Privacy Policy

Last updated: May 1, 2026

This Privacy Policy describes how Mindspace ("we", "us", or "our") collects, uses, and protects information when you use the Mindspace application ("App"). By using the App, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Information You Provide

Mindspace is designed as a local-first, privacy-focused application. All personal content you create — including journal entries, text, photos, videos, drawings, tracker data, tasks, intentions, and tags — is stored locally on your device by default. We do not have access to this content.

1.2 Onboarding Responses

During onboarding, we may ask optional questions about your age range, gender, lifestyle, focus areas, and journaling experience. These responses are stored locally and sent to Firebase Analytics as anonymous user properties to help us understand our user base and improve the App. These responses are not linked to your personal identity.

1.3 Analytics Data

We use Firebase Analytics (provided by Google) to collect anonymous usage data, including:

  • App feature usage events (e.g., entry created, tracker recorded, canvas drawn)
  • Navigation patterns and screen views
  • Subscription-related events (paywall views, plan selections)
  • Import and export actions
  • Device type, operating system version, and locale

This data is collected in aggregate and is used solely to understand how the App is used and to improve user experience. We do not collect or transmit the content of your journal entries, photos, drawings, or any other personal content through analytics.

1.4 Health Data

If you choose to enable Apple Health integration for specific trackers, the App may read health data from Apple HealthKit, including but not limited to: sleep analysis, body mass, heart rate, step count, water intake, active energy burned, and workout data. The App may also write tracker values back to Apple HealthKit for compatible data types.

Health data is:

  • Only accessed with your explicit permission through Apple's HealthKit authorization
  • Used solely to populate your trackers within the App
  • Stored locally on your device (and in iCloud if you enable sync)
  • Never sent to our servers, sold, shared with third parties, or used for advertising

1.5 Location Data

If you grant location permission, the App may capture your approximate location (city and country level) when you create a journal entry. Location data is:

  • Only collected with your explicit "When In Use" permission
  • Captured at reduced accuracy (approximately 100 meters)
  • Stored locally within your journal entries
  • Not transmitted to any external service other than Apple's geocoding service for reverse geocoding

You can disable location services for the App at any time through your device Settings.

1.6 iCloud Data

If you enable iCloud sync, your journal data (entries, trackers, media, drawings, tags, intentions, tasks) is synced across your devices using Apple's CloudKit service. This data is transmitted and stored by Apple in accordance with Apple's Privacy Policy. We do not operate any servers that store your synced data — all cloud storage is managed entirely by Apple.

1.7 User Identification

If iCloud sync is enabled, we use your iCloud account record identifier as an anonymous user ID in Firebase Analytics to understand cross-device usage patterns. This identifier is an opaque string generated by Apple and cannot be used to determine your name, email, or any other personal information.

1.8 Subscription Data

In-app purchases and subscriptions are processed entirely by Apple through the App Store. We do not collect, store, or have access to your payment information, credit card details, or Apple ID credentials. We only receive transaction confirmation data from Apple's StoreKit framework to verify your subscription status.

1.9 AI Features

Mindspace includes AI-powered features such as IntentionOptimizer. These features run entirely on your device using Apple's Foundation Models framework, available on iOS 26 (and later) on Apple Intelligence-compatible devices.

When you use Mindspace's AI features:

  • Your User Content is processed locally on your device
  • No content is transmitted to our servers
  • No content is sent to OpenAI, Anthropic, Google, or any other third-party AI service
  • We do not use your User Content to train, fine-tune, or evaluate any AI model, whether on-device or in the cloud
  • AI features require an Apple Intelligence-compatible device and may not be available in all regions or languages

If a future version of the App introduces AI features that process your content off-device, we will update this Privacy Policy and require your explicit opt-in before any such processing occurs.

1.10 Advertising Identifier and Install Attribution

To measure the effectiveness of paid acquisition campaigns, the App integrates Meta's iOS SDK (also known as the Facebook SDK). Meta uses anonymous install and subscription events to attribute installs to specific ad campaigns.

If you grant App Tracking Transparency permission when prompted by iOS, your Apple Identifier for Advertisers (IDFA) is shared with Meta along with these events. If you decline, no IDFA is shared and attribution falls back to Apple's privacy-preserving aggregate measurement (SKAdNetwork / Apple Ads Attribution).

We do not send any User Content (journal entries, photos, drawings, tracker data, etc.) to Meta — only anonymous install and subscription event signals. You can change your tracking decision at any time in iOS Settings > Privacy & Security > Tracking.

2. How We Use Information

We use the limited information we collect to:

  • Provide and maintain the App's functionality
  • Understand usage patterns to improve the App
  • Verify subscription status for premium features
  • Diagnose technical issues and improve stability
  • Measure the performance of paid acquisition campaigns (only as described in Section 1.10)

We do not use your information to:

  • Display advertisements inside the App
  • Build our own advertising profiles about you
  • Sell, rent, or share your User Content (journal entries, photos, drawings, tracker data) with any third party
  • Send unsolicited communications (except optional daily reminders you configure)
  • Train, fine-tune, or evaluate AI or machine learning models

We do not sell your personal information. We have never sold personal information and have no plans to do so. The only third-party advertising-related data flow is the Meta install-attribution integration described in Section 1.10, which is gated by the iOS App Tracking Transparency prompt and never includes your User Content.

3. Third-Party Services

The App uses the following third-party services:

  • Firebase Analytics (Google) — Anonymous usage analytics. Firebase may automatically collect device identifiers, IP addresses, operating system version, device model, language settings, and mobile network information. This data is used in aggregate and is not combined with personally identifying information. Subject to Google's Privacy Policy.
  • Apple CloudKit (iCloud) — Optional data sync. Subject to Apple's Privacy Policy.
  • Apple HealthKit — Optional health data integration. Subject to Apple's Privacy Policy.
  • Apple StoreKit — In-app purchase processing. Subject to Apple's Privacy Policy.
  • Meta (Facebook / Instagram) — Used solely to measure the performance of paid acquisition campaigns. The Facebook iOS SDK sends anonymous install and subscription events to Meta for ad attribution. Your Apple Identifier for Advertisers (IDFA) is shared only if you grant App Tracking Transparency permission. No User Content is ever sent. Subject to Meta's Privacy Policy.

Apart from the integrations listed above, we do not include any other advertising networks or tracking SDKs.

3.1 Sharing of Information

We may share limited, non-personal information in the following circumstances:

  • Service providers: We use Firebase Analytics (Google) to process anonymous usage data on our behalf.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via the App or our website before your information becomes subject to a different privacy policy.
  • Protection of rights: We may disclose information to protect our rights, privacy, safety, or property, or that of our users or the public.

4. Data Storage and Security

Your data is stored locally on your device using encrypted storage with iOS Data Protection (Complete Until First User Authentication). If you enable iCloud sync, data is encrypted in transit and at rest by Apple.

The App offers additional security features including passcode lock, Face ID, and Touch ID. Your passcode is stored securely in the iOS Keychain and is never transmitted or synced.

While we implement reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention and Deletion

Your journal data remains on your device until you delete it. You may:

  • Delete individual entries, trackers, or journals within the App
  • Export all your data in JSON or ZIP format at any time
  • Delete all App data by uninstalling the App
  • Delete iCloud data through Settings > [Your Name] > iCloud > Manage Storage on your device

Analytics data collected by Firebase is retained according to Google's data retention policies and cannot be individually identified or deleted as it is anonymous and aggregated.

6. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can take appropriate action.

7. International Data Transfers

Analytics data processed by Firebase may be transferred to and stored on servers located outside your country of residence, including the United States. By using the App, you consent to this transfer. iCloud data is stored by Apple in accordance with their data residency practices.

8. Your Rights

Since your content is stored locally on your device, you have full control over your data at all times. You can view, edit, export, or delete your data directly within the App without needing to contact us.

8.1 Rights for Users in the European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to certain legal exceptions.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format. The App provides JSON and ZIP export for this purpose.
  • Right to object: Object to processing of your data for certain purposes.
  • Right to withdraw consent: Withdraw consent for optional features (location, HealthKit, iCloud sync) at any time through your device settings.

The legal basis for our processing of analytics data is our legitimate interest in improving the App. For HealthKit and location data, the legal basis is your explicit consent.

You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

8.2 Rights for Users in the United States

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other US states with consumer privacy laws, you have the following rights:

  • Right to know: Request the categories and specific pieces of personal information we have collected about you.
  • Right to delete: Request deletion of your personal information.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out of sale: We do not sell your personal information and have never done so.
  • Right to opt out of sharing for cross-context behavioral advertising: Under the California Consumer Privacy Act (as amended by the CPRA), "sharing" includes disclosing personal information to a third party for cross-context behavioral advertising purposes. The Meta install-attribution integration described in Section 1.10 may constitute "sharing" under this definition. You can opt out at any time by selecting Ask App Not to Track in the iOS App Tracking Transparency prompt, or by changing your tracking decision in iOS Settings > Privacy & Security > Tracking. When you opt out, no Identifier for Advertisers (IDFA) is shared with Meta.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to data portability: Receive your data in a portable format (the App provides JSON and ZIP export).

To exercise these rights, contact us at the address below. We may need to verify your identity before processing your request.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the App or on our website. Your continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@getmindspace.app