Privacy Policy

We collect the following types of information: Personal Information: • Email address and display name • Account preferences and settings • Subscription and payment information (processed by Payfast) Usage Data: • Chat conversations and messages • Activity completions and responses • Mood scores and emotional insights • App usage patterns and analytics

We use your information to: • Provide personalized AI responses and insights • Track your progress and generate analytics • Improve our AI models and service quality • Process payments and manage subscriptions • Send important service updates (not marketing) • Conduct anonymized research to improve mental health support

We share limited data with: AI Services: • OpenRouter (for AI processing) - conversation content only • Data is processed, not stored by AI providers Payment Processing: • Payfast (South Africa) - payment and billing information only Analytics: • Firebase Analytics - anonymized usage patterns • Google Cloud Firestore - secure data storage We never sell your personal data or share it for marketing purposes.

We protect your data through: • End-to-end encryption for sensitive conversations • Secure cloud storage with Google Firebase • Regular security audits and updates • Limited employee access on need-to-know basis • Industry-standard authentication and authorization

Under South Africa's POPIA, you have the right to: • Access your personal information • Correct inaccurate information • Delete your account and data • Object to certain processing activities • Data portability (export your data) • Lodge complaints with the Information Regulator

We retain your data as follows: • Account information: Until you delete your account • Conversations: 3 years or until account deletion • Usage analytics: 2 years in anonymized form • Payment records: As required by law (typically 5 years) You can request data deletion at any time.

Your data may be processed in: • South Africa (primary) • United States (Google Cloud, OpenRouter) • European Union (Google services) We ensure adequate protection through standard contractual clauses and adequacy decisions.

Mind Mirror is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has provided information, please contact us immediately.

With your consent, we may use anonymized data for: • Mental health research and studies • Improving AI models for emotional support • Publishing aggregate insights (no personal information) You can opt out of research participation at any time.

For privacy questions or to exercise your rights: • Email: privacy@mindmirror.app • Data requests: Submit through app settings • Response time: Within 30 days • Complaints: File with South African Information Regulator