Privacy Policy
Last updated: January 2025
Data Controller
mTargets Maciej Grabek
Registration Number: 340486440
Contact: contact@minddistil.com
At MindDistil, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding your personal information.
1. Information We Collect
Account Information
When you sign in with Google, we receive:
- Email address - Used as your unique identifier and for account-related communications
- Display name - Shown in the application interface
- Profile picture URL - Displayed in the navigation
Voice & Note Data
When you capture notes via voice or text:
- Audio recordings (temporarily processed for transcription, not stored)
- Transcribed text from your voice recordings
- Text notes you enter directly
- Tags and metadata you assign
Ideas & Refinements
When you work with ideas:
- Idea content and titles
- Refinement history (previous versions, AI suggestions)
- Status changes and timestamps
Projects & Styles
- Project names, descriptions, and context
- Writing style definitions and examples
- Generated content and outputs
Usage Information
- Number of notes, ideas, and content generated (for usage tracking)
- Account creation and last login timestamps
- Feature usage patterns
2. How We Use Your Information
- Provide our service - Capture notes, refine ideas, generate content, and store your data for your use
- Voice Transcription - Audio is sent to OpenAI Whisper API for transcription. Audio is processed and not retained by OpenAI. See: OpenAI Privacy Policy
- AI Processing - Your ideas and content are sent to AI providers (Anthropic Claude) for refinement and generation. These providers process data according to their privacy policies but do not store your data for training. See: Anthropic Privacy Policy
- Enforce usage limits - Track usage to apply subscription tier limits
- Improve our service - Aggregate, anonymized statistics may be used to improve the product
2a. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
Contract Performance (GDPR Article 6.1.b)
Processing necessary to provide the service you signed up for:
- Creating and managing your account
- Storing your notes, ideas, and generated content
- Transcribing voice recordings
- Running AI-powered refinements and content generation
- Processing payments and managing subscriptions
Consent (GDPR Article 6.1.a)
Processing based on your explicit consent:
- Analytics cookies - you can opt out via cookie preferences
- Future third-party integrations - will require separate consent
Legitimate Interest (GDPR Article 6.1.f)
Processing based on our legitimate business interests:
- Generating anonymized, aggregated statistics
- Improving our AI models and service quality
- Preventing fraud and ensuring security
- Communicating service updates and changes
You have the right to object to processing based on legitimate interest. See "Your Rights" section below.
3. Information Sharing
We do not sell your personal information. We share data only with:
- AI Service Providers (Anthropic, OpenAI) - To perform transcription, refinement, and content generation. Data is transmitted securely and not used for model training.
- Payment Processor (Stripe) - To process payments securely. We do not store your payment card details.
- Infrastructure Providers - Database and hosting services that store your data securely.
- Legal Requirements - If required by law or to protect our rights.
3a. International Data Transfers
To provide our AI-powered features, your data may be transferred to countries outside the European Economic Area (EEA), including the United States.
Service Providers
Your data may be processed by the following US-based providers:
- Anthropic (Claude AI) - Idea refinement and content generation
- OpenAI (Whisper) - Voice transcription
- Stripe - Payment processing
Safeguards
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with all sub-processors
- Encryption of data in transit (HTTPS/TLS)
Note: These providers process your data solely for their stated purposes. AI providers do not store your data for training. Stripe is PCI-DSS compliant.
4. Data Security
- All data is transmitted over HTTPS (encrypted in transit)
- Passwords are not stored - we use Google OAuth for authentication
- Database access is restricted and secured
- Audio recordings are processed temporarily and not persistently stored
- We do not store payment information directly (handled by Stripe)
5. Data Retention
We retain your data for as long as your account is active. You can delete your data at any time.
- Notes - Stored until you delete them
- Ideas & Refinements - Stored until you delete them
- Projects & Styles - Stored until you delete them
- Generated Content - Stored until you delete it or your account
- Account Data - Deleted when you delete your account
6. Your Rights (GDPR)
You have the following rights regarding your personal data:
Right to Access
You can view all your data directly in the application:
- Profile - Your account information in the Profile page
- Notes - All captured notes in the Notes section
- Ideas - All ideas and refinement history
- Projects & Styles - All your projects and writing styles
- Generated Content - All content you've generated
Everything we store about you is visible in your account. There is no hidden data.
Right to Erasure ("Right to be Forgotten")
You can delete all your data at any time by deleting your account from your Profile page.
Account deletion is permanent and irreversible. All your notes, ideas, projects, styles, content, and account data will be permanently removed from our systems.
Right to Data Portability
You can export your data from your Profile page in a machine-readable format (JSON).
Right to Rectification
You can edit your notes, ideas, projects, and profile information at any time through the application.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests. Contact us at contact@minddistil.com to exercise this right.
Right to Lodge a Complaint: If you believe your data protection rights have been violated, you may lodge a complaint with a supervisory authority. For users in Poland: President of the Personal Data Protection Office (UODO).
Response Timeframe: We will respond to all data subject requests within 30 days of receiving your request. If your request is complex, we may extend this by an additional 60 days, but we will notify you of any extension within the initial 30-day period.
7. Cookies
We use cookies to provide and improve our service:
Essential Cookies (Always Active)
- Authentication cookie - Keeps you logged in to your account
- Anti-forgery cookie - Protects against CSRF attacks
- Cookie consent - Remembers your cookie preferences
Analytics Cookies (Optional)
- Google Analytics - Helps us understand how visitors use our site. This data is anonymized.
We do not use third-party advertising cookies or sell data to advertisers.
Manage Cookie Preferences
You can change your cookie preferences at any time.
8. Automated Decision-Making
Our service uses AI to refine ideas and generate content based on your input. These AI features are tools to assist you:
- No decisions affecting your legal rights or significant interests are made solely by automated means
- AI suggestions are recommendations only - you always have final control
- You review and approve all content before publishing
- You can edit, reject, or regenerate any AI output
If you have concerns about how AI processes your data, contact us at contact@minddistil.com.
9. Data Breach Notification
In the event of a data breach that affects your personal data:
- We will notify the relevant supervisory authority (UODO) within 72 hours of becoming aware of the breach, as required by GDPR Article 33
- If the breach is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay
- Notification will include the nature of the breach, likely consequences, and measures taken or proposed to address it
10. Children's Privacy
MindDistil is not intended for users under 16 years of age. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email.
12. Contact Us
If you have questions about this privacy policy or want to exercise your rights, contact us at:
Email: contact@minddistil.com
Manage Your Data
Access, export, or delete your data from your profile page.
Coming Soon