privacy policy

if you are experiencing thoughts of suicide, self-harm, harming others, or any mental health emergency, stop using vind and contact emergency services or a qualified crisis resource immediately.

VIND IS NOT AN EMERGENCY SERVICE AND CANNOT HELP IN CRISIS SITUATIONS.

this privacy policy explains how vind ("vind," "we," "us," or "our") collects, uses, discloses, and protects personal data when you use our website, applications, and related services.

TODO(legal): insert legal entity name, registered address, privacy contact email, and any EU/UK representative details.

• account and profile data, including email address, authentication data, subscription status, settings, language, and onboarding responses;
• conversation and wellness-related data, including messages, reflections, session history, feedback, and information you choose to share about your emotional or wellness state;
• derived and personalization data, including conversation summaries, recaps, themes, insights, memory objects, continuity context, and profile-style outputs;
• payment and transaction data made available by payment processors such as Stripe;
• device, technical, and usage data, including IP address, device type, browser metadata, logs, and service usage information;
• communications data, including support requests and communication preferences.

• to create and manage your account and provide the core vind service;
• to provide personalization and continuity features, including memory and live-session context;
• to process subscriptions, billing, refunds, accounting, and related records;
• to communicate with you about the service, security, support, and policy updates;
• to secure the service, prevent misuse, debug issues, and improve reliability;
• to comply with law and handle legal claims.

TODO(legal): confirm exact legal bases for each processing purpose with counsel, especially EU/UK special-category data.

because vind is a mental wellness and self-reflection service, information you provide and certain outputs we derive may constitute health-related or other special-category data under applicable law.

where required, we rely on explicit consent to process this data to deliver vind's wellness, memory, continuity, and personalization features.

you may withdraw consent where available in settings or by contacting us. withdrawal may limit or disable features that depend on this data.

vind uses automated systems, including AI systems, to generate responses, summaries, memory, context features, emotional or theme analysis, reminders, insights, and recommendations.

these features are used to provide and personalize the service. they are not intended to replace professional diagnosis, treatment, or crisis care.

vind does not use solely automated decision-making that produces legal effects or similarly significant effects on users.

• cloud hosting, database, infrastructure, and security providers;
• payment processors;
• communications, support, analytics, monitoring, and software vendors;
• AI model, inference, and related technology providers that support product functionality;
• professional advisers, auditors, insurers, and legal counsel;
• regulators, courts, law enforcement, or other authorities where required by law.

we do not sell personal data.

TODO(legal): list actual subprocessors or link to a maintained subprocessor page.

vind and some service providers may process or store personal data in countries outside your country of residence.

where required, we rely on appropriate safeguards for international transfers, including standard contractual clauses or another lawful mechanism.

we retain personal data only for as long as necessary for the purposes described in this policy, including providing the service, complying with legal obligations, resolving disputes, enforcing agreements, and protecting the business.

TODO(legal): confirm retention periods for account data, conversations, memory profile, billing records, backups, and audit logs.

depending on where you live, you may have rights to access, correct, delete, restrict, object to processing, receive a portable copy, withdraw consent, opt out of marketing, or lodge a complaint with a regulator.

TODO(legal): insert the official email and process for privacy-rights requests.

vind is intended only for adults who are at least 18 years old.

we use technical and organizational measures designed to protect personal data, but no method of transmission or storage is completely secure.

we may update this privacy policy from time to time. if we make material changes, we will post the updated version and update the last updated date.