MindClick Privacy Policy

Effective Date: August 13, 2025

Legal Entity: MindClick LLP (“MindClick”, “we”, “us”, “our”)

Contact: contact@mindclick.ai or legal@mindclick.ai

Plain-English Summary (for the busy):

  • We analyze your keystroke dynamics (your typing rhythm and timing) when you type a short, specific sentence that we provide to you in the app.
  • We do not analyze or see what you type in any other context.
  • We process sensitive inferences about wellbeing from this data, but only with your consent.
  • No third-party advertising, no selling of personal data, and no cross-app tracking.
  • You can export or delete your data at any time via in-app controls or by emailing us.
  • Our insights are informational and not medical advice.

1) Scope

This Privacy Policy explains how we collect, use, disclose, and protect information when you use the MindClick website (mindclick.ai), mobile/desktop apps, SDKs, browser extensions, and related services (collectively, the “Services”). If you use MindClick under a business contract (e.g., through your employer), see Section 14 (Enterprise & B2B).

2) Information We Collect

We focus on data minimization and collect only what we need to operate the Services.

2.1 Account & Contact Information

Name, email address, password hash, preferences, and communications (e.g., support requests).

2.2 Keystroke Dynamics (Behavioral Biometrics)

What we capture: Our data collection is limited to guided "check-in" sessions. The app will prompt you to type a short, specific sentence. During this activity, we capture event timings (press/release), inter-key intervals, error/correction rates, and other non-content features about how you type that sentence.

What we do not capture: We do not monitor your general typing. We do not capture the content of what you type (no words, sentences, or messages) outside of the specific, non-personal sentence we provide for the analysis.

2.3 Device & Usage

Device identifiers (random app instance ID), app version, OS, language, region, IP-derived coarse location, diagnostics (crash logs, performance metrics), and interaction events necessary to operate, secure, and improve the Services.

2.4 Inferences

From the signals above we generate non-clinical wellbeing indicators (e.g., stress/alertness patterns). These are inferences and may be deemed “sensitive” under certain laws.

2.5 Payment & Subscriptions

If purchases occur via Apple In-App Purchase, Apple is the merchant of record; we receive only limited transaction metadata (e.g., receipt token) and do not receive full card data.

2.6 Cookies & Local Storage (Web)

  • Strictly necessary cookies (session/security).
  • Optional analytics cookies only with your consent (see Section 7).

3) Why We Use Your Information (Purposes)

  • Provide the Services: authentication, core functionality (running guided check-ins), model inference, synchronization.
  • Improve & develop: quality, safety, and performance; model training and evaluation with de-identified or aggregated data where feasible.
  • Analytics: usage trends, product decisions; configured to avoid identifying you when possible.
  • Security & integrity: fraud prevention, abuse detection, incident response.
  • Legal & compliance: enforce terms, comply with law, protect rights and safety.
  • With your consent: any additional purpose you authorize.

4) Legal Bases (EEA/UK/Swiss users)

  • Contract: to provide the Services you request.
  • Legitimate interests: ensuring security, combating abuse, and improving the Services (balanced against your rights).
  • Consent: where required (e.g., analytics cookies; processing of sensitive inferences).
  • Legal obligation: compliance with record-keeping or court orders.

5) Sensitive Data & Consent

Keystroke dynamics can be considered biometric identifiers. We process sensitive inferences (e.g., stress proxies) only with your explicit consent where required. You can withdraw consent at any time in app settings or by contacting us.

6) How We Share Information

  • Service providers: cloud infrastructure, analytics (with safeguards), support tools bound by contract.
  • Enterprise customers: if you use MindClick under an enterprise plan, aggregated or organizational-level insights may be shared with your organization subject to contractual controls.
  • Legal reasons: to comply with law or protect rights, safety, and property.
  • Business transfers: in the event of a merger, acquisition, or asset sale.
  • With your consent: when you ask us to share specific data (e.g., sending insights to a coach).

7) Analytics & Cookies

We limit analytics to respect privacy:

  • No third-party advertising cookies.
  • Optional privacy-preserving analytics (e.g., Plausible, self-hosted) to understand aggregate usage. Disabled by default where required.
  • Crash/diagnostic reports processed via privacy-respecting tooling.

8) Data Retention

  • Session timings: stored temporarily for inference, typically less than 12 hours.
  • Derived insights: retained to provide history and trends, until you delete your account or as required by law.
  • Account information: kept while your account is active and for a limited period after closure to comply with legal or accounting obligations.

9) Security

We use encryption in transit and at rest. Access to production data is restricted to personnel with a legitimate need. We undergo regular security reviews and follow a defense-in-depth approach.

10) International Transfers

We operate globally. When data is transferred outside your region, we use safeguards such as Standard Contractual Clauses (SCCs) or rely on adequacy decisions.

11) Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, restrict, or port your data, and to object to certain processing or withdraw consent.

  • EEA/UK/Swiss: you may lodge a complaint with your Data Protection Authority.
  • US (e.g., California): rights to know, delete, correct; opt-out of “sale”/“sharing”; limit use of sensitive personal information. MindClick does not sell personal information.

Exercise rights via in-app controls or email: contact@mindclick.ai or legal@mindclick.ai.

12) Your Controls

  • Data export & deletion: available in-app or by request.
  • Analytics & cookies: opt-in/opt-out controls where required.
  • Notifications: control in app OS settings and in-app preferences.

13) Children

The Services are not for children under 13 (or the minimum age required in your country). For EEA/UK users between 13-16, we rely on parental/guardian consent where required. We do not knowingly collect data from children; contact us to remove such data.

14) Enterprise & B2B

For organizational customers, MindClick typically acts as a processor to the customer (controller), governed by a Data Processing Addendum (“DPA”). This Policy applies where MindClick acts as a controller (e.g., direct-to-consumer app).

15) Automated Decision-Making

MindClick does not make decisions with legal or similarly significant effects based solely on automated processing. Our indicators are informational only and should not be used as a substitute for professional advice.

16) Changes to This Policy

We will update this Policy from time to time. Changes are effective when posted, with the “Effective Date” updated above. Substantive changes will be communicated via the app or email when appropriate.

17) Contact Us

MindClick LLP
contact@mindclick.ai or legal@mindclick.ai

If required by law, we will designate an EU/UK representative and/or Data Protection Officer and update this Policy accordingly.

MindClick Privacy Policy