How it Works Features Ultra Mode Study Plan Summary Tokens Screenshots FAQ Get MindLoad
Legal

Privacy Policy

How MindLoad collects, uses, and protects information.

Privacy Policy

Last Updated: December 12, 2025 Effective Date: December 7, 2025

Developer: MindLoad AI Contact: [email protected] Support: [email protected] Website: https://mindload.app

1. Introduction

MindLoad ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application MindLoad (the "App").

By using MindLoad, you agree to the collection and use of information in accordance with this policy. If you do not agree with this Privacy Policy, please discontinue use of the App.

2. Information We Collect

2.1 Personal Information

When you create an account or use authentication services, we collect:

  • Email address (for account identification and communication)
  • Display name (optional nickname or name from social providers)
  • Authentication credentials (encrypted password or OAuth tokens)
  • Profile information (display name, profile picture if provided by social login)
  • Apple ID (when using Sign in with Apple - may be anonymized email)

2.2 Study and Learning Data

To provide our AI-powered study features, we collect:

  • Study sets (flashcards, quiz questions, and your answers)
  • Uploaded content (PDFs, text files, images of study materials)
  • Study session data (time spent studying, cards reviewed, quiz scores)
  • Achievement progress (milestones reached, streaks maintained)
  • Learning preferences (study modes, notification settings)
  • NeuroGraph data (focus patterns, performance metrics - stored locally)

2.3 Token and Purchase Information

For our token-based system:

  • Token balance (current tokens, transaction history)
  • Purchase receipts (via Apple App Store or Google Play)
  • Transaction IDs (for fraud prevention and support)
  • Refund history (if applicable)

Important: We do NOT store credit card information. All payment processing is handled securely by Apple and Google.

2.4 Usage and Analytics Data

We automatically collect:

  • Device information (device model, OS version, device ID)
  • App usage patterns (features used, session duration, navigation paths)
  • Performance data (crash reports, error logs, loading times)
  • Network information (IP address, timezone, connection type)
  • Analytics events (button clicks, feature engagement)

2.5 Notification Data

With your permission:

  • Push notification token (for Firebase Cloud Messaging)
  • Notification preferences (types of notifications, frequency)
  • Notification interaction data (opened, dismissed, interacted)
  • Promotional consent status (whether you've opted in to marketing messages)

2.6 Location Data

We do NOT collect precise location data. We only collect:

  • Timezone (for scheduling notifications at appropriate times)
  • General region (from App Store/Play Store for regional analytics)

3. How We Use Your Information

3.1 Primary Service Delivery

  • Provide AI-powered flashcard and quiz generation
  • Store and sync your study materials across devices
  • Track your learning progress and achievements
  • Process token purchases and manage your account balance
  • Deliver personalized study recommendations

3.2 Communication

  • Send essential service notifications (account changes, system updates)
  • Deliver study reminders (with your permission)
  • Send achievement notifications
  • Provide customer support responses
  • Send promotional messages (ONLY if you opt-in)

3.3 Product Improvement

  • Analyze usage patterns to improve app features
  • Debug crashes and technical issues
  • Conduct A/B testing for feature optimization
  • Train AI models for better content generation
  • Generate anonymized statistics for research

3.4 Security and Fraud Prevention

  • Detect and prevent fraudulent purchases
  • Monitor for abuse of token system
  • Identify and block malicious activity
  • Protect against security threats
  • Comply with legal obligations

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your data based on:

  • Contract Performance: To provide MindLoad services you've agreed to use
  • Legitimate Interests: To improve our app, prevent fraud, and ensure security
  • Consent: For optional features like promotional notifications and analytics
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Storage and Security

5.1 Where Your Data is Stored

We use Google Firebase (Google Cloud Platform) for data storage:

  • Firebase Authentication: Login credentials and user profiles
  • Cloud Firestore: Study sets, progress, preferences
  • Cloud Storage: Uploaded PDFs and images
  • Firebase Analytics: Anonymized usage data
  • Firebase Cloud Messaging: Push notification delivery
  • Cloud Functions: Server-side processing (token management, AI generation)

Data Location: Firebase services are hosted primarily in the United States, with global distribution. Your data may be transferred to and stored on servers in different countries.

5.2 Local Storage

Some data is stored locally on your device:

  • SQLite database: Study materials, NeuroGraph data, performance metrics
  • Cached content: Downloaded images, PDFs for offline access
  • Preferences: App settings, theme preferences

5.3 Security Measures

We implement industry-standard security practices:

  • Encryption in Transit: All data transmitted over HTTPS/TLS 1.3
  • Encryption at Rest: Firebase automatically encrypts all stored data
  • Secure Authentication: OAuth 2.0, Sign in with Apple, password hashing
  • Access Controls: Role-based access, principle of least privilege
  • Security Audits: Regular vulnerability assessments
  • Secure APIs: Firebase App Check to prevent unauthorized access
  • Token Security: Cryptographic nonces, secure random generation

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5.4 Data Retention

We retain your data only as long as necessary to provide services and comply with legal obligations.

Summary:

  • Active accounts: Data retained indefinitely while your account is active
  • Inactive accounts: Deleted after 24 months of inactivity (with advance notice)
  • Soft-deleted accounts: 30-day recovery period, then permanent deletion
  • Study materials: Retained until you manually delete them
  • Analytics data: Anonymized and aggregated after 26 months
  • Transaction records: 7 years (tax and legal compliance)

6. Data Sharing and Disclosure

6.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Service Providers

We share data with trusted service providers who help us operate MindLoad:

Google Firebase (Google LLC)

  • Services: Authentication, database, storage, analytics, cloud functions
  • Data Shared: All user data (as necessary for service provision)
  • Privacy Policy: https://firebase.google.com/support/privacy
  • Compliance: GDPR-compliant Data Processing Agreement in place

AI Services (for Content Generation)

  • Services: AI-powered flashcard and quiz generation
  • Data Shared: Study content you upload (text, PDFs)
  • Privacy: Content is processed transiently, not permanently stored
  • Purpose: Generate study materials based on your content

Apple / Google (Payment Processing)

  • Services: In-app purchase processing
  • Data Shared: Transaction data, purchase receipts
  • Privacy: Subject to Apple/Google privacy policies
  • Purpose: Process token purchases

6.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders, subpoenas, or legal process
  • Government or regulatory requests
  • Investigations of fraud, security, or illegal activity
  • Protection of our rights, property, or safety
  • Protection of users or the public

6.4 Business Transfers

If MindLoad is acquired, merged, or undergoes reorganization, your data may be transferred to the new entity. We will notify you before your information becomes subject to a different privacy policy.

6.5 Aggregated Data

We may share anonymized, aggregated statistics that cannot identify you.

7. Your Privacy Rights

7.1 Access and Portability

Right to Access: Request a copy of your personal data Right to Portability: Export your study sets in JSON format

How to exercise:

Response time: Within 30 days

7.2 Correction and Update

Right to Rectification: Update inaccurate or incomplete information

How to exercise:

7.3 Deletion and Erasure

Right to be Forgotten: Delete your account and all associated data

How to exercise:

  • In-app: Settings → Privacy & Security → Delete Account
  • Email: [email protected] (include your registered email)

What gets deleted:

  • User profile and authentication data
  • All study sets, flashcards, and quiz results
  • Token balance and purchase history
  • Preferences and settings
  • Analytics data (anonymized within 30 days)

Timeline: Complete deletion within 30 days

7.4 Objection and Restriction

Right to Object: Opt out of non-essential data processing Right to Restrict: Limit how we use your data

How to exercise:

  • In-app: Settings → Privacy & Security → Data Processing Options
  • Email: [email protected]

7.5 Withdraw Consent

Right to Withdraw Consent: Revoke permissions at any time

For promotional notifications:

  • In-app: Settings → Notifications → Promotional Messages → OFF

For analytics:

  • In-app: Settings → Privacy → Analytics Consent → OFF

7.6 Lodge a Complaint

If you're in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority.

8. Special Provisions for California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

8.1 CCPA Rights

Right to Know: What personal information we collect, use, disclose, or sell Right to Delete: Request deletion of your personal information Right to Opt-Out: We do NOT sell personal information (opt-out not applicable) Right to Non-Discrimination: We will not discriminate against you for exercising your rights

8.2 Exercising CCPA Rights

Email: [email protected] Subject: "CCPA Request: [Access/Delete]" Include: Your registered email, description of request

Response Time: Within 45 days (may extend by 45 days if needed)

8.3 Do Not Sell

We do NOT sell your personal information. We have not sold personal information in the past 12 months.

9. Additional State Privacy Rights (2025)

As of 2025, residents of additional U.S. states have privacy rights similar to California. This section applies to residents of:

  • Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland

9.1 Your Rights Under State Privacy Laws

Depending on your state, you may have the right to:

  • Access: Request a copy of personal data we have collected about you
  • Delete: Request deletion of your personal data
  • Correct: Request correction of inaccurate personal data
  • Portability: Receive your data in a portable format
  • Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling
  • Non-Discrimination: Not be discriminated against for exercising your rights

9.2 Universal Opt-Out Mechanisms (UOOM)

We recognize and honor Global Privacy Control (GPC) signals and other universal opt-out mechanisms.

10. Children's Privacy (COPPA/GDPR)

MindLoad is intended for users aged 13 and older (16+ in the EEA).

We do NOT knowingly collect information from children under 13 (or 16 in EEA).

If you believe a child under the minimum age has provided us with personal information:

  • Email: [email protected]
  • Subject: "Child Privacy Concern"
  • We will: Immediately investigate and delete the account and all associated data

11. International Data Transfers

MindLoad is operated from the United States. If you access the App from outside the U.S., your data will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

11.1 EU-US Data Transfers

For users in the EEA, UK, and Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission
  • Google's Data Processing Terms: Google Firebase complies with GDPR requirements
  • Adequacy Decisions: Where applicable

12. Cookies and Tracking Technologies

We do NOT use traditional web cookies, as MindLoad is a native mobile app. However, we use:

  • Device Identifiers: Unique IDs for your device
  • Firebase Analytics SDK: Anonymous event tracking
  • Local Storage: SQLite database, SharedPreferences, UserDefaults
  • Session Tokens: Encrypted authentication tokens (stored securely)

12.1 Opt-Out

  • Firebase Analytics: Settings → Privacy → Analytics Consent → OFF
  • Apple Analytics: iOS Settings → Privacy → Analytics & Improvements → Share with App Developers → OFF

13. Third-Party Links and Services

MindLoad may contain links to third-party websites or services. We are NOT responsible for the privacy practices of these third parties.

Recommendation: Review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service improvements.

14.1 Notification of Changes

Material Changes: We will notify you via:

  • In-app notification (pop-up or banner)
  • Email (to your registered email address)
  • Push notification (if enabled)

Minor Changes: Updated "Last Updated" date at the top of this policy

14.2 Continued Use

Continued use of MindLoad after changes take effect constitutes your acceptance of the updated Privacy Policy. If you disagree, please discontinue use and delete your account.

15. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  1. Within 72 hours of discovery: Notify affected users (GDPR requirement)
  2. Within 72 hours of discovery: Notify relevant data protection authorities if required
  3. Immediate action: Contain and remediate the breach
  4. Within 7 days: Provide follow-up information and guidance

Our breach notification will include:

  • Nature of the breach
  • Data affected
  • Timing
  • Potential consequences
  • Our response
  • Your next steps
  • Contact information

16. Contact Us

16.1 General Privacy Inquiries

Email: [email protected] Website: https://mindload.app/privacy Response Time: Within 3-5 business days

16.2 Data Protection Officer (DPO)

For GDPR-related inquiries:

Email: [email protected]

16.3 Support Team

For account or technical support:

Email: [email protected] In-App: Settings → Help & Support → Contact Us

17. Acknowledgment and Consent

By creating an account and using MindLoad, you acknowledge that you have read, understood, and agree to this Privacy Policy.

For optional features requiring explicit consent:

  • Promotional notifications: Opt-in via Settings → Notifications → Promotional Messages
  • Analytics: Opt-in via Settings → Privacy → Analytics Consent

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Privacy Policy Version: 1.2 Last Reviewed: December 12, 2025 Next Review Date: December 7, 2026

© 2025 MindLoad AI. All rights reserved.