Privacy Policy

Last updated: September 28, 2025

David Developers ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our Mindful Student application.

1. Information We Collect

1.1 Authentication and Account Information

When you create an account or sign in, we collect and process:

• Account Details: Name, email address, username (if applicable)
• Authentication Data: Encrypted passwords (stored as salted, hashed values), login credentials
• Third-Party Login: If you sign in with Google, Apple, or other providers, we receive your name, email address, and unique identifier from that provider
• Device Information: IP address, device type, browser information, login timestamps
• Session Data: Session tokens, authentication cookies, "remember me" preferences

1.2 AI Conversation Data

When you use our AI features while signed in:

• Conversation History: Your prompts, AI responses, and related metadata (timestamps, session IDs)
• Usage Patterns: Feature usage, interaction patterns for service improvement

If you use AI features without an account, conversations are processed temporarily and not associated with any account unless you choose to save or link them.

1.3 Local Data Storage

Some data continues to be stored locally on your device:

• App preferences and settings
• Offline conversation history (if not synced to your account)
• Temporary cache and session data

2. How We Use Your Information

We use your information for the following purposes:

• Account Management: Creating and maintaining your account, authentication, session management
• Service Delivery: Providing AI-powered features, conversation history, cross-device synchronization
• Security & Fraud Prevention: Protecting your account, detecting abuse, monitoring for suspicious activity
• Customer Support: Responding to your inquiries and providing technical assistance
• Legal Compliance: Meeting legal obligations, dispute resolution, enforcing our terms
• Service Improvement: Analyzing usage patterns to improve our services (anonymized where possible)

3. Legal Basis for Processing (GDPR/UK GDPR)

We process your personal information based on the following legal grounds:

• Performance of Contract: To provide and maintain our services, authenticate your account, and deliver purchased features
• Legitimate Interests: For security, fraud prevention, service improvement, and customer support
• Consent: For marketing communications and non-essential cookies (where applicable)
• Legal Obligation: To comply with applicable laws and regulations

4. Data Sharing and Third-Party Services

4.1 AI Service Providers

We use the OpenAI API to provide AI-generated responses. When you chat, your messages may be sent to OpenAI's servers for processing. If you enter your own OpenAI API key, requests go directly to OpenAI and are subject to OpenAI's Privacy Policy. We do not collect, transmit, or store your API key.

4.2 Authentication Providers

If you use third-party login services (Google, Apple, etc.), those providers control what information they share with us. Please review their privacy policies to understand their data practices.

4.3 Service Providers

We may share your information with trusted service providers who assist us in:

• Hosting and infrastructure services
• Email and communication services
• Payment processing (for purchases)
• Customer support tools
• Analytics and crash reporting (anonymized)

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Cookies and Similar Technologies

We use cookies and similar technologies to:

• Keep you signed in and maintain your session
• Remember your preferences and settings
• Prevent cross-site request forgery (CSRF) attacks
• Provide security features

You can control cookies through your browser settings. Essential cookies are necessary for the service to function and cannot be disabled.

6. Data Retention

We retain your information for as long as:

• Your account remains active
• Necessary to provide our services
• Required for legal compliance or dispute resolution
• Backup systems require (typically 30-90 days after deletion)

When you delete your account, we will delete or de-identify your personal information, subject to applicable law and legitimate business needs.

7. Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS) and at rest where applicable
• Password Security: Passwords are stored only as salted, hashed values
• Access Controls: Limited access to personal data on a need-to-know basis
• Monitoring: Continuous monitoring for suspicious activity and security threats
• Rate Limiting: Protection against brute force attacks and abuse

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

8.1 General Rights (GDPR/UK GDPR)

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data to another service
• Restriction: Request limitation of processing
• Objection: Object to processing based on legitimate interests

8.2 California Privacy Rights (CPRA)

• Right to Know: Information about data collection and use
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt out of sale or sharing of personal information

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at davidcodeofficial@gmail.com. We will respond within 30 days (or as required by applicable law).

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) for transfers to countries outside the EEA/UK.

11. Communications

We may send you:

• Transactional emails: Account verification, security alerts, password resets
• Service updates: Important changes to our service or policies
• Marketing communications: Only with your consent, which you can withdraw at any time

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification (for significant changes)
• Displaying a notice in the application

Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

13. Contact Information

If you have any questions about this Privacy Policy or your personal information, please contact us:

📧 Email: davidcodeofficial@gmail.com
🌐 Website: https://mindfulstudent.app
🏠 Address: 34 Sevens Road, Jamaica