Privacy Notice

Privacy Notice

Last updated: October 23, 2025

1. Who We Are

ClearMind ("we", "our", "us") operates the AI-powered content protection platform available at clearmindapp.ai.
We are the data controller of the personal data collected through our website and application.

If you have any questions about this notice or about your data, you can contact us at:
📩 contact@clearmindapp.com

2. What Data We Collect

We collect and process the following categories of personal data:

  • Identification data: first name, last name, date of birth
  • Contact data: email address, phone number
  • Account data: login credentials, profile information
  • Payment data: processed securely by our payment provider (Stripe)
  • Usage data: IP address, browser type, pages visited, session duration, and device information
  • Cookies and analytics data: collected with your consent through tools such as Google Analytics (see section 5)

Information We Do NOT Collect

  • Browsing History: We do not track or store your browsing history
  • Personal Content: We do not access or store the content you view
  • Location Data: We do not collect your location information

3. How We Use Your Data and Legal Bases

We process your personal data for the following purposes and legal bases:

Account creation and user authentication
Legal basis: Contract performance
To register you as a user and provide access to our services.

Payment and billing
Legal basis: Contract performance / Legal obligation
To process your payments securely through Stripe.

Service improvement and analytics
Legal basis: Consent
To analyze usage and improve user experience.

Customer support
Legal basis: Contract performance
To respond to your requests and resolve issues.

Marketing and communication
Legal basis: Consent
To send you product updates or offers (optional).

4. Who We Share Data With

We only share data with trusted service providers who help us operate our business:

  • Hosting: Vercel
  • Payment processing: Stripe, Inc.
  • Analytics: Google Analytics (GA4)
  • Email delivery: Resend
  • Customer support: Intercom

Each provider acts as a data processor under a GDPR-compliant Data Processing Agreement (DPA), and your data is protected accordingly.

5. Cookies and Analytics

We use cookies to provide, secure, and improve our service.
Non-essential cookies (e.g., analytics or marketing) are used only after you give consent via our cookie banner.

We use Google Analytics (GA4) to understand how users interact with our platform.
Google Analytics may transfer data outside the EU/EEA. In such cases, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

You can withdraw your consent at any time by updating your cookie preferences.

6. Data Transfers Outside the EU/EEA

Some of our service providers (e.g., Stripe, Google) are based in the United States.
When we transfer personal data outside the EU/EEA, we ensure that:

  • The recipient country has an adequacy decision from the European Commission, or
  • We use Standard Contractual Clauses (SCCs) or other legally recognized safeguards.

7. Data Retention

We keep your data only as long as necessary for the purposes described above or as required by law:

  • Account data: kept for the duration of your account and deleted 12 months after closure.
  • Payment records: kept for up to 10 years (to comply with accounting obligations).
  • Analytics data: retained for a maximum of 26 months.
  • Support requests: deleted after 24 months.

8. Your Rights Under the GDPR

You have the following rights regarding your personal data:

  • Access: obtain a copy of your data.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion ("right to be forgotten").
  • Restriction: limit how we process your data.
  • Portability: receive your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest or direct marketing.

To exercise your rights, contact us at privacy@clearmindapp.com.
We will respond within one month of receiving your request.

9. Security Measures

We take appropriate technical and organizational measures to protect your data, including:

  • HTTPS/TLS encryption for all communications
  • Encryption of sensitive data at rest
  • Strict access controls and audit logs
  • Regular backups and security monitoring
  • Data minimization and anonymization where possible

Local Processing

  • Content filtering happens locally on your device
  • No personal browsing data is sent to our servers
  • Your privacy is protected by design

10. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13.

11. Updates to This Policy

We may update this privacy notice to reflect changes in our practices or legal obligations.
The latest version will always be available on our website.

12. Compliance

This Privacy Notice complies with:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable privacy laws

This Privacy Notice is effective as of the date listed above and will remain in effect except with respect to any changes in its provisions in the future.