PRIVACY POLICY

Mindara

Last Updated: February 21, 2026

1. INTRODUCTION

Mindara, LLC ("Mindara," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered learning platform (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information:

  • Email address (required)
  • Name (optional)
  • Password (encrypted)

Learning Preferences and Activity:

  • Selected topics and subject areas
  • Time commitment preferences
  • Curriculum selections
  • Lesson progress and completion status
  • Learning goals and objectives
  • User-generated notes or annotations
  • Feedback on lessons and content
  • "Surprise Me" feature interactions

Payment Information (When Applicable):

  • Payment method details are processed by third-party payment processors
  • We receive only tokenized payment confirmation, not actual credit card numbers
  • Billing address may be collected for tax purposes

Communications:

  • Email correspondence with our support team
  • Survey responses
  • Feedback submissions

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical information:

Usage Data:

  • Pages or features accessed
  • Time spent on pages
  • Lesson completion rates
  • Feature utilization patterns
  • Click and navigation patterns
  • Error logs and debugging information

Device Information:

  • Device type (desktop, mobile, tablet)
  • Operating system and version
  • Browser type and version
  • Screen resolution
  • General location (country/region based on IP address, not precise geolocation)

Cookies and Similar Technologies:

  • Session cookies for authentication
  • Preference cookies for user settings
  • Analytics cookies (see Section 2.3)

2.3 Information from Third Parties

AI Service Providers: When you use the Service, your learning content and interactions may be processed by third-party AI providers including but not limited to:

  • Anthropic (Claude)
  • OpenAI (ChatGPT)
  • Google (Gemini)

These providers may process your inputs and interactions to generate personalized learning content. Each provider has its own privacy policy governing how they handle data.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

We use collected information to:

Provide and Improve the Service:

  • Create and manage your account
  • Generate personalized learning curricula
  • Track your learning progress
  • Customize content to your preferences and learning pace
  • Improve AI-generated content quality
  • Develop new features and functionalities
  • Troubleshoot technical issues

Communications:

  • Send lesson notifications (including "Surprise Me" lessons)
  • Provide customer support
  • Send service announcements and updates
  • Respond to your inquiries
  • Deliver newsletters (with your consent)

Analytics and Research:

  • Analyze usage patterns to improve the Service
  • Conduct research on learning effectiveness
  • Generate aggregated, anonymized statistics
  • Measure feature adoption and engagement

Legal and Safety:

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud and abuse
  • Ensure platform security

3.2 Aggregated and De-Identified Data

We may create aggregated, anonymized, or de-identified data from your information. This data cannot reasonably be used to identify you and may be used for:

  • Research and analytics
  • Product development
  • Marketing and promotional purposes
  • Sharing with third parties for research or business purposes

4. HOW WE SHARE YOUR INFORMATION

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

AI Content Generation:

  • Anthropic, OpenAI, and Google process your learning interactions to generate personalized content
  • Content you submit may be sent to these providers' APIs
  • Each provider operates under their own privacy policies and data practices

Infrastructure and Hosting:

  • Supabase (database and authentication services)
  • Cloud hosting providers

Email Communications:

  • Resend for transactional and marketing emails

Payment Processing (When Applicable):

  • Third-party payment processors handle payment transactions
  • We do not store complete credit card information

4.2 Legal Requirements and Protection

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of Mindara, our users, or others
  • Investigate and prevent fraud, security issues, or illegal activities

4.3 Business Transfers

If Mindara is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will provide notice and may require the acquiring party to continue protecting your information consistent with this Privacy Policy.

4.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

4.5 What We Do Not Share

We do not:

  • Sell your personal information to third parties
  • Share your learning activity or progress with third parties for their marketing purposes
  • Provide your contact information to third-party marketers without your consent

5. DATA SECURITY

5.1 Security Measures

We implement reasonable technical, administrative, and physical security measures to protect your information from unauthorized access, disclosure, alteration, or destruction, including:

Technical Safeguards:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Secure authentication mechanisms
  • Regular security assessments and updates
  • Access controls and authentication requirements

Administrative Safeguards:

  • Limited employee access to personal information
  • Confidentiality agreements with employees and contractors
  • Security awareness training
  • Incident response procedures

5.2 Limitations

While we strive to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your information. You are responsible for maintaining the security of your account credentials and should notify us immediately of any unauthorized access.

5.3 Third-Party Security

Third-party service providers (including AI providers) maintain their own security practices. We select reputable providers, but we are not responsible for their security measures or data practices.

6. DATA RETENTION AND DELETION

6.1 Retention Periods

We retain your information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

Specific Retention Periods:

  • Active Account Data: Retained while your account is active
  • Inactive Accounts: 30 days after account closure or deletion request
  • Learning History: Retained during account lifetime for progress tracking
  • Transaction Records (when applicable): 7 years for tax and accounting purposes
  • Communications: Retained for customer service quality and legal compliance
  • Aggregated Data: May be retained indefinitely as it cannot identify you

6.2 Account Deletion

You may request deletion of your account at any time by:

  • Using the account deletion feature in your account settings
  • Contacting us at privacy@meetmindara.com

Deletion Process:

  • We will initiate deletion within 30 days of your request
  • Some information may be retained in backup systems for up to 30 additional days
  • Certain information may be retained longer to comply with legal obligations

6.3 Data Deletion Exceptions

Even after deletion, we may retain:

  • Information required by law (e.g., transaction records)
  • Aggregated or anonymized data that cannot identify you
  • Information necessary to resolve disputes or enforce agreements
  • Backup copies for disaster recovery (automatically purged within 30 days)

6.4 Third-Party Data Retention

Third-party service providers (including AI providers) maintain their own data retention policies. We encourage you to review their privacy policies to understand how long they retain data.

7. YOUR PRIVACY RIGHTS

7.1 Access and Correction

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Update your account information through your account settings

7.2 Deletion

You may request deletion of your personal information (see Section 6.2 for details and limitations).

7.3 Data Portability

You may request a copy of your personal information in a structured, commonly used, and machine-readable format by contacting us at privacy@meetmindara.com.

7.4 Marketing Communications

You may opt out of marketing emails by:

  • Clicking the "unsubscribe" link in any marketing email
  • Adjusting your communication preferences in account settings
  • Contacting us at privacy@meetmindara.com

Note: You cannot opt out of essential service communications (e.g., security alerts, account notifications).

7.5 Cookie Management

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may limit your ability to use some features of the Service.

7.6 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (subject to exceptions)
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@meetmindara.com

7.7 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your information based on:

  • Performance of contract (providing the Service)
  • Legitimate interests (improving the Service, security)
  • Consent (marketing communications, optional features)
  • Legal obligations (compliance with applicable laws)

7.8 Exercising Your Rights

To exercise any privacy rights, contact us at:

  • Email: privacy@meetmindara.com

We will respond to verified requests within 30 days (or as required by applicable law).

8. CHILDREN'S PRIVACY

8.1 Age Restrictions

The Service is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13.

8.2 Parental Consent

Users between 13 and 18 years of age should obtain parental or guardian consent before using the Service.

8.3 COPPA Compliance

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.

8.4 Parental Rights

Parents or guardians who believe their child under 13 has provided personal information may contact us at privacy@meetmindara.com to request deletion.

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Location

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction.

9.2 Safeguards

When we transfer data internationally, we implement appropriate safeguards to protect your information, which may include:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by applicable regulatory bodies
  • Other lawful transfer mechanisms

9.3 Consent

By using the Service, you consent to the transfer of your information to countries outside your country of residence.

10. THIRD-PARTY LINKS AND SERVICES

10.1 External Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

10.2 Third-Party AI Providers

Our Service relies on third-party AI providers (Anthropic, OpenAI, Google). Your interactions with the Service involve data processing by these providers under their respective privacy policies:

  • Anthropic Privacy Policy: https://www.anthropic.com/privacy
  • OpenAI Privacy Policy: https://openai.com/privacy
  • Google Privacy Policy: https://policies.google.com/privacy

We encourage you to review these policies to understand how these providers handle your data.

11. UPDATES TO THIS PRIVACY POLICY

11.1 Right to Modify

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

11.2 Notification of Changes

When we make material changes to this Privacy Policy, we will:

  • Update the "Last Updated" date at the top of this policy
  • Post the revised policy on the Service
  • Send email notification to registered users (for material changes)

11.3 Continued Use

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

11.4 Version History

Previous versions of this Privacy Policy will be archived and available upon request.

12. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries:

Email: privacy@meetmindara.com

General Support:

Email: support@meetmindara.com

Response Time:

We will respond to privacy inquiries within 30 days (or as required by applicable law).

13. SPECIFIC DISCLOSURES

13.1 California "Shine the Light" Law

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not currently share personal information with third parties for their direct marketing purposes.

13.2 Nevada Privacy Rights

Nevada residents may opt out of the sale of personal information. We do not currently sell personal information as defined by Nevada law.

13.3 Do Not Track Signals

Our Service does not currently respond to "Do Not Track" browser signals or similar mechanisms.

ACKNOWLEDGMENT

By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

NOTES FOR ATTORNEY REVIEW:

Priority areas for legal review:

  1. COPPA Compliance: Section 8 - verify age gate implementation and parental consent mechanisms
  2. GDPR Adequacy: Section 7.7 - confirm legal bases for processing are comprehensive
  3. AI Provider Data Sharing: Sections 4.1 and 10.2 - ensure transparency regarding AI processing
  4. International Transfers: Section 9 - confirm appropriate transfer mechanisms in place
  5. Children's Privacy: Section 8 - strengthen if accepting users under 18
  6. California Privacy Rights: Section 7.6 - verify CCPA compliance for all categories

Suggested additions:

  • Specific data processing agreements with AI providers
  • Privacy Shield or alternative adequacy framework references if targeting EU
  • Biometric data provisions if future features involve biometrics
  • Sensitive personal information categories (if collected)
  • Automated decision-making disclosures (AI-driven content personalization)
  • Data breach notification procedures
  • Privacy impact assessments for high-risk processing

Integration requirements:

  • Ensure alignment with Terms of Service Sections 8 and 9
  • Cross-reference Data Retention Policy for consistency
  • Verify email addresses match across all documents
  • Confirm third-party provider list is current and complete
  • Add specific analytics provider names when finalized
  • Update contact information before publication

Technical implementation checklist:

  • Cookie consent banner for EU users
  • Privacy settings dashboard in user account
  • Data export functionality for portability requests
  • Account deletion workflow with 30-day retention
  • Opt-out mechanisms for marketing communications
  • Age verification at registration
  • Privacy policy version control system