Privacy Policy

Mind Log mobile app privacy policy.

Back to Support Website Privacy Notice

Mind Log App Privacy Policy

Last Updated: 2026-01-13

Company: W Interactive AB (Sweden)

Application: MindLog – Journaling Application

1. Introduction

W Interactive AB (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use MindLog (the “App”).

This policy is designed to comply with applicable privacy laws and regulations, including:

  • General Data Protection Regulation (GDPR)
  • Swedish Data Protection Act (2018:218)
  • California Consumer Privacy Act (CCPA/CPRA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Apple App Store privacy requirements

MindLog is built using privacy-first principles. Your journal entries are encrypted on your device before being stored or synchronized, and we are technically prevented from accessing the plaintext content of your journal.

2. Contact Information

Company: W Interactive AB

Email: info@winteractive-ab.com

Data Protection / U.S. Privacy Rights Contact: info@winteractive-ab.com

For inquiries in Swedish, contact the same address.

3. Information We Collect

3.1 Account Information

  • Email address (for account creation and authentication)
  • User ID (automatically generated unique identifier)
  • Account creation timestamp

3.2 Journal Content (Encrypted)

All journal content is encrypted on your device using strong industry-standard encryption before being stored or synchronized. We do not have access to plaintext journal content.

This includes:

  • Journal entries (titles and body text)
  • Photos (if you choose to attach them)
  • Audio recordings (if you choose to record them)
  • Entry metadata (creation and modification dates, word counts)

3.3 AI Features (Optional)

When AI features are enabled by you:

  • AI-generated memory cards (encrypted before storage)
  • AI chat conversations (encrypted before storage)
  • Search embeddings derived from your content (encrypted before storage)

To provide AI functions, small excerpts of decrypted journal content are processed transiently on your device and securely transmitted to our AI service provider. This data is not used for model training and is retained only temporarily for abuse and safety monitoring.

AI features can be disabled at any time in Settings > AI & Privacy.

3.4 Location Information (Optional)

If you explicitly enable location features:

  • Approximate location (city or region) may be used for contextual prompts (such as weather-based reflections)
  • Location data is processed locally on your device
  • Location data is not stored on our servers

Location access can be disabled at any time in Settings > Privacy > Location.

3.5 Biometric Information (Device-Only)

MindLog supports biometric authentication (Face ID, Touch ID, or equivalent) for app unlocking:

  • All biometric processing occurs entirely on your device
  • No biometric templates or biometric data are transmitted to or stored on our servers
  • We do not perform server-side biometric processing

3.6 Technical and Analytics Information (Optional)

If analytics are enabled:

  • Device identifiers (for synchronization and security purposes)
  • App version and platform information
  • Error logs with personal data removed
  • Performance metrics (e.g., sync duration, response times)
  • Aggregated app usage patterns (screens visited, features used)
  • Crash reports with personal data removed

Analytics data is processed in the EU (PostHog, Frankfurt region) in anonymized or aggregated form.

4. How We Use Your Information

4.1 Core App Functionality

  • Provide secure journal entry creation and storage
  • Synchronize encrypted data across your devices
  • Maintain account authentication and security

4.2 AI Features (When Enabled)

  • Generate personalized memory cards and insights
  • Provide AI-assisted chat functionality
  • Enable semantic search using encrypted embeddings

4.3 Service Improvement

  • Improve app reliability and performance
  • Identify and resolve bugs

5. Third-Party Services and Data Sharing

5.1 OpenAI (AI Processing)

  • Service: AI models used for chat and memory generation
  • Data Shared: Decrypted journal excerpts required to fulfill AI requests, transmitted securely
  • Location: United States
  • Retention: Retained up to 30 days for abuse and safety monitoring
  • Model Training: Data is not used for model training by default unless we opt in
  • Opt-Out: Available in Settings > AI & Privacy

5.2 Supabase (Database and Synchronization)

  • Service: Cloud database and file storage
  • Data Shared: Encrypted user data only
  • Location: United States (us-east-1)
  • Security: Row-level security and encryption enforced

Because data is encrypted before upload, service providers cannot access plaintext journal content.

5.3 Superwall (Subscriptions)

  • Service: Subscription management and paywalls
  • Data Shared: User ID and subscription status
  • Location: United States

5.4 Apple App Store

  • Service: App distribution and in-app purchases
  • Data Shared: Purchase information and App Store identifiers
  • Purpose: Payment processing and subscription management

International Transfers

Where data is transferred outside the EU/EEA, transfers rely on appropriate safeguards, including Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

6. Data Security

6.1 Encryption and Architecture

  • Strong encryption is applied to journal content before storage or synchronization
  • Encryption keys are generated and protected on your device
  • Network communications use modern secure transport protocols (e.g., TLS)

MindLog is designed so that we cannot access plaintext journal content, sometimes referred to as a zero-knowledge–style architecture.

6.2 Security Practices

  • Regular security audits and vulnerability assessments
  • Periodic penetration testing by qualified third parties
  • Automatic updates for critical security issues
  • Routine cleanup of temporary data

6.3 Security Incident Response

If a security incident occurs:

  • Users will be notified without undue delay
  • Relevant authorities will be notified as required by law
  • Impact assessments will be performed

7. Data Retention

7.1 Journal Content

  • Retained until you delete entries or your account
  • Encrypted backups may persist for up to 30 days after deletion

7.2 Account Information

  • Retained while your account is active
  • Deleted within 30 days after account deletion

7.3 AI-Related Data

  • Memory cards retained until deleted or AI features are disabled
  • AI service providers retain data only temporarily as described above

7.4 Analytics Data

  • Aggregated analytics retained for up to 2 years
  • Individual usage data retained for up to 12 months

8. Your Privacy Rights

8.1 GDPR Rights (EU/EEA)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Receive a copy of your data (data portability)
  • Object to certain processing
  • Withdraw consent at any time

8.2 U.S. State Privacy Rights (CCPA/CPRA)

You have the right to:

  • Know what personal information is collected
  • Request deletion of personal information
  • Request correction of inaccurate personal information
  • Opt out of sale or sharing (we do not sell or share data)
  • Limit use of sensitive personal information
  • Be free from discrimination for exercising your rights

Requests can be made via in-app settings or by contacting us. GDPR: we respond within one month (extendable by up to two months where permitted). CCPA/CPRA: we respond within 45 days of receiving a verifiable consumer request (with extensions where permitted).

9. Children’s Privacy

MindLog is not intended for children under 13.

Age Requirements

  • Sweden: 13+
  • United States: 13+
  • EU/EEA: 13–16 depending on country

Users must confirm eligibility in the Terms of Service.

Parental Consent

Where required by law, parental consent may be obtained using reasonable and lawful verification methods. Parents may request account deletion at any time.

Protections for Minors

  • Restricted AI features for users under 16
  • No behavioral advertising
  • Simplified privacy controls

10. International Data Transfers

Data may be processed outside the EU/EEA, including in the United States.

Safeguards include:

  • Standard Contractual Clauses
  • EU-US Data Privacy Framework (where applicable)
  • Encryption in transit and at rest
  • Transfer impact assessments

11. Apple App Store Compliance

  • MindLog includes a PrivacyInfo.xcprivacy manifest
  • No cross-app or cross-site tracking is performed
  • No advertising identifiers are collected
  • Encryption is classified as mass-market software

12. Business Transitions

If W Interactive AB undergoes a merger, acquisition, or sale:

  • Users will be notified in advance where required
  • The successor must honor this Privacy Policy
  • Users may delete their accounts prior to transition

In the event of bankruptcy or dissolution, user data will be handled and deleted in accordance with applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

  • Significant changes will be communicated directly
  • Minor changes will be posted in the app
  • The effective date will always be displayed

Continued use of the App constitutes acceptance of the updated policy.

14. Complaints and Contact

If you believe your concerns have not been addressed, you may contact your local data protection authority.

Sweden: Integritetsskyddsmyndigheten (IMY)
Website: imy.se
Email: imy@imy.se

You can also contact us at info@winteractive-ab.com.