Privacy Policy

Last updated: March 2026

MindLoop is a self-awareness and wellness tool. Your privacy is fundamental to the trust required for this kind of personal work. This policy explains what data we collect, how we protect it, and what we will never do with it.

What data stays on your device

By default, all of the following data is stored locally on your device and never transmitted to our servers:

• Exposure hierarchy items and SUDS ratings
• Exposure session recordings, SUDS check-ins, and anxiety curves
• Journal entries (thoughts, body feelings, safety behavior notes)
• Screener responses and results
• Milestone and streak data

Encryption at rest

All personal data stored on your device is encrypted using AES-256 encryption via the platform's native data protection mechanisms. Data in transit uses TLS 1.3.

What we do not collect

• We do not collect, transmit, or store your exposure content, SUDS scores, journal entries, or any health-related data on our servers
• We do not sell or share personal health data with any third party
• No analytics service sees your exposure content, SUDS data, or journal text

Analytics

We collect anonymized, aggregate usage metrics (screen views, feature adoption, app stability) to improve the product. These metrics contain no personal health information. We use PostHog for analytics with a self-hosted instance. No third-party advertising SDKs are included in the app.

Optional cloud sync

If you create an account and enable cloud sync (a future feature), your data will be encrypted in transit (TLS 1.3) and at rest on our servers (AES-256). You can delete your cloud data at any time from the app settings. Deleting your account permanently removes all server-side data within 30 days.

No mandatory account

You can use all core features of MindLoop without creating an account. An account is only required for optional cloud sync and web dashboard access.

Data deletion

You can delete all local data from the app settings at any time. If you have a cloud account, you can request full deletion of your server-side data through the app or by emailing privacy@mindloop.app.

FTC Health Breach Notification Rule

MindLoop complies with the FTC Health Breach Notification Rule. In the unlikely event of a data breach affecting your personal health information, we will notify you and the FTC within the timeframes required by law.

Children

MindLoop is designed for adults aged 18 and over. We do not knowingly collect information from children under 18.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the app and on this page with a revised date.

Contact

Questions about this policy? Email us at privacy@mindloop.app.