Privacy Policy

Company Information

This Privacy Policy is issued by Mindstream Labs LTD, a company registered in the United Kingdom. Our registered office is located at 128 City Road, London, EC1V 2NX, UNITED KINGDOM. Mindstream Labs LTD is registered under Company Registration Number: 16309403

For any questions regarding this Privacy Policy or the handling of your data, please contact us at: info@introspectly.app.

1. Introduction

Welcome to Introspectly. Your privacy is important to us. This policy explains how we collect, use, and protect your personal data in compliance with:

• The General Data Protection Regulation (GDPR)
• The UK Data Protection Act
• The California Consumer Privacy Act (CCPA) for users in the United States
• And, where applicable, other local laws.

2. Data Collection

We collect and process the following personal data when you use Introspectly:

Email address

• Why we collect it:To enable login, communicate updates, and send reminders.
• How we collect it: Directly provided during registration.

Language preferences

• Why we collect it:To ensure the app’s interface and notifications match your preferred language.
• How we collect it: Automatically based on your selection or browser settings.

Journal entriess

• Why we collect it:To generate personalized AI-based insights, analytics, and suggestions tailored to your self-reflection.
• How we collect it: When you voluntarily input journal entries while using the app.

Gender

• Why we collect it:To personalize AI-generated prompts and ensure more relevant, accurate insights in the analytics. Gender helps fine-tune the reflective questions and suggestions provided during journaling.
• How we collect it: Through user-provided information during the profile setup process.

AI-Generated Content

• What we store:After processing your journal entries and context using OpenAI’s models, we store AI-generated prompts, analytics and insights so that you can access them anytime.
• Why we store them:To help track progress over time, revisit personalized questions, and maintain a history of past AI-generated guidance.

Timezone

• Why we store them:We also collect your timezone as part of your profile information. This is used to tailor the app's functionality (such as scheduling notifications and aligning timestamps on your journal entries) to your local time. The timezone information is stored securely and is used solely to enhance your user experience.

IP Address Detection

• To ensure that you receive the correct version of our services—including the appropriate language and currency—we detect your location using your device’s IP address. This information is used solely to customize your experience and is not stored beyond your session.
• Please note: All personal data, including the information you provide, is stored and processed in Europe (London). By using our service, you consent to the transfer and storage of your data outside your country in accordance with our Privacy Policy.

3. Data Use

We use your personal data to provide and enhance your experience with Introspectly. Specifically:

1. Email address

   Used to create and manage your account, verify your identity, send app updates, and deliver important notifications (e.g., reminders or support emails).

2. Language preferences

   Ensure the app interface, AI-generated prompts, and notifications are tailored to your selected language, creating a smooth and personalized experience.

3. Journal entries

   Processed using OpenAI’s models to provide AI-based analytics and personalized insights. The entries help generate cognitive-behavioral therapy-style prompts, tailored suggestions, and reflective patterns over time.

4. Gender

   Used to fine-tune AI-generated prompts and reflective questions to match your context more effectively, providing tailored advice and suggestions.

5. AI-Generated Content

   These outputs are stored and displayed to you within the app, allowing you to review past AI-based guidance and track changes in your reflective journey.

4. Third-Party Sharing

We share your personal data with trusted third-party service providers to deliver, maintain, and improve Introspectly’s features. We carefully select partners who implement security measures and adhere to industry privacy standards.

1. OpenAI (AI-powered features)

• Purpose:To generate personalized prompts and insights by processing your journal entries.
• Data shared: Journal entries, the username and gender specified during account creation.
• Protection measures: Data is encrypted during transmission using Transport Layer Security (TLS).

2. Stripe (payment processing)

• Purpose:To securely handle payments and subscriptions.
• Data shared:Email address and payment-related details.
• Protection measures: Stripe is PCI-DSS compliant and encrypts data to protect transactions.

3. Google OAuth and Discord (authentication)

• Purpose:To provide secure and convenient login options.
• Data shared:Email address and basic profile information.
• Protection measures:These services follow their respective security protocols to protect user data during authentication.

4. Supabase (database and backend services)

• Purpose:To store and manage user profiles, journal entries, and AI-generated insights.
• Data shared:User profiles, journal entries, and AI-generated content.
• Protection measures:Data is encrypted at rest and additional encryption is applied within Introspectly to safeguard sensitive content.

5. Google Cloud Platform (hosting and deployment)

• Purpose:To host our application infrastructure and maintain reliability.
• Data shared:Processed data needed to operate the application.
• Protection measures:Data is encrypted at rest and during transmission.

We do not sell or share your personal data with third parties for marketing purposes. Data sharing is limited to what is necessary to provide you with our services or as required by law.

5. Data Security

We are committed to protecting your personal data and ensuring that only you have access to your journal entries and personalized AI-generated insights. No one else, including our team, can access this sensitive information. Our security practices include:

1. Data encryption

• All personal data stored in our database is encrypted at rest to protect it from unauthorized access.
• Sensitive fields, such as journal entries and personalized analytics, are encrypted at the column level with a unique key per user.
• An additional layer of encryption is applied at the application level, further securing sensitive data.

2. Secure data transmission

• Data shared between your device and our servers is encrypted using Transport Layer Security (TLS), protecting it from interception.

3. Limited access controls

• Only you can access your encrypted journal entries and insights. Even our team members and administrators cannot view this data in its decrypted form.
• Access to general user data (e.g., email or language preferences) is restricted to authorized personnel and only for necessary functions such as support or maintenance.

4. Third-party security measures

• We collaborate with trusted service providers like OpenAI, Supabase, and Stripe, who maintain industry-leading security practices and certifications.

6. Data Retention

We retain your personal data only for as long as necessary to provide you with Introspectly’s services or as required by applicable law.

1. Active users

• We retain your personal data (including journal entries, AI-generated insights, and profile information) while you are actively using the app.

2. Inactive users

• If your account is inactive for 12 consecutive months, we may delete your personal data to reduce storage of unused data. Before deletion, you will receive an email notification allowing you to extend or reactivate your account if desired.

3. Account deletion

• You can delete your profile and all associated data instantly via the settings page in your profile section. Once you request deletion, your data will be permanently removed from our systems.

4. Payment data

• Payment-related data may be retained by our payment processor, Stripe, in accordance with their legal obligations and retention policies.

We continuously review our data retention practices to ensure compliance with privacy laws and to minimize the storage of unnecessary data.

7. Security of Your Authentication Credentials

Your Introspectly account is authenticated through third-party providers, such as Google and Discord. We do not store, manage, or have access to your passwords for these services.

To maintain the security of your account, you are responsible for:

• Keeping your email account secure, as it is used for authentication and password recovery.
• Enabling two-factor authentication (2FA) on your email and authentication provider accounts where available.
• Taking proper security precautions, such as using a strong password for your email and avoiding phishing attempts.

Since authentication is managed by third-party providers, Introspectly is not responsible for any unauthorized access caused by weak email security, compromised credentials, or the user’s failure to enable additional protections like 2FA.

8. Account Recovery & Responsibility

Since Introspectly does not store or manage passwords, we cannot restore access to your account if you lose access to your authentication provider (e.g., Google or Discord).

If you forget your password or cannot access your email/account, you must contact your email provider or authentication service directly. For security reasons:

• Introspectly cannot reset your password or restore access to your account on your behalf.
• We do not have access to your authentication credentials (such as passwords) and cannot override your login settings.
• If you lose access to your email or authentication provider, you may permanently lose access to your Introspectly account.

If you believe your account has been compromised, we recommend securing your email and enabling two-factor authentication (2FA) as soon as possible.

9. Minors

Introspectly is intended for users aged 16 and older. We do not knowingly collect personal data from anyone under the age of 16. If we discover that we have inadvertently collected data from a minor, we will promptly delete it. If you become aware of any such data, please contact us immediately at hello@introspectly.app.

10. Your Privacy Rights

We believe you should have control over your personal data. To help you exercise this control, we provide the following rights. You may make these requests by contacting us at [email/contact info], or using certain features within the app where available:

1. Access

• You have the right to know what personal data we collect and how we use it. This Privacy Policy provides this information. You can also request a copy of the personal data we store about you.

2. Correction

• You have the right to request the correction of inaccurate or incomplete personal data.

3. Portability

• You may request an export of your personal data in a structured, machine-readable format (such as a .csv or .pdf). Where possible, we can send this export directly to a third party you identify.

4. Deletion

• You have the right to request the deletion of your personal data under certain circumstances, such as if the data is no longer needed for the purpose it was collected.

5. Restriction

• You may request that we restrict the use of your personal data in certain cases, such as when you contest the accuracy of the data or object to its processing. Please note that some restrictions may not be possible if they affect the functionality of the app or delivery of our services.

6. No retaliation or discrimination

• You have the right not to be discriminated against or face retaliatory actions for making a request regarding your personal data.

Verification of requests

• Upon receiving your request, we may need to ask for additional information to verify your identity or confirm how you wish to proceed. We will respond to verifiable requests without undue delay. If additional time is required, we will inform you via the email associated with your account.

Fees

• We do not charge a fee to process your request unless it is excessive, repetitive, or clearly unfounded. If a fee is necessary, we will inform you and provide an estimate before processing the request.

Limitations on rights

• Your rights are not absolute. We may deny your request if:
• We have a legal obligation to retain the data.
• Granting the request would affect the rights of others.
• The request is excessive or lacks sufficient verification.

If you are an EU, UK, or US resident, additional rights may apply under applicable laws. Please refer to the relevant privacy notices specific to your region for more details.

11. OpenAI Processing of Journal Entries

Introspectly utilizes OpenAI’s models to process your journal entries and generate personalized insights, analytics, and guided prompts. Please note the following regarding this process:

1. Data Transmitted

• Only the text you provide in your journal entries and gender specified during account creation is transmitted to OpenAI for processing. It is your responsibility not to use your real name as your nickname. No additional personal data (such as your email address, real name, or other identifying details) is sent.

2. Purpose

• The text is used solely to generate AI-based content for your personal reflection and is not used to identify you.

3. OpenAI’s Data Handling

• We rely on OpenAI’s publicly available documentation and policies regarding data processing. To the best of our knowledge, OpenAI processes the data in a manner consistent with their privacy and security practices. We encourage you to review OpenAI’s Privacy Policy for further details on how they handle information submitted via our Service.

4. Your Responsibility

• You are responsible for ensuring that you do not include any sensitive or personally identifying information in your journal entries, as the text is processed by an external service

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as necessary. If we make material changes, we will notify you via email or through an in-app notice before the changes take effect. Please review this policy periodically for updates.

13. Contact Information

If you have any questions or concerns, please contact us:

• Email: hello@introspectly.app