Privacy Policy

Last updated: 9/29/2025

Your Privacy Matters

At HAND: Mindset, we believe your mental health data is deeply personal. This policy explains how we collect, use, and protect your information.

What We Collect

Personal Information

  • • Email address (for account creation and communication)
  • • Display name (optional, for personalization)
  • • Timezone (for accurate data timestamps)

Health & Wellness Data

  • • Mood scores, energy levels, and anxiety ratings
  • • Journal entries and personal reflections
  • • Activity tags and mood patterns
  • • Usage analytics (anonymized)

Technical Data

  • • Device type and browser information
  • • IP address (for security and rate limiting)
  • • App usage patterns (for improving features)

How We Use Your Data

Core App Functionality

  • • Storing and displaying your mood and journal entries
  • • Generating insights and trends from your data
  • • Providing AI-powered analysis (Premium features)
  • • Sending weekly digest emails (if enabled)

Service Improvement

  • • Analyzing usage patterns to improve features
  • • Identifying and fixing technical issues
  • • Developing new wellness tools and insights

What We DON'T Do

  • • ❌ We never sell your personal data
  • • ❌ We don't show ads or use data for advertising
  • • ❌ We don't share data with third parties (except as required by law)
  • • ❌ We don't use your data to train AI models for other companies

Your Rights

Access & Export

Download all your data in CSV or JSON format anytime through the Data page.

Correction

Edit or delete any mood entries or journal entries directly in the app.

Deletion

Delete your account and all data permanently through Settings → Delete Account.

Portability

Export your data to move to another service or keep personal backups.

Data Security & Storage

Encryption

Your journal entries and notes are encrypted using AES-256 encryption. Data is encrypted both in transit (HTTPS) and at rest in our secure database.

Storage Location

Data is stored on secure servers provided by Supabase (hosted on AWS) with enterprise-grade security, regular backups, and 99.9% uptime guarantee.

Access Controls

Only you can access your data. Our team cannot read your journal entries or personal notes. All database access is logged and monitored.

International Users

GDPR (European Union)

EU users have additional rights under GDPR including data portability, right to be forgotten, and explicit consent for data processing.

CCPA (California)

California residents can opt-out of data sharing (though we don't share data anyway) and request detailed information about data collection.

Contact Us

Questions about privacy or want to exercise your rights? We're here to help.

Email: privacy@handmindset.app

Response Time: Within 72 hours

Data Protection Officer: Available for EU users

This policy is effective as of 9/29/2025 and may be updated periodically.

We'll notify you of any significant changes via email.