← Back to app

Privacy Policy

Last updated: 10 April 2026

PsyMind (`psymind.app`) is operated as the PsyMind application platform. This policy explains what data we collect, why we collect it, and how we protect it.

1. What data we collect

Data you provide:

• Name and email address during sign-up or gated flows
• Optional profile data such as photo URL, public bio, social links, language, reminder time, goals, and meditation focus
• Suggestion text entered for evaluation or generation
• Responses to questionnaires and exercises
• Payment data processed by Stripe. We do not store card data directly.

Data collected automatically:

• IP address in hosting logs
• Browser and device type
• Scores, evaluation history, and gamification progress stored locally in the browser

2. Why we collect it

• App functionality such as authentication and progress storage
• Evaluation and generation of hypnotic suggestions through AI processing
• Subscription and checkout flows
• Email communication when required for the product or when consent applies
• Service improvement and operational support

We do not use your emotional entries for ad targeting. We do not send your personal reflections to advertising platforms.

2.1 Optional profile, public profile, and support access

Profile photo, social links, public bio, public profile visibility, and public profile slug are optional. Public profile visibility is off by default and can be enabled or disabled from Dashboard.

Support access is off by default. If you enable temporary support access, PsyMind support may review your account state only to solve a support issue, only while the permission is active, and only after recording a clear support reason in the audit log. You can disable support access from Dashboard.

2.2 Product improvement consent

You may separately allow PsyMind to use your content, anonymized where reasonably possible, to improve the platform. This is optional, off by default, and can be withdrawn from Dashboard. Pseudonymized data may still be personal data under GDPR; therefore, we treat it as protected data unless it has been effectively anonymized.

3. Who processes the data

Provider	Purpose	Data location
Supabase	Authentication and database	EU (Frankfurt)
Stripe	Payment processing	EU/US
Vercel	Application hosting	EU/US
Resend	Email delivery	US
Anthropic	AI processing (generation, evaluation). Personal identifiers — email, phone, IBAN, payment card, national ID, address, full name — are stripped server-side before requests are sent. If you have enabled "Use my first name in personalized meditations" in your profile (default ON, opt-out anytime), your first name only is included to personalize the script. No surname is ever sent.	US
GoHighLevel	CRM and communication workflows using non-sensitive contact and funnel data only	US
Lead/webhook tools, where configured	Non-sensitive lead routing only; no personal reflections or generated content	EU/US

Data processing agreements are maintained or finalized where required.

4. Your rights

Under GDPR you may request:

• Access to your personal data
• Rectification of incorrect data
• Erasure of your data
• Portability in a standard format
• Objection to marketing-related processing
• Withdrawal of consent where consent is the legal basis

To exercise these rights, contact us at contact@psymind.app. We respond within 30 days.

5. Security

We use HTTPS on all connections. Authentication is handled through Supabase. Payment data is handled by Stripe. Database access is restricted through Row Level Security policies.

6. Retention

Account-related data is retained while the account remains active. Local browser data remains under the user's control and can be cleared at any time. After account deletion, relevant data is removed within 30 days unless retention is required by law.

You can delete your history anytime. You can delete your account anytime. Payment, invoice, tax, refund, chargeback, support, anti-fraud, security, dispute, and audit records may be retained where legally required.

7. International transfers

Some providers process data in the United States. Transfers rely on lawful transfer mechanisms such as standard contractual clauses where applicable.

8. Minors

PsyMind is intended for adults 18+ only. We do not knowingly collect data from users under 18. If you believe a person under 18 submitted personal data, contact us so it can be removed.

9. Changes

We may update this policy from time to time. Material changes may be communicated by email or in-app notice. The latest update date is displayed at the top of this page.

---

Cookie Policy

Last updated: 10 April 2026

What cookies are

Cookies are small files stored on your device by the browser. Similar technologies include localStorage and sessionStorage.

What we use

Technology	Name/Purpose	Type	Duration
localStorage	Language and theme preferences	Strictly necessary	Persistent
localStorage	Evaluation history, scores, gamification progress	Functional	Persistent
localStorage	Authentication state	Strictly necessary	Persistent
localStorage	Lead data such as verified email	Functional	Persistent
Supabase cookie	Authentication session	Strictly necessary	Session
Stripe cookie	Payment processing during checkout	Strictly necessary	Session

Third-party cookies

We do not use advertising or analytics cookies on `psymind.app`. External analytics SDKs are currently disabled.

We do not send personal reflections, emotional entries, generated text, risk flags, or session summaries to advertising platforms.

Your control

You can clear local browser storage from your browser settings. This may reset saved preferences, history, and local progress.

Strictly necessary cookies cannot be disabled without affecting app functionality.