Privacy Policy

Last Updated: March 17, 2026

MindCal ("we," "us," or "our") is operated by Keith Meyer as an individual. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the MindCal application and related services (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in with Google, we receive your Google profile information (name, email, and profile picture) as authorized by you.

1.2 Calendar Data

With your permission, we access your calendar data from connected providers (Google Calendar, Microsoft Outlook, CalDAV) to display events, create new events, and generate scheduling suggestions. We sync and store calendar event metadata to provide our Service.

1.3 Email Data

With your explicit consent, we access email data from connected email providers (Gmail, Outlook) to extract events, receipts, and contacts. We process email content to identify actionable information but do not store full email bodies permanently.

1.4 Conversations and AI Interactions

We store your chat conversations with our AI assistant to provide continuity across sessions, improve response quality, and learn your communication preferences for delegated messaging (voice matching).

1.5 Contact and People Data

We store information about your contacts that you provide or that is extracted from connected services, including names, birthdays, relationship notes, and gift ideas.

1.6 Shopping and Travel Data

We store your shopping searches, travel plans, and related preferences to provide personalized recommendations. When you click affiliate links, third-party retailers may collect additional data subject to their own privacy policies.

1.7 Usage and Technical Data

We automatically collect technical information including IP address, browser type, device information, and usage patterns (pages visited, features used) to maintain and improve our Service. We use structured logging with correlation IDs for operational monitoring.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the MindCal Service
• Sync and display your calendar events across connected providers
• Process email data to extract events, receipts, and contacts
• Generate AI-powered suggestions, reminders, and task chains
• Match your communication style for delegated messages (voice matching)
• Calculate and display mental load scores and rebalancing suggestions
• Search for products, flights, hotels, activities, and restaurants on your behalf
• Send notifications and reminders via your preferred channels
• Authenticate your identity and secure your account
• Comply with legal obligations

3. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) enabled, ensuring that each user can only access their own data. We use encrypted connections (TLS/SSL), encrypted tokens for third-party service credentials, and follow security best practices including input validation, error sanitization, and rate limiting.

Our infrastructure is hosted on Amazon Web Services (AWS) in the Canada (Central) region (ca-central-1). Data is served through Amazon CloudFront CDN with AWS WAF protection.

4. Third-Party Services

We integrate with the following categories of third-party services:

• Authentication: Google OAuth for sign-in
• Calendar Providers: Google Calendar, Microsoft Graph, CalDAV servers
• Email Providers: Gmail (Google API), Microsoft Outlook
• AI Processing: Anthropic (Claude) for conversational AI
• Travel Services: Duffel (flights), Nuitee (hotels), Viator (activities)
• Shopping Affiliates: Amazon Associates, CJ Affiliate, Rakuten, Impact.com, Instacart
• Social Platforms: Meta (Facebook, Instagram) for birthday and contact discovery
• Payments: Stripe for subscription billing
• Infrastructure: AWS (hosting), Supabase (database), Upstash (rate limiting)

Each third-party service processes data according to its own privacy policy. We only share the minimum data necessary for each integration to function.

5. Google API Services User Data Policy

MindCal's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request access to the Google API scopes necessary to provide the Service (calendar read/write, user profile).
• We do not use Google user data for advertising purposes.
• We do not sell Google user data to third parties.
• We do not use Google user data to develop or improve AI/ML models unrelated to providing the Service to you.
• Google user data is only shared with third parties as necessary to provide or improve the Service, comply with applicable law, or as part of a merger/acquisition with adequate data protection.
• Human access to Google user data is limited to security investigations, compliance with legal obligations, or providing support with your consent.

6. Your Rights

You have the right to:

• Access: Request a copy of all personal data we hold about you. You can export your data from the Settings page.
• Correction: Update or correct inaccurate personal data through your account settings.
• Deletion: Request deletion of your account and all associated data. You can delete your account from the Settings page, which performs a cascade deletion of all your data.
• Portability: Export your data in a machine-readable format (JSON).
• Revocation: Disconnect any third-party service integration at any time from the Settings page.
• Objection: Object to processing of your data for specific purposes by contacting us.

7. Cookies and Local Storage

We use essential cookies for authentication session management (session tokens). We do not use third-party tracking cookies or advertising cookies. We use browser local storage for user preferences such as theme settings.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we delete all associated data within 30 days. We may retain anonymized, aggregated data for analytics purposes. Backup data is purged according to our standard backup rotation schedule.

9. Children's Privacy

MindCal is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us so we can delete it.

10. International Data Transfers

Our primary infrastructure is located in Canada (AWS ca-central-1). Some third-party services may process data in other jurisdictions. By using the Service, you consent to the transfer of your data to Canada and other jurisdictions where our service providers operate, subject to appropriate data protection safeguards.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

• Email: privacy@mindcal.ai
• Data Controller: Keith Meyer