Privacy Policy

Our Commitment to Privacy

Our Mind ("we," "our," or "us") is built with privacy as a core principle. We believe your data belongs to you, and we are committed to transparency about what information we collect and how we use it.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (required for account creation and communication)
• Name (optional, for personalization)
• Password (stored using industry-standard hashing, never in plain text)

1.2 User Content

You may choose to store the following content through our service:

• Memories: Text content you save from AI conversations
• Prompts: Custom prompt templates and shortcuts you create
• Minds: Collections of memories and prompts you organize
• Memory Spaces: Organizational containers for your content

This content is encrypted in transit and at rest. We do not access, analyze, sell, or share your content with third parties except as necessary to provide the service or as required by law.

1.3 Local-Only Mode

Our browser extension supports a local-only mode where your data is stored exclusively on your device using IndexedDB. In this mode, no user content is transmitted to our servers.

1.4 Technical Data

We collect minimal technical data necessary for service operation:

• Server logs (IP address, request timestamps) retained for security purposes and deleted after 30 days
• Error logs for debugging, which do not contain user content

2. What We Do NOT Collect

We explicitly do not collect or use:

• Third-party analytics or tracking scripts (no Google Analytics, Mixpanel, etc.)
• Advertising identifiers or tracking pixels
• Device fingerprinting data
• Behavioral analytics or user profiling data
• Data from your AI conversations beyond what you explicitly save as memories
• Cross-site tracking or cookies for advertising purposes

3. How We Use Your Information

We use the information we collect solely to:

• Provide, maintain, and improve our services
• Authenticate your account and protect against unauthorized access
• Send essential service communications (password resets, security alerts)
• Process payments and manage subscriptions (via Stripe)
• Respond to your support requests
• Comply with legal obligations

4. Data Storage and Security

4.1 Encryption

• All data is encrypted in transit using TLS 1.3
• User content is encrypted at rest using AES-256 encryption
• Passwords are hashed using bcrypt with appropriate cost factors

4.2 Infrastructure

Our services are hosted on secure, enterprise-grade infrastructure with:

• Regular security audits and vulnerability assessments
• DDoS protection and rate limiting
• Automated backups with encryption

4.3 Multi-Factor Authentication

We offer TOTP-based multi-factor authentication to further protect your account.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties except in the following limited circumstances:

• Service Providers: We use Stripe for payment processing. Stripe's privacy policy governs their use of your payment information.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
• With Your Consent: When you use team features to share Minds with other users, content is shared according to the permissions you set.

6. Your Rights and Controls

You have full control over your data:

• Access: View all data associated with your account at any time
• Export: Download your memories, prompts, and other content in standard formats
• Correction: Update or correct your account information
• Deletion: Delete individual memories or your entire account, including all associated data
• Local Mode: Use local-only storage to keep data exclusively on your device

To exercise these rights, use the settings in your dashboard or contact us at privacy@our-mind.com.

7. Data Retention

We retain your data only as long as necessary:

• Account Data: Retained while your account is active; deleted within 30 days of account deletion
• User Content: Retained until you delete it or delete your account
• Server Logs: Automatically deleted after 30 days
• Billing Records: Retained as required by tax and financial regulations

8. Cookies

We use only essential cookies necessary for the service to function:

• Session Cookies: To keep you logged in during your session
• Security Cookies: To prevent cross-site request forgery (CSRF) attacks

We do not use tracking cookies, advertising cookies, or any third-party cookies.

9. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Our services are operated from the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: