you may not use the Mindsera AI features in a manner that violates any OpenAI Policy, including their Content Policy; Sharing and Publication Policy; and Community Guidelines.

AI image generation: We use StabilityAI to generate images based on journaling entries. You can find their privacy policy at https://platform.stability.ai/docs/terms-of-service

Payments: We use Stripe as our payment processor. You can find their privacy policy at https://stripe.com/en-ee/legal/privacy-center

User behavior tracking: We use PostHog to track user interactions and improve our application. PostHog helps us analyze usage patterns to better understand user needs and enhance the functionality of our platform. No sensitive information (e.g., journaling content or insights) is shared with or processed by PostHog. All data is handled securely and in compliance with applicable data protection laws. You can find their privacy policy at https://posthog.com/privacy.

3. Use of personal data

We use your personal information in the following cases:

  • Verification/identification of the user during website usage.
  • Providing technical assistance and customer support.
  • Sending updates to our users with important information to inform about news/changes.
  • Gather analysis about usage, so we can customise the website to make your experience more personal and engaging.
  • Guarantee overall performance and administrative functions run smoothly.

4. Changes

Changes to this privacy policy and terms of service:

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make any material changes, we will notify you by email or by posting a notice on our website and application.

Mindsera OÜ
Paldiski mnt. 82c-21, Tallinn
10618, Estonia