Table of Contents
1. Introduction
MindChat LLC ("MindChat," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the MindChat platform, website, and mobile application (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.
This policy should be read alongside our Terms of Service.
2. Information We Collect
Information You Provide Directly
- Account information: Name, email address, password, and organization affiliation.
- Profile information: Age, gender, and other optional demographic details you choose to provide.
- Assessment responses: Responses to validated mental health questionnaires (e.g., PHQ-9, BAI, SCAT5) entered through the platform.
- Communications: Messages or inquiries you send to us via email or contact forms.
- Payment information: Billing details processed securely through our third-party payment processor; we do not store full payment card numbers.
Information Collected Automatically
- EEG data: Brainwave readings collected via a compatible EEG headset (e.g., Muse) when you use the EEG-integrated features of the Service.
- Usage data: Pages visited, features used, session duration, click patterns, and app interaction logs.
- Device information: Device type, operating system, browser type, IP address, and unique device identifiers.
- Log data: Server logs including access times, error reports, and referring URLs.
| Data Category | Examples | Purpose |
|---|---|---|
| Identity Data | Name, email, username | Account creation and authentication |
| Health & Wellness Data | Assessment scores, EEG readings | Generating insights and monitoring trends |
| Usage Data | Session logs, feature interactions | Service improvement and analytics |
| Technical Data | IP address, browser type | Security, fraud prevention, error reporting |
| Communications Data | Support emails, contact form submissions | Customer support and follow-up |
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service.
- Generate personalized wellness monitoring insights and trend reports.
- Process payments and manage subscriptions.
- Send transactional communications such as account confirmations, password resets, and service notifications.
- Improve and develop new features through anonymized and aggregated usage analysis.
- Maintain the security and integrity of the Service.
- Comply with applicable legal obligations.
- Respond to your inquiries and provide customer support.
We do not use your health or EEG data for advertising purposes and do not sell your personal information to any third party.
4. Information Sharing & Disclosure
We may share your information only in the following limited circumstances:
Service Providers
We engage trusted third-party vendors who process data on our behalf under strict data processing agreements. These include cloud hosting providers, payment processors, and analytics platforms. These providers are contractually obligated to use your data only to provide services to MindChat and not for their own purposes.
Organizational Administrators
If you access MindChat through an organizational account (e.g., a school, clinic, or employer), your wellness reports and aggregate insights may be available to authorized administrators of that organization. We encourage you to review your organization's own privacy practices.
Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data becomes subject to a different privacy policy.
With Your Consent
We may share information for other purposes with your explicit consent.
5. Data Security
We take the security of your data seriously and implement industry-standard measures, including:
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
- Encryption at rest: Stored data — including health assessments and EEG readings — is encrypted at rest using AES-256 encryption.
- Access controls: Strict role-based access controls limit employee access to personal data to only those with a legitimate business need.
- Regular security audits: We conduct periodic security assessments and vulnerability testing.
Despite our safeguards, no method of transmission or storage is 100% secure. In the event of a data breach that affects your rights, we will notify affected users as required by applicable law.
6. HIPAA Considerations
MindChat is designed to meet the technical safeguards of the Health Insurance Portability and Accountability Act (HIPAA) where applicable. We implement:
- Unique user identification and automatic logoff controls.
- Encryption and decryption of electronic Protected Health Information (ePHI) in transit and at rest.
- Audit logs recording access to health data.
Important note: Whether HIPAA applies to a particular deployment of MindChat depends on the context of use (e.g., whether the deploying organization is a HIPAA covered entity). Organizations that are covered entities or business associates under HIPAA should contact us to establish a Business Associate Agreement (BAA). Contact: randy@mindchatapp.com.
7. Your GDPR & Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to certain legal exceptions.
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Request a machine-readable copy of your data to transfer to another service.
- Right to object: Object to processing of your data based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at randy@mindchatapp.com. We will respond within 30 days. If you are located in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.
8. Data Retention
We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy, or as required by law. Specifically:
- Account data: Retained for the duration of your account and for up to 3 years after account closure for legal and audit purposes.
- Health and wellness data: Retained for the duration of your active account. Upon account deletion, health data is permanently deleted within 90 days, except where longer retention is required by law.
- EEG data: Retained in identifiable form for the duration of the account. Aggregated and anonymized EEG data may be retained longer for research and product improvement.
- Log data: Retained for up to 12 months for security and operational purposes.
You may request early deletion of your data at any time, subject to our legal retention obligations.
9. Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website and application. This includes:
- Essential cookies: Required for the Service to function (e.g., maintaining your login session).
- Analytics cookies: Used to understand how users interact with our website to improve functionality. These may be provided by third-party analytics services.
- Preference cookies: Store your settings and preferences.
You can control cookie settings through your browser preferences. Disabling essential cookies may affect the functionality of the Service. We do not use third-party advertising or tracking cookies.
10. Third-Party Services
The Service integrates with certain third-party technologies, including EEG hardware platforms (e.g., InteraXon Muse). Your use of third-party hardware and any data collected directly by that hardware is subject to the respective manufacturer's privacy policy. MindChat only processes the data transmitted from such devices to our servers.
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.
11. Children's Privacy
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. For institutional deployments (e.g., school sports programs) involving minors, all data collection must be established and managed by an authorized adult administrator, and appropriate parental or guardian consents must be obtained by that institution.
If you believe a child under 13 has provided personal information to MindChat without appropriate consent, please contact us immediately at randy@mindchatapp.com and we will delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending notice to the email address associated with your account.
Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: randy@mindchatapp.com
- Phone: 973-723-8649
- Address: 253 Sienna Drive, Little River, SC 29566
- HIPAA/BAA inquiries: randy@mindchatapp.com