MindRange (“we,” “us,” or “our”) operates the MindRange mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully.
1. Information We Collect
1.1 Information You Provide
- Account information: email address, display name, and password (or OAuth tokens if you sign in with Google or Apple)
- Profile preferences: handedness (right/left), coaching voice preference (male/female)
- In-app content: visualization scripts you generate and associated settings
1.2 Information Collected Automatically
- Session data: which visualizations you listened to, duration, completion percentage, date and time
- Progress data: badges earned, weekly goals completed, streak information
- Device information: iOS version, device model (for crash reporting and compatibility)
- Usage analytics: feature usage patterns (collected in aggregate)
1.3 Information from Third Parties
- If you sign in with Google, we receive your name, email address, and profile picture from Google in accordance with Google’s Privacy Policy
- If you sign in with Apple, we receive your Apple ID email (or Apple-relayed email if you chose Hide My Email) and display name
- Subscription status from Apple (via StoreKit) — we do not receive your payment card details; Apple processes all payments
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Deliver, personalize, and improve the App and your visualizations
- Track your practice progress, sessions, and achievements
- Process subscription payments (through Apple) and manage your subscription status
- Send transactional emails (e.g., account verification, deletion confirmation) via Amazon Simple Email Service
- Sync your data across your devices
- Detect and prevent fraud, unauthorized access, or abuse
- Comply with legal obligations
We do NOT:
- Sell your personal data to third parties
- Use your data for advertising targeting
- Share your data with third parties except as described in Section 4
3. Data Storage and Security
Your data is stored on Amazon Web Services (AWS) infrastructure located in the United States (us-east-1 region), including:
- Amazon DynamoDB (user profiles, session records, progress data)
- Amazon S3 (generated audio visualization files)
- Amazon Cognito (authentication credentials)
We implement industry-standard security measures including:
- Encryption at rest (AES-256) for all stored data
- Encryption in transit (TLS 1.2+) for all transmitted data
- JWT-based authentication with short-lived tokens (60-minute access tokens)
- Refresh token rotation and revocation on sign-out
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
4. Sharing Your Information
We do not sell, trade, or rent your personal information. We may share your information with the following service providers solely to operate the App:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services | Cloud infrastructure, storage, auth | Account data, session data |
| Google (Sign-In) | OAuth authentication | Name, email (if Google sign-in used) |
| Apple (Sign-In + StoreKit) | Authentication, subscription billing | Email, subscription status |
| Amazon SES | Transactional email delivery | Email address |
We may also disclose your information to comply with applicable law, court order, or legal process; to protect the rights, property, or safety of MindRange, our users, or others; or in connection with a merger, acquisition, or sale of assets (you will be notified).
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the App. If you delete your account:
- All DynamoDB records associated with your user ID are permanently deleted
- All S3 audio files associated with your user ID are permanently deleted
- Your Cognito authentication record is permanently deleted
- A confirmation email is sent to your registered email address
- Deletion is completed within 30 days of your request
You may request account deletion at any time through: Profile → Delete Account within the App.
Aggregate, anonymized analytics data that cannot identify you may be retained indefinitely.
6. Your Rights
6.1 All Users
- Access: You may request a copy of the personal data we hold about you
- Correction: You may update your display name directly in the App (Profile → Edit Name)
- Deletion: You may delete your account and all associated data through the App
- Data Portability: Contact us to request an export of your data
6.2 California Residents (CCPA / CPRA)
California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You have the right to know what personal information we collect, use, disclose, and sell. We do not sell personal information.
- Right to Delete: You may request deletion of your personal information
- Right to Opt-Out of Sale: We do not sell personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Correct: You may request correction of inaccurate personal information
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA
To exercise your California rights, contact us at: contact@mindrange.app. We will respond to verifiable consumer requests within 45 days.
6.3 European Economic Area / UK Residents (GDPR / UK GDPR)
If you are in the EEA or UK, our legal basis for processing your personal data is:
- Contract performance: to provide the App and services you signed up for
- Legitimate interests: to improve our services and prevent fraud
- Consent: for any optional features or communications (which you may withdraw)
You have the right to: access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and to object to processing. To exercise these rights, contact: contact@mindrange.app
7. Children’s Privacy
The App is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you believe we have collected information from a child, please contact us immediately at contact@mindrange.app and we will delete such information promptly.
8. Apple Sign-In — Hide My Email
If you use Apple’s “Hide My Email” feature, Apple provides us with a relay email address. We use this relay address only to send transactional emails. If you stop forwarding email from this relay address, you may not receive important account communications, including deletion confirmation.
9. Third-Party Links
The App may contain links to third-party websites or services (e.g., App Store listing). We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last Updated” date and, for significant changes, by sending an in-app notification or email. Your continued use of the App after changes become effective constitutes acceptance of the revised policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy:
MindRange
Email: contact@mindrange.app
Website: https://mindrange.ai/support