Latest version also available at: https://www.mindviz.dev/legal/privacy
Privacy Policy

Last updated: May 19, 2026

This Privacy Policy explains how MindViz ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use our websites and services (collectively, the "Service"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable European data protection laws.
1. Data Controller

The data controller responsible for your personal data is:
Lars Schell
Hauptstrasse 3a
9650 Nesslau, Switzerland
Email: support@mindviz.dev
2. Personal Data We Collect

We collect the following categories of personal data:
2.1 Account Data

Email address
Name (if provided via OAuth)
Profile picture (if provided via OAuth)
Authentication provider identifiers


2.2 Service Data

Content you create using our apps (notes, plans, budget entries, recipes, CVs, and other user-generated content)
Preferences and settings (language, theme, notification settings)


2.3 Usage Data

AI feature usage counts (for rate limiting)
Feature interactions and preferences
Browser type, device type, and operating system


2.4 Technical Data

IP address (processed but not stored long-term)
Cookies and similar technologies (see our Cookie Policy)


1. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:
Purpose Legal Basis
Providing the Service (account creation, cloud sync, core features) Performance of a contract (Art. 6(1)(b))
AI-powered features Performance of a contract (Art. 6(1)(b))
Rate limiting and abuse prevention Legitimate interest (Art. 6(1)(f))
Analytics and service improvement Legitimate interest (Art. 6(1)(f))
Non-essential cookies Consent (Art. 6(1)(a))
4. How We Use Your Data

To create and manage your account
To store and synchronize your data across devices
To provide AI-powered content suggestions and assistance
To generate shareable links (where applicable)
To export your content to various formats
To enforce usage limits and prevent abuse
To improve our Service


1. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

Supabase — for authentication and database hosting (data processed in the EU/EEA)
AI providers — content you submit for AI features is sent to our AI service provider for processing. We do not send your full data unless you initiate an AI feature.
OAuth providers (GitHub, Google) — if you choose to sign in with a third-party provider, we receive limited profile data from them


We do not sell your personal data.
6. International Data Transfers

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions.
7. Data Retention

Account and service data: retained as long as your account is active. Deleted within 30 days of account deletion.
AI usage logs: retained for up to 90 days for rate limiting and abuse prevention.
Share links: retained until you delete them or your account.


1. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15) — obtain a copy of your data
Right to rectification (Art. 16) — correct inaccurate data
Right to erasure (Art. 17) — request deletion of your data
Right to restriction (Art. 18) — restrict processing in certain circumstances
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
Right to object (Art. 21) — object to processing based on legitimate interest
Right to withdraw consent (Art. 7(3)) — withdraw consent at any time where processing is based on consent


To exercise any of these rights, contact us at support@mindviz.dev. We will respond within 30 days.
9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS/HTTPS), secure authentication protocols, and access controls. Your data is stored in encrypted databases.
10. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us.
11. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.
12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our Service or by email. The "Last updated" date at the top indicates when this policy was last revised.
13. Contact Us

For questions about this Privacy Policy or our data practices, contact us at: support@mindviz.dev