Privacy Policy

MindWand ("MindWand", "we", "us", or "our") operates mindwand.com and provides AI literacy courses and learning tools (the "Service"). We are the data controller for personal data collected through the Service.

For privacy-related inquiries, contact us at privacy@mindwand.com.

We collect information you provide directly and information generated automatically when you use the Service.

Information you provide:

• Account information: name, email address, and password when you register.
• Profile information: optional details such as your learning goals or experience level.
• Payment information: billing details processed by our payment provider (we do not store full card numbers).
• Communications: messages you send us via email or support channels.

Information collected automatically:

• Usage data: lessons viewed, quiz responses, progress, and time spent on the platform.
• Device and browser information: IP address, browser type, operating system, and referring URL.
• Cookies and similar technologies (see Section 5).

We use your data to:

• Create and manage your account and provide access to courses.
• Track your learning progress and personalise your experience.
• Process subscription payments and send receipts.
• Send you product updates, course recommendations, and promotional offers (you can opt out at any time).
• Respond to support requests and improve the Service.
• Comply with legal obligations and enforce our Terms of Service.
• Detect and prevent fraud or abuse.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

If you are in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Contract performance: to provide the Service you signed up for.
• Legitimate interests: to improve the platform, prevent fraud, and communicate relevant updates.
• Legal obligation: to comply with applicable laws.
• Consent: for marketing communications (you may withdraw consent at any time).

We use cookies and similar tracking technologies to operate the Service and understand how users interact with it.

• Essential cookies: required for authentication and core functionality. Cannot be disabled.
• Analytics cookies: help us understand usage patterns (e.g., which lessons are most popular). We use privacy-respecting analytics tools.
• Preference cookies: remember your settings such as display preferences.

You can manage cookie preferences through your browser settings. Disabling analytics cookies does not affect your ability to use the Service.

We share data with a limited set of third-party providers who help us operate the Service. These providers are contractually required to protect your data and may only use it to perform services on our behalf.

• Supabase: database and authentication infrastructure.
• Stripe: payment processing. Stripe's privacy policy governs their handling of your payment data.
• OpenAI / AI providers: powering AI features in the platform. We do not include personally identifiable data in AI requests where avoidable.
• Email delivery providers: for transactional emails such as receipts and password resets.
• Analytics services: to measure platform performance and usage trends.

We do not share your data with advertisers or data brokers.

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal or financial compliance purposes (e.g., billing records for up to 7 years).

Anonymised or aggregated data may be retained indefinitely for analytics and service improvement.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to correct inaccurate or incomplete data.
• Deletion: request deletion of your personal data ("right to be forgotten").
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Restriction: request that we limit how we use your data.
• Withdraw consent: unsubscribe from marketing at any time via the link in any email we send.

California residents have additional rights under CCPA, including the right to know what data is collected, the right to delete, and the right to opt out of the sale of personal data (we do not sell personal data). To exercise any rights, email privacy@mindwand.com.

The Service is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact privacy@mindwand.com and we will delete it promptly.

Users between 13 and 18 must have parental or guardian consent to use the Service.

We take reasonable technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews. However, no system is 100% secure. You are responsible for keeping your account credentials safe.

If you believe your account has been compromised, contact us immediately at privacy@mindwand.com.

MindWand operates globally. Your data may be transferred to and processed in countries outside your own, including the United States. Where required by law, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses for transfers from the EEA) to protect your data.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service before the change takes effect. The "Last Revised" date at the top reflects the most recent update.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

If you have questions, requests, or complaints about this Privacy Policy, please contact us:

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.