Mindly – Privacy Policy

Last updated: October 3rd, 2025

Section A: Quick Guide (Plain English)

We know privacy policies can be long. Here’s the short version:

• Who we are. Mindly is operated by Dripgrind Oy, based in Finland.
• What we collect. Account info, your maps & notes, technical info (device, IP), and usage data.
• Why we collect it. To run and improve Mindly, sync maps, enable sharing, manage subscriptions, communicate updates, and (only if you opt in) send marketing.
• Who we share with. Amazon Web Services (AWS) – hosting, Firebase/Google/Apple – authentication, RevenueCat – subscriptions, Amplitude & Piwik – analytics. We don’t run ads and we don’t sell your data.
• International transfers. Sometimes your data is processed outside the EU (for example, in the United States). When this happens, we use Standard Contractual Clauses (SCCs) and safeguards like encryption to protect it.
• Your rights. Access, export, correct, or delete your data; opt out of marketing; object to certain processing; and file a complaint.
• How long we keep it. Until you delete your account. Backups may remain for up to 60 days.
• Security. Encryption in transit and at rest, secure AWS data centers.
• Age limit. You must be 16 or older to use Mindly.
• Updates. We publish changes on our website; major changes are also emailed to you.

Questions? contact@dripgrind.com

Section B: Full Privacy Policy (Legal Version)

1. Introduction

This Privacy Policy explains how Dripgrind Oy (“we,” “our,” or “us”) collects, uses, shares, and protects your personal data when you use the Mindly application on iOS, Android, or Web (“Mindly” or “the Service”).

2. Data Controller & Contact Information

Dripgrind Oy
Satakunnankatu 12 A10
33100 Tampere, Finland
Email: contact@dripgrind.com
Data Protection Officer: Jaakko Rantanen

3. Categories of Personal Data Collected

• Account Information: name, email address, login method (magic link, Google Sign-In, or Apple Sign-In), and profile photo.
• Content Data: mind maps, attachments, and other content you create or upload.
• Usage Data: information on how you use Mindly (feature interactions and in-app events).
• Technical Data: device type, operating system, IP address, unique identifiers, and crash/diagnostic data.
• Payment Data: processed by Apple App Store and Google Play; we do not store payment card details.
• Sensitive Data: you may choose to enter personal or sensitive information in your maps; we do not control such input.

4. Purposes and Legal Bases for Processing

• Provide and maintain the Service (GDPR Art. 6(1)(b) – contract necessity).
• Manage accounts and subscriptions (GDPR Art. 6(1)(b)).
• Enable sharing and collaboration (GDPR Art. 6(1)(b)).
• Improve and optimize the Service (GDPR Art. 6(1)(f) – legitimate interests).
• Communicate service updates (GDPR Art. 6(1)(b) and 6(1)(c) where legally required).
• Send marketing communications with consent (GDPR Art. 6(1)(a)).
• Enforce terms of service and moderate content (GDPR Art. 6(1)(f)).
• Comply with legal obligations (GDPR Art. 6(1)(c)).

5. Third-Party Service Providers

• Amazon Web Services (AWS) – hosting and storage.
• Firebase Authentication, Google Sign-In, Apple Sign-In – authentication.
• RevenueCat – subscription management.
• Amplitude – analytics (using hashed identifiers).
• Piwik – website analytics.

We do not sell personal data and we do not use advertising networks.

6. International Data Transfers

Some service providers may process data outside the European Economic Area (EEA), including in the United States. Where such transfers occur, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and implement additional safeguards, such as encryption and access controls.

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, we delete or anonymize your data from active systems. Backup copies may be retained for up to 60 days for technical and security reasons, after which they are deleted in the ordinary course of business.

8. Security of Data

We use industry-standard measures to protect personal data, including:

• Encryption in transit (TLS/HTTPS) and encryption at rest (e.g., AES-256 in AWS).
• Role-based access controls to limit staff access to authorized personnel only.
• Secure cloud infrastructure in AWS data centers (e.g., ISO 27001 certified).
• Monitoring and logging to detect suspicious activity.

While we strive to use commercially reasonable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure.

9. User Rights

Depending on your jurisdiction (e.g., EU/EEA under GDPR, California under CCPA/CPRA, Brazil under LGPD), you may have the right to:

• Access your personal data.
• Correct inaccurate or incomplete data.
• Delete your personal data (“right to be forgotten”).
• Data export / portability. You can request a copy of your personal data in a structured, machine-readable format. This export may not be directly compatible with other software. We comply with the GDPR right to data portability to the extent applicable.
• Restrict or object to certain processing activities.
• Withdraw consent (e.g., for marketing communications) at any time, without affecting prior processing.
• Non-discrimination for exercising rights (where applicable, e.g., CCPA/CPRA).
• Complain to a data protection authority in your country or region.

To exercise your rights, contact us at contact@dripgrind.com. We will respond in accordance with applicable law.

10. Marketing Communications

If you opt in, we may send you marketing emails. You can opt out at any time by clicking the unsubscribe link in our emails or by contacting us at contact@dripgrind.com.

11. Children’s Privacy

Mindly is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If we learn that we have collected such data, we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website with a revised “Last updated” date. For material changes, we will also notify registered users by email.

13. Contact

If you have questions or wish to exercise your rights, contact:

Dripgrind Oy
Satakunnankatu 12 A10, 33100 Tampere, Finland
Email: contact@dripgrind.com