Privacy Policy

Mindwand ("Mindwand", "we", "us", or "our") operates mindwand.com and provides AI literacy courses and learning tools (the "Service"). We are the data controller for personal data collected through the Service.

For privacy-related inquiries, contact us at support@mindwand.com.

We collect information you provide directly and information generated automatically when you use the Service.

Information you provide:

• Account information: name, email address, and password when you register.
• Profile information: optional details such as your learning goals or experience level.
• Payment information: billing details processed by our payment provider (we do not store full card numbers).
• Communications: messages you send us via email or support channels.

Information collected automatically:

• Usage data: lessons viewed, quiz responses, progress, and time spent on the platform.
• Device and browser information: IP address, browser type, operating system, and referring URL.
• Cookies and similar technologies (see Section 5).

We use your data to:

• Create and manage your account and provide access to courses.
• Track your learning progress and personalise your experience.
• Process subscription payments and send receipts.
• Send you product updates, course recommendations, and promotional offers (you can opt out at any time).
• Respond to support requests and improve the Service.
• Comply with legal obligations and enforce our Terms of Service.
• Detect and prevent fraud or abuse.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

If you are in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Contract performance: to provide the Service you signed up for.
• Legitimate interests: to improve the platform, prevent fraud, and communicate relevant updates.
• Legal obligation: to comply with applicable laws.
• Consent: for marketing communications (you may withdraw consent at any time).

We use cookies and similar tracking technologies to operate the Service and understand how users interact with it.

• Essential cookies: required for authentication and core functionality. Cannot be disabled.
• Analytics cookies: help us understand usage patterns (e.g., which lessons are most popular). We use privacy-respecting analytics tools.
• Preference cookies: remember your settings such as display preferences.

You can manage cookie preferences through your browser settings. Disabling analytics cookies does not affect your ability to use the Service.

We share data with a limited set of third-party providers who help us operate the Service. These providers are contractually required to protect your data and may only use it to perform services on our behalf.

• Supabase: database and authentication infrastructure.
• Stripe: payment processing. Stripe's privacy policy governs their handling of your payment data.
• OpenAI and other AI providers: we use third-party large-language-model APIs to power in-product AI features such as the AI mentor chat and feedback on your exercises. When you interact with these features, we send the AI provider only the lesson prompt, the question or exercise you are working on, and the text you have typed in response. We do not send your name, email address, payment details, or any other account identifier to the AI provider. AI providers process this content under their own terms (for example, OpenAI's API data policy commits to not training their models on API inputs by default).
• Email delivery providers: for transactional emails such as receipts and password resets.
• Analytics services: to measure platform performance and usage trends.

We do not share your data with advertisers or data brokers.

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal or financial compliance purposes (e.g., billing records for up to 7 years).

Anonymised or aggregated data may be retained indefinitely for analytics and service improvement.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to correct inaccurate or incomplete data.
• Deletion: request deletion of your personal data ("right to be forgotten").
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Restriction: request that we limit how we use your data.
• Withdraw consent: unsubscribe from marketing at any time via the link in any email we send.

California residents — CCPA / CPRA

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what personal information we collect, the right to correct it, the right to delete it, the right to limit use of sensitive personal information, and the right to opt out of the "sale" or "sharing" of personal information as those terms are defined under California law.

We do not sell personal information for money. However, California's definition of "sale" and "sharing" is broader than money-for-data and can include disclosing identifiers to advertising platforms (such as Meta and Google) for the purpose of targeted advertising. If we engage in any such disclosure, we treat it as a "sale"/"share" for CCPA purposes and offer you the right to opt out.

To opt out of sale/sharing, exercise other California privacy rights, or for the full list of categories of personal information we have collected, disclosed, or shared in the past twelve months, visit our Your Privacy Choices page or email support@mindwand.com. We will honour valid Global Privacy Control (GPC) browser signals as an opt-out request where required.

To exercise any of the above rights, email support@mindwand.com.

The Service is intended for users aged 16 and older, consistent with our Terms & Conditions. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact support@mindwand.com and we will delete it promptly.

Users between 16 and 18 must have parental or guardian consent to use the Service.

We take reasonable technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews. However, no system is 100% secure. You are responsible for keeping your account credentials safe.

If you believe your account has been compromised, contact us immediately at support@mindwand.com.

Mindwand operates globally. Your data may be transferred to and processed in countries outside your own, including the United States. Where required by law, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses for transfers from the EEA) to protect your data.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service before the change takes effect. The "Last Revised" date at the top reflects the most recent update.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

If you have questions, requests, or complaints about this Privacy Policy, please contact us:

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.