Privacy policy -

MindCore App

Effective Date: 29.05.2026
Latest Update: 29.05.2026

1. Introduction

Welcome to MindCore (“we,” “our,” or “us”), a mobile application developed by CS TECHNOLOGIES, LDA. Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable data protection laws.

Please read this Privacy Policy carefully as it describes our privacy practices and how we will collect, use, and disclose any personal information we collect from you, or that you provide to us, in connection with MindCore. This Privacy Policy forms part of and is incorporated into the Terms of Use for MindCore.

Data Controller: CS TECHNOLOGIES, LDA is the data controller for the personal data processed through MindCore. If you have questions about how we process your data, you may contact us at: legal@mindcoreapp.com.

2. Data We Collect

We may collect and process the following personal information about you:

• Information You Provide: Name (optional), email address, and any other details you provide when creating an account or communicating with us.

• Automatically Collected Data: Certain limited data is automatically collected by the third-party services integrated into MindCore, even without explicit action on your part. This includes: device type and operating system version (collected by Firebase for authentication and by Expo for delivering app updates), last sign-in timestamp (collected by Firebase Authentication), and device identifiers used by RevenueCat to link purchases to your account. We do not operate our own analytics or tracking systems.

• Communications: Information you provide when contacting our customer support team or submitting feedback.

• Third-Party Data: Information from third-party services used for authentication (e.g., Apple Sign-In, Google Sign-In). This may include your name and email address as provided by the authentication service.

• On-Device Data (Not Collected by Us):

  Important: We do not store any personal notes, journal entries, mood logs, or thought tune-up submissions on our servers. All such data is kept exclusively on your device.

  If you choose to enable iCloud synchronisation, your on-device data (including journal entries, mood logs, and thought tune-up submissions) will be stored in your personal iCloud account. This data is managed by Apple under Apple’s own privacy policy and terms of service. CS TECHNOLOGIES, LDA does not have access to data stored in your iCloud account.

• Cloud-Stored Account Data: In our cloud database (Firebase), we store only the following information to support account management and communications:

  • Your email address

  • Optional first and last name

  • Unique user identifier (UID)

  • Your acceptance of the Terms of Use and Privacy Policy

  • Push notification token (to send important system messages, with your consent)

  • Your communication preferences (push notification and marketing email opt-in/opt-out settings)

  This information is necessary to provide secure access to your account, manage subscriptions, send essential notifications, and honour your communication preferences.

3. How We Use Your Data

We process your personal data for the following purposes:

• To provide and maintain the MindCore service, including account management and subscription processing

• To respond to your requests, resolve disputes, and troubleshoot problems

• To maintain, improve, and optimise the App

• To send essential service notifications (e.g., account-related messages) and, with your consent, promotional communications

• To comply with legal obligations applicable to our business

• To protect the security and integrity of our services

We will communicate with you primarily via push notifications and emails. You can manage or opt out of marketing communications at any time through the notification settings in the App or by clicking the “Unsubscribe” link in marketing emails. Your preferences are stored in your account and take effect immediately. Please note that even if you opt out of marketing communications, we may still send you essential service-related messages (e.g., about your account, security alerts, or important changes to the App).

4. Legal Basis for Processing (EEA, UK, and Switzerland)

IIf you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases for processing your personal data:

• Contract Performance (GDPR Article 6(1)(b)): Processing necessary to fulfil our commitments to you, including providing access to MindCore, managing your account, and processing subscription payments.

• Legitimate Interests (GDPR Article 6(1)(f)): Processing necessary for our legitimate interests, such as improving our services, ensuring security, and communicating with users about the App. We balance these interests against your rights and freedoms.

• Consent (GDPR Article 6(1)(a)): Where you have given us your explicit consent, such as for sending marketing communications or enabling push notifications. You may withdraw your consent at any time (see Section 5).

• Legal Obligation (GDPR Article 6(1)(c)): Processing necessary to comply with legal obligations to which we are subject, such as tax or accounting requirements.

• Vital Interests (GDPR Article 6(1)(d)): In exceptional circumstances, to protect your vital interests or those of another person.

4.1 Automated Decision-Making

MindCore may provide basic personalised content recommendations based on your interactions within the App (for example, suggesting a journal type based on your reported mood). These recommendations are generated entirely on your device using simple logic and do not constitute automated decision-making or profiling that produces legal effects or similarly significant effects on you. No personal data is transmitted to our servers for this purpose.

4.2 Supervisory Authority Contact Information

If you are located in the EEA, the UK, or Switzerland and have concerns about our data processing, you have the right to lodge a complaint with your local Data Protection Authority:

• EEA: https://edpb.europa.eu/about-edpb/board/members_en

• UK: https://ico.org.uk/global/contact-us/

• Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

• Portugal (our lead supervisory authority): Comissão Nacional de Proteção de Dados (CNPD) — https://www.cnpd.pt/

4.3 US Privacy Laws

Some US states require us to provide additional details about the categories of personal information we collect and how we use it. In the last 12 months, we collected the following categories of personal information, depending on the services used:

• Identifiers (such as your name, email address, and device and online identifiers)

• Commercial information (your billing information and purchase history)

We collect personal information for the business and commercial purposes described in Section 3. In some US states you have additional rights, subject to exemptions under your state’s law, including the right to:

• Request a copy of the specific pieces of information we collect about you

• Request deletion of personal information we collect or maintain

• Request correction of inaccurate personal information

• Opt out of the sale or sharing of personal information

• Receive a copy of your information in a readily portable format

• Not receive discriminatory treatment for exercising your rights

We do not “sell” or “share” your personal data as those terms are defined under applicable US state privacy laws. We do not have knowledge of any sale or sharing of the personal data of minors under 16 years of age. We do not collect or process sensitive personal information except where strictly necessary to provide you with our service.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.

• Right to Rectification: Request correction of inaccurate or incomplete data.

• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.

• Right to Restriction of Processing: Request that we restrict the processing of your personal data in certain circumstances.

• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.

• Right to Object: Object to our processing of your personal data based on legitimate interests.

• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (see Section 4.2).

To exercise any of these rights, contact us at: legal@mindcoreapp.com. We will respond to your request within 30 days (or such other period as required by applicable law). We may ask you to verify your identity before processing your request.

6. Data Sharing and Transfers

6.1 Third-Party Service Providers

We use the following third-party service providers to support the operation of MindCore. Each service processes only the data necessary for its function:

• Firebase (Google LLC): Cloud database for account data storage, authentication, and push notifications. Processes: email, name, UID, push notification tokens, device type, and last sign-in timestamp.

• RevenueCat: Subscription and in-app purchase management. Processes: purchase and subscription data linked to user identifiers.

• Expo (Expo, Inc.): App delivery and update services. Processes: device information for delivering updates.

Each of these providers acts as a data processor on our behalf and is bound by data processing agreements that ensure compliance with applicable data protection laws.

6.2 Legal Compliance

We may disclose your personal data if required to do so by law, regulation, or legal process, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 International Data Transfers

Because our third-party service providers may be located outside the European Economic Area (EEA), your personal data may be transferred to and processed in countries outside the EEA, including the United States. When such transfers occur, we ensure that appropriate safeguards are in place, including:

• European Commission Standard Contractual Clauses (SCCs) as adopted under Commission Implementing Decision (EU) 2021/914

• Adequacy decisions where the European Commission has determined that a third country provides an adequate level of data protection

• Other legally recognised transfer mechanisms as appropriate

You may request further information about the safeguards we apply to international transfers by contacting us at legal@mindcoreapp.com.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

• Account data (email, name, UID): Retained for as long as your account is active. Deleted within 30 days of account deletion.

• Subscription data: Retained for the duration of your subscription and for up to 7 years thereafter to comply with tax and accounting obligations.

• Support correspondence: Retained for up to 2 years after your last interaction with us, unless a longer retention period is required for legal purposes.

• On-device data: Controlled entirely by you. This data is deleted when you uninstall the App or manually delete it. If you have enabled iCloud synchronisation, that data is subject to Apple’s retention policies.

You can delete your account and associated cloud-stored data at any time through the App’s settings.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or misuse. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest

• Firebase security rules to restrict database access

• Secure authentication mechanisms

• Regular security reviews of our systems and processes

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to enhance our protective measures.

If you use a password for authentication, you are responsible for keeping it confidential. If you have enabled biometric or device-based access to the App, you are responsible for ensuring others cannot use your device without your permission.

9. Third Party Websites

MindCore may contain links to third-party websites or services. This Privacy Policy does not apply to those websites. We encourage you to read the privacy policies of any third-party services before providing your personal data to them.

10. Children's Privacy

MindCore is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at legal@mindcoreapp.com so that we can take appropriate action.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the “Effective Date” and “Latest Update” dates at the top of this policy

• Present the updated Privacy Policy to you within the App and require your acknowledgment before you may continue using MindCore

If you do not agree with the updated Privacy Policy, you may stop using the App and delete your account. Your continued use of MindCore after acknowledging the updated Privacy Policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Email: legal@mindcoreapp.com

Company: CS TECHNOLOGIES, LDA

Important Disclaimer

MindCore provides self-help tools and content prepared by practising psychologists. However, the App does not offer medical or psychological diagnoses, treatment, or professional health advice.

If you are experiencing severe mental health challenges or require professional care, we strongly recommend consulting with a qualified healthcare provider or licensed mental health professional.