Privacy Policy

Mind Log mobile app privacy policy.

Back to Support Website Privacy Notice

MindLog App Privacy Policy

Last Updated: 2026-01-24

Company: W Interactive AB (Sweden)

Application: MindLog – Journaling Application

1. Introduction

W Interactive AB (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use MindLog (the “App”). W Interactive AB (Swedish registration number 559521-1821) is the data controller for personal data collected through the App, as defined under the GDPR and Swedish Data Protection Act.

This policy is designed to comply with applicable privacy laws and regulations, including:

  • General Data Protection Regulation (GDPR)
  • Swedish Data Protection Act (2018:218)
  • California Consumer Privacy Act (CCPA/CPRA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Apple App Store privacy requirements

MindLog is built using privacy-first principles. Your journal entries are encrypted on your device before being stored or synchronized, and we are technically prevented from accessing the plaintext content of your journal.

2. Contact Information

3. Information We Collect

3.1 Account Information

  • Email address (for account creation and authentication)
  • User ID (automatically generated unique identifier)
  • Account creation timestamp

3.2 Journal Content (Encrypted)

All journal content is encrypted on your device using AES-256-GCM encryption before being stored or synchronized. We do not have access to plaintext journal content.

3.3 AI Features (Optional)

When AI features are enabled by you, small excerpts of decrypted journal content are processed transiently on your device and securely transmitted to our AI service provider. This data is not used for model training and is retained only temporarily for abuse and safety monitoring.

3.4 Location Information (Optional)

If you explicitly enable location features, approximate location (city or region) may be used for contextual prompts. This data is processed locally on your device and is not stored on our servers.

3.5 Biometric Information (Device-Only)

MindLog supports biometric authentication (Face ID, Touch ID, or equivalent). All biometric processing occurs entirely on your device. No biometric data is transmitted to or stored on our servers.

3.6 Technical and Diagnostic Information

We collect some technical and diagnostic information, such as device identifiers and crash reports, for synchronization, security, and app reliability. We do not use advertising identifiers (such as IDFA/AAID) for tracking.

4. How We Use Your Information and Legal Bases for Processing

  • Core App Functionality (Legal Basis: Contract): We process your Account Information, encrypted Journal Content, and Technical Information to provide our services to you.
  • AI & Location Features (Legal Basis: Consent): When you enable these optional features, we process the necessary data based on your explicit consent.
  • Security & Service Improvement (Legal Basis: Legitimate Interest): We process Technical Information to maintain security, prevent fraud, and improve app stability.

5. Third-Party Service Providers

We use third-party service providers (sub-processors) to operate and support the App, such as for cloud storage and AI processing. We share only the data needed for the specific purpose and ensure they provide at least the same level of data protection as stated in this policy. A list of our current sub-processors can be provided upon request at info@winteractive-ab.com.

6. Data Security

6.1 Encryption and Architecture

Your journal content is protected by strong end-to-end encryption (AES-256-GCM). Where required by law, we conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

6.2 Security Incident Response

In the event of a security incident, we will notify the relevant supervisory authority as required by law, typically within 72 hours of becoming aware of a breach. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

7. Data Retention

We retain your data only for as long as necessary to provide our services. Account information and journal content are retained until you delete your account. Following account deletion, we aim to delete all personal data from our active systems, typically within 30 days. Encrypted backups may be retained for a short additional period for recovery purposes before being permanently deleted.

8. Your Privacy Rights

Under GDPR and CCPA/CPRA, you have rights to access, correct, delete, and restrict the processing of your data. You can exercise these rights via in-app settings or by contacting us at info@winteractive-ab.com. MindLog does not use automated decision-making or profiling that produces legal or similarly significant effects on you.

9. Children’s Privacy

You must be at least 13 years old to use the Services, or the minimum age required in your country, whichever is higher. Where required by law, users below the age of digital consent may need parental consent. We do not knowingly collect personal information from children without such consent.

10. International Data Transfers

Your data may be processed in countries outside the EU/EEA. We use appropriate safeguards for such transfers, such as Standard Contractual Clauses and encryption.

11. App Store Compliance & Tracking

MindLog provides the required privacy disclosures for the Apple App Store and Google Play. The App does not use cookies or perform any cross-app or cross-site tracking.

12. Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes and, where required by law, seek your consent.

13. Governing Law and Complaints

This Privacy Policy is governed by the laws of Sweden and the GDPR. You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local data protection authority.