Privacy Policy — MindVault

                The short version
                Your knowledge data stays in your account. We don't sell it. We don't share it with third parties for advertising. You can delete it at any time.
            

1. Who We Are

MindVault ("we," "us," or "our") operates the MindVault service accessible at mindvault.rest. We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding that data.

For privacy questions, contact us at mindvault@polsia.app.

2. Information We Collect

Account information: When you register, we collect your name and email address.

Knowledge data: The facts, preferences, and personal information you provide during AI interview sessions. This is the core of the Service — you control it entirely.

Usage data: We log events such as session completions and feature usage to improve the product. These logs include anonymized interaction counts, not the content of your responses.

Payment information: If you subscribe, payment is processed by Stripe. We do not store your credit card details.

Waitlist data: If you sign up for early access, we store your email and the source of your signup (e.g., landing page).

3. How We Use Your Information

To provide and operate the Service
To process your AI interview sessions and build your knowledge graph
To send you onboarding guidance and product updates (you can unsubscribe)
To send you weekly knowledge digest emails (you can unsubscribe)
To process payments and manage subscriptions
To improve the Service based on aggregated usage patterns
To respond to support requests and communicate with you

4. Data Storage and Security

Your knowledge data is stored in an encrypted PostgreSQL database hosted by Neon. Data is transmitted over HTTPS/TLS. We apply industry-standard security practices to protect your data.

The MCP server at /api/mcp requires authentication via your personal API key. Your knowledge data is not publicly accessible.

5. Data Sharing

We do not sell your personal data. We do not share your knowledge data with third parties for advertising or marketing purposes.

We share data only in these limited circumstances:

Service providers: We use Neon (database), Render (hosting), Stripe (payments), and OpenAI (AI processing). These providers process data only as necessary to provide their services to us.
Legal requirements: We may disclose data if required by law, court order, or government request.
Business transfers: If MindVault is acquired or merged, your data may be transferred as part of that transaction. We will notify you beforehand.

6. AI Processing

Your interview responses are processed by OpenAI's API to extract structured facts. OpenAI processes this data pursuant to their data processing agreement. We do not use your data to train AI models.

7. Cookies and Tracking

We use minimal, privacy-focused tracking:

Session cookies: Required for authentication. These expire when you close your browser or log out.
Analytics pixel: An anonymous beacon tracks page visits for product analytics. No personally identifiable information is sent.
UTM parameters: Stored in session storage (not cookies) to understand traffic sources. Cleared when you close the browser tab.

We do not use advertising cookies or third-party tracking scripts.

8. Your Rights and Choices

You have the following rights regarding your data:

Access: Request a copy of your data by emailing us.
Correction: Update or correct your knowledge entries directly in the app.
Deletion: Delete your account and all associated data by emailing mindvault@polsia.app. We will process deletion requests within 30 days.
Email opt-out: Unsubscribe from digest emails via the unsubscribe link in any email, or by emailing us.
Data portability: Export your knowledge data from within the app.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data and knowledge entries within 30 days, except where retention is required by law or for legitimate business purposes (e.g., payment records required for tax compliance).

10. Children's Privacy

MindVault is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, for significant changes, by email. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

For privacy questions, data deletion requests, or to exercise your rights, contact us:

Email: mindvault@polsia.app
Contact form: mindvault.rest/contact