Privacy at Mindbuddy

Privacy at Mindbuddy

Mindbuddy aims to help young athletes with mental training through our digital services. Privacy is extremely important to us as a company, and we work hard to build products that we are proud of.

To meet both your and our own expectations, we have written a privacy policy and created privacy settings that give you full control over how we use your data.

All our collection and use of personal data is subject to relevant data protection regulations, including the EU's General Data Protection Regulation (GDPR). We consider compliance with these regulations as a minimum and will always strive to exceed this baseline regarding the ethical and sensible use of your data.


About this Policy

Mindbuddy's privacy policy explains how the information you share with us and the data you store with us is used and protected.

When we talk about "services," we mean our websites and apps, as well as any other websites and activities we do as part of our customer relationship that are covered by this same policy.

Simply put: When you use our services, you share some information with us. We want to be completely transparent about what we know about you, how we use that information, who we share it with, and the choices you have to control, change, and access it.

We have written this privacy policy to:

  • Show what we do to protect and respect your privacy

  • Explain how we collect, use, and store your personal data

  • Provide you with information about your rights


We do our best to explain all of this in an understandable way and keep the information free of complicated legal jargon. If you still have questions, you can contact us at privacy@mindbuddy.com.


Data Collection

What Do We Collect?

We collect personal data in the following categories:

  • Basic personal details (name, email, phone number, date of birth).

  • Usage data (navigation within the app, training activities, evaluations, goals, and progression).

  • Self-reported sleep, energy levels, mood, training diaries.

  • Match participation details (match time, opponents).

  • Technical information about devices and software used.

  • Communications with customer support.

  • Recruitment program information.

  • User settings, preferences, and customization.

  • Payment information processed via Apple or Google.


How We Collect Data

The data we collect about you depends on which parts of our services you use, whether you use the app or provide data in other contexts. We collect personal data such as:

  • You provide to us, for example, when you register a user account, subscribe to our newsletters, provide product feedback, or contact us with questions

  • Automatically recorded when you use the service, such as when you visit our website or app

  • We receive from other sources, such as when you use a subscription from your club/organization or when you use a service like Vipps or Apple Pay to pay for the service

  • We receive from partners when you come to Mindbuddy through one of our partners


You are not obliged to provide personal data to us, but if you choose not to, we cannot provide our services to you. Some examples of this could be that we cannot store your information if you do not create a user, that we cannot collect payment if we do not have your payment information, or that we cannot respond to inquiries without an email address or phone number.


Personal Data of Children

In line with our terms of service, you must be over 13 years old to create an account with us.


How We Use Data

Providing Services: We process your data to be able to offer you the services in our app. This includes:

  • Creating and managing your personal user account.

  • Offering and customizing digital services such as mental training guidance, evaluations, training programs, and goal setting.

  • Enforcing age restrictions, such as ensuring that users under 13 do not have access to the app.

  • Providing a user-friendly and secure service by customizing the functionality to the devices and software you use.

  • Communicating with you about important updates related to training programs, goal achievement, or other aspects of your use of the app.

  • Offering customer support, troubleshooting, and handling complaints to ensure you get the best possible experience.

  • Managing recruitment programs by tracking referrals and awarding rewards.

Development and Analysis: We process your data to better understand your needs and to improve and develop our services. This includes:

  • Analyzing usage patterns to optimize our services, for example, by looking at how you use the app, training history, and completion of mental training programs.

  • Conducting user surveys and collecting feedback to improve functionality and experience in the app.

  • Performing technical analyses to identify and fix any issues you may encounter.

Customized Experience: To provide you with a personalized experience in the app, we use your data to:

  • Customize training programs and recommendations based on your goals, evaluations, and preferences.

  • Provide you with personalized content, such as specific mental training exercises, based on your challenges and progress.

  • Optimize the user interface to make navigation in the app easier and more relevant for you.

Security and Prevention of Abuse: We process your data to ensure that the service is safe to use, and to detect and prevent misuse or fraud. This includes:

  • Monitoring activity in the app to protect against unauthorized access or use of the service.

  • Taking measures to prevent the service from being used in a way that could harm you or other users.

Compliance with Laws and Regulations: We process personal data to comply with applicable laws and regulations, including age verification and privacy requirements.

Other Purposes with Your Consent: We may process your personal data for other purposes, but only if you have given us your consent. For example, this may be to participate in special surveys or receive newsletters.


Data Protection

We use comprehensive security measures, including:

  • Encryption (AES-256 standard) for stored data, TLS for data transmission.

  • Role-based access control and Row-Level Security (RLS).

  • Regular data backups and separate environments for development/testing.

  • Staff training in data security and privacy procedures.

  • Minimization of data.


Data Sharing and Sub-processors

We collaborate with the following subprocessors:

  • Supabase/Amazon Web Services (Germany/EU) for infrastructure.

  • RevenueCat, OneSignal, Resend, Google (Firebase), Branch, Sentry, OpenAI (all in the USA), with pseudonymized data processing.


Data transfers outside the EU/EEA follow strict procedures using standard contractual clauses ensuring compliance with GDPR.


How Long Do We Retain Your Personal Data?

Your data is stored as long as necessary or legally required. You can delete your data via your account, and data is automatically deleted after service termination, except when required for legal compliance or reactivation purposes. If your account is inactive, we will delete your data after one year.


How We Handle Security Incidents or Breaches

In the event of a security incident or breach of personal data protection, we will notify the relevant data protection authority as soon as possible, and no later than 72 hours after we become aware of it, unless it is unlikely that the breach will negatively affect the rights and freedoms of our users.


Your Rights

You always have the right to:

  • Know What Information We Have About You This is known as the "right to access." You have the right to know what personal data we process and how we process it. You can see an overview of most of the data we have about you in your Mindbuddy account. If you want access to all your personal data, you can contact us, and we will provide it to you.

  • Correct Any Incorrect Information This is known as the "right to rectification." It is important that the information we have about you is correct. If it is not, you have the right to request that we correct it. You can change or correct most personal data in your Mindbuddy account. If you find any errors that you cannot correct yourself, you can contact us.

  • Change How We Process Your Data This is known as the "right to restrict processing" or "right to object to data processing." You have the right to object to the processing of your personal data that is based on our legitimate interests. You can do this by contacting us directly.

  • Receive Your Data in a Readable Format This is known as the "right to data portability." You have the right to receive the personal data we have about you in a structured, commonly used, and machine-readable format. If you want this type of data, you can contact us.

  • Withdraw Your Consent This is known as the "right to withdraw." You have the right to withdraw your consent to us processing your data in cases where consent is the reason we process it. Since we cannot provide our service without processing your data, withdrawing consent is the same as terminating the service.

  • Be Forgotten This is sometimes referred to as the "right to erasure" and means that you can always delete your user data or account with us. We automatically delete personal data when it is no longer needed, but you can also request that we delete your personal data by deleting your user account. In such a case, your personal data will be deleted within 30 days, except for data we are required to retain for other reasons (e.g., to comply with accounting regulations). You can request the closure and deletion of your user account at privacy@mindbuddy.com or in the app.

  • Submit a Complaint to Your Local Data Protection Authority If you believe that the way we process personal data does not comply with what we have described here, or that we are violating privacy laws, you can also contact your local data protection authority directly. You can find information on how to contact your local data protection authority on their website.


Cookies and Tracking

Currently, we do not use cookies in our app. However, we collect data about usage patterns, click behavior, and other interactions in the app. This information helps us understand how our users utilize the services and provides us with insights that we use to improve and develop the app further. Our goal is to ensure that the app provides the best possible experience for all users.


Changes to This Policy

When you register an account with us, you agree to the content of the policy and take responsibility for familiarizing yourself with it. Our latest privacy policy is always available on our website, and we always provide the date of the last change. We may update our privacy policy when changes are made to legislation or our practices, or when necessary for other reasons. We will share information about any other significant changes, effective from the time and date of such a change.


Contact

For questions or concerns about your privacy, please contact us at privacy@mindbuddy.com.

Mindbuddy aims to help young athletes with mental training through our digital services. Privacy is extremely important to us as a company, and we work hard to build products that we are proud of.

To meet both your and our own expectations, we have written a privacy policy and created privacy settings that give you full control over how we use your data.

All our collection and use of personal data is subject to relevant data protection regulations, including the EU's General Data Protection Regulation (GDPR). We consider compliance with these regulations as a minimum and will always strive to exceed this baseline regarding the ethical and sensible use of your data.


About this Policy

Mindbuddy's privacy policy explains how the information you share with us and the data you store with us is used and protected.

When we talk about "services," we mean our websites and apps, as well as any other websites and activities we do as part of our customer relationship that are covered by this same policy.

Simply put: When you use our services, you share some information with us. We want to be completely transparent about what we know about you, how we use that information, who we share it with, and the choices you have to control, change, and access it.

We have written this privacy policy to:

  • Show what we do to protect and respect your privacy

  • Explain how we collect, use, and store your personal data

  • Provide you with information about your rights


We do our best to explain all of this in an understandable way and keep the information free of complicated legal jargon. If you still have questions, you can contact us at privacy@mindbuddy.com.


Data Collection

What Do We Collect?

We collect personal data in the following categories:

  • Basic personal details (name, email, phone number, date of birth).

  • Usage data (navigation within the app, training activities, evaluations, goals, and progression).

  • Self-reported sleep, energy levels, mood, training diaries.

  • Match participation details (match time, opponents).

  • Technical information about devices and software used.

  • Communications with customer support.

  • Recruitment program information.

  • User settings, preferences, and customization.

  • Payment information processed via Apple or Google.



How We Collect Data

The data we collect about you depends on which parts of our services you use, whether you use the app or provide data in other contexts. We collect personal data such as:

  • You provide to us, for example, when you register a user account, subscribe to our newsletters, provide product feedback, or contact us with questions

  • Automatically recorded when you use the service, such as when you visit our website or app

  • We receive from other sources, such as when you use a subscription from your club/organization or when you use a service like Vipps or Apple Pay to pay for the service

  • We receive from partners when you come to Mindbuddy through one of our partners

You are not obliged to provide personal data to us, but if you choose not to, we cannot provide our services to you. Some examples of this could be that we cannot store your information if you do not create a user, that we cannot collect payment if we do not have your payment information, or that we cannot respond to inquiries without an email address or phone number.


Personal Data of Children

In line with our terms of service, you must be over 13 years old to create an account with us.


How We Use Data

Providing Services: We process your data to be able to offer you the services in our app. This includes:

  • Creating and managing your personal user account.

  • Offering and customizing digital services such as mental training guidance, evaluations, training programs, and goal setting.

  • Enforcing age restrictions, such as ensuring that users under 13 do not have access to the app.

  • Providing a user-friendly and secure service by customizing the functionality to the devices and software you use.

  • Communicating with you about important updates related to training programs, goal achievement, or other aspects of your use of the app.

  • Offering customer support, troubleshooting, and handling complaints to ensure you get the best possible experience.

  • Managing recruitment programs by tracking referrals and awarding rewards.

Development and Analysis: We process your data to better understand your needs and to improve and develop our services. This includes:

  • Analyzing usage patterns to optimize our services, for example, by looking at how you use the app, training history, and completion of mental training programs.

  • Conducting user surveys and collecting feedback to improve functionality and experience in the app.

  • Performing technical analyses to identify and fix any issues you may encounter.

Customized Experience: To provide you with a personalized experience in the app, we use your data to:

  • Customize training programs and recommendations based on your goals, evaluations, and preferences.

  • Provide you with personalized content, such as specific mental training exercises, based on your challenges and progress.

  • Optimize the user interface to make navigation in the app easier and more relevant for you.

Security and Prevention of Abuse: We process your data to ensure that the service is safe to use, and to detect and prevent misuse or fraud. This includes:

  • Monitoring activity in the app to protect against unauthorized access or use of the service.

  • Taking measures to prevent the service from being used in a way that could harm you or other users.

Compliance with Laws and Regulations: We process personal data to comply with applicable laws and regulations, including age verification and privacy requirements.

Other Purposes with Your Consent: We may process your personal data for other purposes, but only if you have given us your consent. For example, this may be to participate in special surveys or receive newsletters.


Data Protection

We use comprehensive security measures, including:

  • Encryption (AES-256 standard) for stored data, TLS for data transmission.

  • Role-based access control and Row-Level Security (RLS).

  • Regular data backups and separate environments for development/testing.

  • Staff training in data security and privacy procedures.

  • Minimization of data.


Data Sharing and Sub-processors

We collaborate with the following subprocessors:

Supabase/Amazon Web Services (Germany/EU) for infrastructure.

RevenueCat, OneSignal, Resend, Google (Firebase), Branch, Sentry, OpenAI (all in the USA), with pseudonymized data processing.

Data transfers outside the EU/EEA follow strict procedures using standard contractual clauses ensuring compliance with GDPR.


How Long Do We Retain Your Personal Data?

Your data is stored as long as necessary or legally required. You can delete your data via your account, and data is automatically deleted after service termination, except when required for legal compliance or reactivation purposes. If your account is inactive, we will delete your data after one year.


How We Handle Security Incidents or Breaches

In the event of a security incident or breach of personal data protection, we will notify the relevant data protection authority as soon as possible, and no later than 72 hours after we become aware of it, unless it is unlikely that the breach will negatively affect the rights and freedoms of our users.


Your Rights

You always have the right to:

  • Know What Information We Have About You This is known as the "right to access." You have the right to know what personal data we process and how we process it. You can see an overview of most of the data we have about you in your Mindbuddy account. If you want access to all your personal data, you can contact us, and we will provide it to you.

  • Correct Any Incorrect Information This is known as the "right to rectification." It is important that the information we have about you is correct. If it is not, you have the right to request that we correct it. You can change or correct most personal data in your Mindbuddy account. If you find any errors that you cannot correct yourself, you can contact us.

  • Change How We Process Your Data This is known as the "right to restrict processing" or "right to object to data processing." You have the right to object to the processing of your personal data that is based on our legitimate interests. You can do this by contacting us directly.

  • Receive Your Data in a Readable Format This is known as the "right to data portability." You have the right to receive the personal data we have about you in a structured, commonly used, and machine-readable format. If you want this type of data, you can contact us.

  • Withdraw Your Consent This is known as the "right to withdraw." You have the right to withdraw your consent to us processing your data in cases where consent is the reason we process it. Since we cannot provide our service without processing your data, withdrawing consent is the same as terminating the service.

  • Be Forgotten This is sometimes referred to as the "right to erasure" and means that you can always delete your user data or account with us. We automatically delete personal data when it is no longer needed, but you can also request that we delete your personal data by deleting your user account. In such a case, your personal data will be deleted within 30 days, except for data we are required to retain for other reasons (e.g., to comply with accounting regulations). You can request the closure and deletion of your user account at privacy@mindbuddy.com or in the app.

  • Submit a Complaint to Your Local Data Protection Authority If you believe that the way we process personal data does not comply with what we have described here, or that we are violating privacy laws, you can also contact your local data protection authority directly. You can find information on how to contact your local data protection authority on their website.


Cookies and Tracking

Currently, we do not use cookies in our app. However, we collect data about usage patterns, click behavior, and other interactions in the app. This information helps us understand how our users utilize the services and provides us with insights that we use to improve and develop the app further. Our goal is to ensure that the app provides the best possible experience for all users.



Changes to This Policy

When you register an account with us, you agree to the content of the policy and take responsibility for familiarizing yourself with it. Our latest privacy policy is always available on our website, and we always provide the date of the last change. We may update our privacy policy when changes are made to legislation or our practices, or when necessary for other reasons. We will share information about any other significant changes, effective from the time and date of such a change.


Contact

For questions or concerns about your privacy, please contact us at privacy@mindbuddy.com.