Privacy at Mindbuddy
Privacy at Mindbuddy
Last updated: 29.05.2025
Mindbuddy aims to help young athletes with mental training through our digital services. Privacy is extremely important to us as a company, and we work hard to build products that we are proud of.
To meet both your and our own expectations, we have written a privacy policy and created privacy settings that give you full control over how we use your data.
All our collection and use of personal data is subject to relevant data protection regulations, including the EU's General Data Protection Regulation (GDPR). We consider compliance with these regulations as a minimum and will always strive to exceed this baseline regarding the ethical and sensible use of your data.
We process your data based on your consent (for sharing with your club), the agreement between us (to provide the service), or our legitimate interest (for security and service improvement)
About this Policy
Mindbuddy's privacy policy explains how the information you share with us and the data you store with us is used and protected.
When we talk about "services," we mean our websites and apps, as well as any other websites and activities we do as part of our customer relationship that are covered by this same policy.
Simply put: When you use our services, you share some information with us. We want to be completely transparent about what we know about you, how we use that information, who we share it with, and the choices you have to control, change, and access it.
We have written this privacy policy to:
Show what we do to protect and respect your privacy
Explain how we collect, use, and store your personal data
Provide you with information about your rights
We do our best to explain all of this in an understandable way and keep the information free of complicated legal jargon. If you still have questions, you can contact us at privacy@mindbuddy.com.
Data Collection
What Do We Collect?
We collect personal data in the following categories:
Basic personal details (name, email, phone number, date of birth).
Usage data (navigation within the app, training activities, evaluations, goals, and progression).
Self-reported sleep, energy levels, mood, training diaries.
Match participation details (match time, opponents).
Technical information about devices and software used.
Communications with customer support.
Recruitment program information.
User settings, preferences, and customization.
Payment information processed via Apple or Google.
We do not collect or process sensitive health data, such as information about injuries, illnesses, or diagnoses, unless you are separately asked for such information and have given explicit consent. Data such as sleep, mood, energy, and training readiness are considered wellness information and not sensitive health data.
How We Collect Data
The data we collect about you depends on which parts of our services you use, whether you use the app or provide data in other contexts. We collect personal data such as:
You provide to us, for example, when you register a user account, subscribe to our newsletters, provide product feedback, or contact us with questions
Automatically recorded when you use the service, such as when you visit our website or app
We receive from other sources, such as when you use a subscription from your club/organization or when you use a service like Vipps or Apple Pay to pay for the service
We receive from partners when you come to Mindbuddy through one of our partners
You are not obliged to provide personal data to us, but if you choose not to, we cannot provide our services to you. Some examples of this could be that we cannot store your information if you do not create a user, that we cannot collect payment if we do not have your payment information, or that we cannot respond to inquiries without an email address or phone number.
Personal Data of Children
Mindbuddy is not available to users under 13 years of age. In certain countries, including Germany, the minimum age is 16 unless parental consent is provided. If you are under the age of consent in your country, you may not use Mindbuddy unless we have received verified parental consent.
How We Use Data
Providing Services: We process your data to be able to offer you the services in our app. This includes:
Creating and managing your personal user account.
Offering and customizing digital services such as mental training guidance, evaluations, training programs, and goal setting.
Enforcing age restrictions, such as ensuring that users under 13 do not have access to the app.
Providing a user-friendly and secure service by customizing the functionality to the devices and software you use.
Communicating with you about important updates related to training programs, goal achievement, or other aspects of your use of the app.
Offering customer support, troubleshooting, and handling complaints to ensure you get the best possible experience.
Managing recruitment programs by tracking referrals and awarding rewards.
Development and Analysis: We process your data to better understand your needs and to improve and develop our services. This includes:
Analyzing usage patterns to optimize our services, for example, by looking at how you use the app, training history, and completion of mental training programs.
Conducting user surveys and collecting feedback to improve functionality and experience in the app.
Performing technical analyses to identify and fix any issues you may encounter.
Customized Experience: To provide you with a personalized experience in the app, we use your data to:
Customize training programs and recommendations based on your goals, evaluations, and preferences.
Provide you with personalized content, such as specific mental training exercises, based on your challenges and progress.
Optimize the user interface to make navigation in the app easier and more relevant for you.
Security and Prevention of Abuse: We process your data to ensure that the service is safe to use, and to detect and prevent misuse or fraud. This includes:
Monitoring activity in the app to protect against unauthorized access or use of the service.
Taking measures to prevent the service from being used in a way that could harm you or other users.
Compliance with Laws and Regulations: We process personal data to comply with applicable laws and regulations, including age verification and privacy requirements.
Other Purposes with Your Consent:
We only use your data for things you said yes to. For example:
Surveys or newsletters.
Sharing your evaluation answers, your check-in data, and your goals with your club and coach - but only if you give permission in the app. You can turn this off anytime under “Settings → Share Data with Club."
Data Protection
We use comprehensive security measures, including:
Encryption (AES-256 standard) for stored data, TLS for data transmission.
Role-based access control and Row-Level Security (RLS).
Regular data backups and separate environments for development/testing.
Staff training in data security and privacy procedures.
Minimization of data.
Data Sharing and Sub-processors
We collaborate with the following subprocessors:
Supabase/Amazon Web Services (Germany/EU) for infrastructure.
RevenueCat, OneSignal, Resend, Google (Firebase), Branch, Sentry, OpenAI (all in the USA), with pseudonymized data processing.
Sharing Data with Your Club and Coaches
We will only share your data with your club's staff if you say it’s OK in the app.
This is only relevant if you use Mindbuddy as part of a club and have given clear consent to share data. If you use Mindbuddy on your own (not through a club), or if you don’t say yes to data sharing, your data stays private and is never shared with your club.
If you give permission, we share:
Your evaluation answers
Your check-in data (whatever your club asks for)
Your goals
You can turn off data sharing anytime in the app under Settings → Share Data with Club. We won’t share any new data after you turn it off, but your club will still have the data shared before.
If you use Mindbuddy on your own, or don’t consent to data sharing, your club cannot see your personal data.
If a club collects other types of information (such as injuries or diagnoses) using Mindbuddy, it is the club’s responsibility to obtain explicit consent for this.
Where data is transferred outside the EU/EEA, we use Standard Contractual Clauses (SCCs) or similar safeguards to protect your privacy.
How Long Do We Retain Your Personal Data?
Your data is stored as long as necessary or legally required. You can delete your data by sending us an email at privacy@mindbuddy.com, and data is automatically deleted after service termination, except when required for legal compliance or reactivation purposes. If your account is inactive, we will delete your data after one year.
How We Handle Security Incidents or Breaches
In the event of a security incident or breach of personal data protection, we will notify the relevant data protection authority as soon as possible, and no later than 72 hours after we become aware of it, unless it is unlikely that the breach will negatively affect the rights and freedoms of our users.
Your Rights
You always have the right to:
Know What Information We Have About You This is known as the "right to access." You have the right to know what personal data we process and how we process it. You can see an overview of most of the data we have about you in your Mindbuddy account. If you want access to all your personal data, you can contact us, and we will provide it to you.
Correct Any Incorrect Information This is known as the "right to rectification." It is important that the information we have about you is correct. If it is not, you have the right to request that we correct it. You can change or correct most personal data in your Mindbuddy account. If you find any errors that you cannot correct yourself, you can contact us.
Change How We Process Your Data This is known as the “right to restrict processing” or “right to object to data processing.” You have the right to object to the processing of your personal data that is based on our legitimate interests. You can do this by contacting us directly. To stop sharing with your club or coach, go to “Settings” in the app and switch off “Share data with Club.”
Receive Your Data in a Readable Format This is known as the "right to data portability." You have the right to receive the personal data we have about you in a structured, commonly used, and machine-readable format. If you want this type of data, you can contact us.
Withdraw Your Consent This is known as the "right to withdraw." You have the right to withdraw your consent to us processing your data in cases where consent is the reason we process it. Since we cannot provide our service without processing your data, withdrawing consent is the same as terminating the service.
Be Forgotten This is sometimes referred to as the "right to erasure" and means that you can always delete your user data or account with us. We automatically delete personal data when it is no longer needed, but you can also request that we delete your personal data by deleting your user account. In such a case, your personal data will be deleted within 30 days, except for data we are required to retain for other reasons (e.g., to comply with accounting regulations). You can request the closure and deletion of your user account at privacy@mindbuddy.com or in the app.
Submit a Complaint to Your Local Data Protection Authority If you believe that the way we process personal data does not comply with what we have described here, or that we are violating privacy laws, you can also contact your local data protection authority directly. You can find information on how to contact your local data protection authority on their website.
We will respond to requests to exercise your rights as soon as possible, and at the latest within one month, as required by GDPR.
Data Sharing with Clubs – Roles and Responsibilities
For individual users who choose to share data with their club through Mindbuddy, both the club and Mindbuddy have specific roles and responsibilities:
The Club acts as the Data Controller for the personal data it receives about you (such as training evaluations, check-ins, and goals you agree to share).
Mindbuddy acts as the Data Processor on behalf of the club, managing the technical delivery, security, and storage of the data.
This means:
The club decides which data to request, the purpose of collecting it, and how it is used for player follow-up and development.
Mindbuddy only processes your data in line with the club’s instructions and your consent, and never for other purposes.
If you choose not to share data with your club, your data remains private and is not accessible to your club.
You can read more about your rights, how to stop sharing data with your club, and what happens when you do, in the section “Your Rights” above.
Cookies and Tracking
Currently, we do not use cookies in our app. However, we collect data about usage patterns, click behavior, and other interactions in the app. This information helps us understand how our users utilize the services and provides us with insights that we use to improve and develop the app further. Our goal is to ensure that the app provides the best possible experience for all users.
Changes to This Policy
Our latest privacy policy is always available on our website and always includes the date of the last change. We may update our privacy policy when changes are made to legislation or our practices, or when necessary for other reasons. We will inform you about any significant changes, which will take effect from the specified date.
Contact
For questions or concerns about your privacy, please contact us at privacy@mindbuddy.com.
Last updated: 29.05.2025
Mindbuddy aims to help young athletes with mental training through our digital services. Privacy is extremely important to us as a company, and we work hard to build products that we are proud of.
To meet both your and our own expectations, we have written a privacy policy and created privacy settings that give you full control over how we use your data.
All our collection and use of personal data is subject to relevant data protection regulations, including the EU's General Data Protection Regulation (GDPR). We consider compliance with these regulations as a minimum and will always strive to exceed this baseline regarding the ethical and sensible use of your data.
We process your data based on your consent (for sharing with clubs), the agreement between us (to provide the service), or our legitimate interest (for security and service improvement)
About this Policy
Mindbuddy's privacy policy explains how the information you share with us and the data you store with us is used and protected.
When we talk about "services," we mean our websites and apps, as well as any other websites and activities we do as part of our customer relationship that are covered by this same policy.
Simply put: When you use our services, you share some information with us. We want to be completely transparent about what we know about you, how we use that information, who we share it with, and the choices you have to control, change, and access it.
We have written this privacy policy to:
Show what we do to protect and respect your privacy
Explain how we collect, use, and store your personal data
Provide you with information about your rights
We do our best to explain all of this in an understandable way and keep the information free of complicated legal jargon. If you still have questions, you can contact us at privacy@mindbuddy.com.
Data Collection
What Do We Collect?
We collect personal data in the following categories:
Basic personal details (name, email, phone number, date of birth).
Usage data (navigation within the app, training activities, evaluations, goals, and progression).
Self-reported sleep, energy levels, mood, training diaries.
Match participation details (match time, opponents).
Technical information about devices and software used.
Communications with customer support.
Recruitment program information.
User settings, preferences, and customization.
Payment information processed via Apple or Google.
We do not collect or process sensitive health data, such as information about injuries, illnesses, or diagnoses, unless you are separately asked for such information and have given explicit consent. Data such as sleep, mood, energy, and training readiness are considered wellness information and not sensitive health data.
How We Collect Data
The data we collect about you depends on which parts of our services you use, whether you use the app or provide data in other contexts. We collect personal data such as:
You provide to us, for example, when you register a user account, subscribe to our newsletters, provide product feedback, or contact us with questions
Automatically recorded when you use the service, such as when you visit our website or app
We receive from other sources, such as when you use a subscription from your club/organization or when you use a service like Vipps or Apple Pay to pay for the service
We receive from partners when you come to Mindbuddy through one of our partners
You are not obliged to provide personal data to us, but if you choose not to, we cannot provide our services to you. Some examples of this could be that we cannot store your information if you do not create a user, that we cannot collect payment if we do not have your payment information, or that we cannot respond to inquiries without an email address or phone number.
Personal Data of Children
Mindbuddy is not available to users under 13 years of age. In certain countries, including Germany, the minimum age is 16 unless parental consent is provided. If you are under the age of consent in your country, you may not use Mindbuddy unless we have received verified parental consent.
How We Use Data
Providing Services:
We process your data to be able to offer you the services in our app. This includes:
Creating and managing your personal user account.
Offering and customizing digital services such as mental training guidance, evaluations, training programs, and goal setting.
Enforcing age restrictions, such as ensuring that users under 13 do not have access to the app.
Providing a user-friendly and secure service by customizing the functionality to the devices and software you use.
Communicating with you about important updates related to training programs, goal achievement, or other aspects of your use of the app.
Offering customer support, troubleshooting, and handling complaints to ensure you get the best possible experience.
Managing recruitment programs by tracking referrals and awarding rewards.
Development and Analysis:
We process your data to better understand your needs and to improve and develop our services. This includes:
Analyzing usage patterns to optimize our services, for example, by looking at how you use the app, training history, and completion of mental training programs.
Conducting user surveys and collecting feedback to improve functionality and experience in the app.
Performing technical analyses to identify and fix any issues you may encounter.
Customized Experience:
To provide you with a personalized experience in the app, we use your data to:
Customize training programs and recommendations based on your goals, evaluations, and preferences.
Provide you with personalized content, such as specific mental training exercises, based on your challenges and progress.
Optimize the user interface to make navigation in the app easier and more relevant for you.
Security and Prevention of Abuse:
We process your data to ensure that the service is safe to use, and to detect and prevent misuse or fraud. This includes:
Monitoring activity in the app to protect against unauthorized access or use of the service.
Taking measures to prevent the service from being used in a way that could harm you or other users.
Compliance with Laws and Regulations:
We process personal data to comply with applicable laws and regulations, including age verification and privacy requirements.
Other Purposes with Your Consent:
We only use your data for things you said yes to. For example:
Surveys or newsletters.
Sharing your evaluation answers, your check-in data, and your goals with your club and coach - but only if you give permission in the app. You can turn this off anytime under “Settings → Share Data with Club.”
Data Protection
We use comprehensive security measures, including:
Encryption (AES-256 standard) for stored data, TLS for data transmission.
Role-based access control and Row-Level Security (RLS).
Regular data backups and separate environments for development/testing.
Staff training in data security and privacy procedures.
Minimization of data.
Data Sharing and Sub-processors
We collaborate with the following subprocessors:
Supabase/Amazon Web Services (Germany/EU) for infrastructure.
RevenueCat, OneSignal, Resend, Google (Firebase), Branch, Sentry, OpenAI (all in the USA), with pseudonymized data processing.
Sharing Data with Your Club and Coaches
We will only share your data if you say it’s OK in the app.
This is only relevant if you use Mindbuddy as part of a club and have given clear consent to share data. If you use Mindbuddy on your own (not through a club), or if you don’t say yes to data sharing, your data stays private and is never shared with your club.
If you give permission, we share:
Your evaluation answers
Your check-in data (whatever your club asks for)
Your goals
You can turn off data sharing anytime in the app under Settings → Share Data with Club. We won’t share any new data after you turn it off, but your club will still have the data shared before.
If you use Mindbuddy on your own, or don’t consent to data sharing, your club cannot see your personal data.
If a club collects other types of information (such as injuries or diagnoses) using Mindbuddy, it is the club’s responsibility to obtain explicit consent for this.
Where data is transferred outside the EU/EEA, we use Standard Contractual Clauses (SCCs) or similar safeguards to protect your privacy.
How Long Do We Retain Your Personal Data?
Your data is stored as long as necessary or legally required. You can delete your data by sending us an email at privacy@mindbuddy.com, and data is automatically deleted after service termination, except when required for legal compliance or reactivation purposes. If your account is inactive, we will delete your data after one year.
How We Handle Security Incidents or Breaches
In the event of a security incident or breach of personal data protection, we will notify the relevant data protection authority as soon as possible, and no later than 72 hours after we become aware of it, unless it is unlikely that the breach will negatively affect the rights and freedoms of our users.
Your Rights
You always have the right to:
Know What Information We Have About You
This is known as the "right to access." You have the right to know what personal data we process and how we process it. You can see an overview of most of the data we have about you in your Mindbuddy account. If you want access to all your personal data, you can contact us, and we will provide it to you.
Correct Any Incorrect Information
This is known as the "right to rectification." It is important that the information we have about you is correct. If it is not, you have the right to request that we correct it. You can change or correct most personal data in your Mindbuddy account. If you find any errors that you cannot correct yourself, you can contact us.
Change How We Process Your Data
This is known as the “right to restrict processing” or “right to object to data processing.” You have the right to object to the processing of your personal data that is based on our legitimate interests. You can do this by contacting us directly. To stop sharing with your club or coach, go to “Settings” in the app and switch off “Share data with Club.”
Receive Your Data in a Readable Format
This is known as the "right to data portability." You have the right to receive the personal data we have about you in a structured, commonly used, and machine-readable format. If you want this type of data, you can contact us.
Withdraw Your Consent
This is known as the "right to withdraw." You have the right to withdraw your consent to us processing your data in cases where consent is the reason we process it. Since we cannot provide our service without processing your data, withdrawing consent is the same as terminating the service.
Be Forgotten
This is sometimes referred to as the "right to erasure" and means that you can always delete your user data or account with us. We automatically delete personal data when it is no longer needed, but you can also request that we delete your personal data by deleting your user account. In such a case, your personal data will be deleted within 30 days, except for data we are required to retain for other reasons (e.g., to comply with accounting regulations). You can request the closure and deletion of your user account at privacy@mindbuddy.com or in the app.
Submit a Complaint to Your Local Data Protection Authority
If you believe that the way we process personal data does not comply with what we have described here, or that we are violating privacy laws, you can also contact your local data protection authority directly. You can find information on how to contact your local data protection authority on their website.
We will respond to requests to exercise your rights as soon as possible, and at the latest within one month, as required by GDPR.
Data Sharing with Clubs – Roles and Responsibilities
For individual users who choose to share data with their club through Mindbuddy, both the club and Mindbuddy have specific roles and responsibilities:
The Club acts as the Data Controller for the personal data it receives about you (such as training evaluations, check-ins, and goals you agree to share).
Mindbuddy acts as the Data Processor on behalf of the club, managing the technical delivery, security, and storage of the data.
This means:
The club decides which data to request, the purpose of collecting it, and how it is used for player follow-up and development.
Mindbuddy only processes your data in line with the club’s instructions and your consent, and never for other purposes.
If you choose not to share data with your club, your data remains private and is not accessible to your club.
You can read more about your rights, how to stop sharing data with your club, and what happens when you do, in the section “Your Rights” above.
Cookies and Tracking
Currently, we do not use cookies in our app. However, we collect data about usage patterns, click behavior, and other interactions in the app. This information helps us understand how our users utilize the services and provides us with insights that we use to improve and develop the app further. Our goal is to ensure that the app provides the best possible experience for all users.
Changes to This Policy
Our latest privacy policy is always available on our website and always includes the date of the last change. We may update our privacy policy when changes are made to legislation or our practices, or when necessary for other reasons. We will inform you about any significant changes, which will take effect from the specified date.
Contact
For questions or concerns about your privacy, please contact us at privacy@mindbuddy.com.