Privacy Policy

Welcome to Mind Wellness, a mental wellness application developed and maintained by Code Crafters IT Innovation ("we," "our," or "us"). We are committed to protecting and respecting your privacy in a manner consistent with applicable data protection laws and the highest industry standards for healthcare technology.

This Privacy Policy explains what personal and sensitive information we collect when you use the Mind Wellness application and related services (collectively, the "Service"), how we collect it, why we collect it, how we store and protect it, with whom we share it, and the rights and choices available to you.

Because Mind Wellness processes health-related and emotionally sensitive information — including mood entries, mental health assessments, audio and facial emotion signals, and biometric indicators — we take our obligations to you very seriously. We have designed this Policy to be transparent, readable, and comprehensive so that you can make informed decisions about using our Service.

Please read this Privacy Policy carefully. If you have any questions or concerns, you may contact us at any time using the details provided in Section 21.

By downloading, installing, accessing, or using Mind Wellness, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree to the terms set forth herein, you must discontinue use of the application immediately.

This Privacy Policy applies to all users of the Service worldwide, including visitors, registered users, and premium subscribers. Your continued use of the Service following any update to this Policy constitutes your acceptance of the revised terms.

We collect different categories of information to provide, improve, and personalize the Service. The types of information we collect depend on how you interact with Mind Wellness and the features you enable.

3.1 Personal Information

• Profile Information: Your name, display name, and optional profile photograph when you create or update your account.
• Email Address: Used for account creation, authentication, and service communications.
• Authentication Information: Login credentials or federated identity tokens (e.g., Google Sign-In tokens). Passwords are never stored in plaintext.
• Date of Birth: Collected optionally to personalize wellness recommendations and apply age-appropriate safeguards.

3.2 Mental Health and Wellness Data

• Mood Entries: Daily or periodic mood ratings, emotional journal entries, and associated notes that you voluntarily submit.
• PHQ-9 Responses: Responses to the Patient Health Questionnaire-9 depression screening tool when you complete an assessment.
• Audio Analysis Data: Short audio clips processed locally or via secure cloud to detect emotional characteristics in your voice tone and cadence.
• Facial Emotion Analysis Data: Facial expression features extracted from camera frames to infer emotional states. Raw images are not permanently stored.

3.3 Biometric and Health Data

• Heart Rate Data: Heart rate and heart rate variability measurements, either from your device's built-in sensors or integrated wearables, with your explicit permission.
• Activity Data: Step counts, exercise sessions, physical activity duration, and movement patterns sourced from device sensors or linked fitness platforms.
• Sleep Data: Sleep duration, sleep onset and wake times, and sleep quality estimates sourced from your device or wearable, if permission is granted.

3.4 Technical and Usage Data

• App Usage Analytics: Feature interactions, session duration, navigation patterns, and in-app events used to understand how users engage with the Service.
• Crash Reports: Diagnostic data transmitted automatically when the application encounters an error, including device state information at the time of the crash.
• Device Information: Device model, operating system version, unique device identifiers, screen resolution, language settings, and time zone.
• IP Address: Collected automatically when you connect to our servers; used for security monitoring, fraud prevention, and approximate geographic region identification.
• Cookies and Similar Technologies: See Section 14 for a detailed explanation of our use of cookies, local storage, and tracking technologies.

3.5 Device Permissions

Certain features of Mind Wellness require access to device hardware and system resources. We request only the permissions necessary for each feature, and we request your explicit consent before activating them:

You may revoke any permission at any time through your device's system settings. Revoking a permission will disable the associated feature but will not affect your access to other parts of the Service.

We use the information we collect for the following purposes, always in accordance with applicable laws and our commitments to you:

• Providing the Service: Processing your wellness entries, generating mental health insights, delivering personalized recommendations, and maintaining your account.
• Improving the Service: Analyzing aggregated, anonymized usage data to understand which features are most valuable and to identify opportunities for improvement.
• Safety and Crisis Detection: Identifying signals that may indicate acute distress and presenting crisis resources where appropriate. This does not constitute clinical intervention.
• Service Communications: Sending you account-related notifications, policy updates, and, with your consent, wellness tips or promotional communications.
• Security and Fraud Prevention: Monitoring for unauthorized access, suspicious activity, and technical vulnerabilities to protect your data and the integrity of the Service.
• Legal Compliance: Fulfilling obligations under applicable law, responding to lawful requests from public authorities, and enforcing our Terms of Service.
• Research (Aggregated and Anonymized Only): Contributing to the broader field of mental wellness research using de-identified, aggregated datasets. Your individually identifiable information is never shared for research purposes without your explicit, separate consent.

We do not sell, rent, or trade your personal or health information to any third party for marketing purposes. We do not use your mental health data to serve targeted advertising.

Some features of Mind Wellness are powered by artificial intelligence and machine learning models. These models analyze the information you submit — such as mood entries, PHQ-9 responses, audio characteristics, and facial expression features — to generate mental wellness insights, trend visualizations, and personalized recommendations.

Our AI models are designed to surface patterns and trends in the data you provide. They do not make autonomous decisions that significantly affect your legal rights or produce legal effects. You retain full control over your data and may opt out of AI-powered features through your in-app settings.

Where AI processing involves automated profiling, we implement safeguards to prevent discriminatory or harmful outcomes. Our models are trained on diverse, ethically sourced datasets and undergo regular bias auditing.

Mind Wellness offers an optional feature that uses your device camera to analyze facial expressions and estimate emotional states in real time. We want to be fully transparent about how this feature works and what it does not do:

• Emotional feature extraction only: Our system analyzes facial landmark positions and micro-expression patterns to infer general emotional states (e.g., happiness, sadness, surprise). It does not identify you as an individual.
• No biometric identification: We do not use facial analysis to identify, authenticate, or verify your identity. No facial recognition database is created or maintained.
• No facial database: Raw images or photographs captured during facial analysis sessions are processed in-memory and are not permanently stored, transmitted to our servers, or retained beyond the active session unless you explicitly save a session record.
• No third-party biometric sharing: Facial feature data is never sold, licensed, or shared with any third party for identification, surveillance, or commercial purposes.
• On-device processing preferred: Where technically possible, facial analysis is performed entirely on your device to minimize data transmission.

Mind Wellness provides an optional audio check-in feature that analyzes your voice to detect emotional characteristics such as tone, pitch variation, speech pace, and energy levels. These acoustic features are used to supplement your self-reported mood data with an objective signal.

• Acoustic emotion analysis only: Audio is processed to detect emotional characteristics (e.g., elevated stress indicators, low-energy vocal patterns). The system does not transcribe, analyze, or store the semantic content of what you say.
• No voice identity recognition: Our audio processing system does not create voiceprints, speaker embeddings, or any biometric voice profile that could be used to identify you. No voice identification database is maintained.
• Ephemeral processing: Raw audio recordings are processed transiently. Speech content is not permanently stored on our servers unless you explicitly save a session, and even then, only anonymized acoustic feature vectors are retained — not the original audio file.
• On-device where possible: Audio feature extraction is performed on your device where technically feasible to minimize data transmission and latency.
• Consent required: Microphone access requires your explicit permission and can be revoked at any time through your device settings.

The Patient Health Questionnaire-9 (PHQ-9) is a clinically validated, nine-item self-report screening instrument widely used in primary care and mental health settings to assess the presence and severity of depressive symptoms. Mind Wellness incorporates the PHQ-9 as one of several wellness monitoring tools.

Scoring

Each of the nine items is scored 0–3 (Not at all = 0, Several days = 1, More than half the days = 2, Nearly every day = 3), yielding a total score of 0–27. Score ranges correspond to broadly recognized severity thresholds: Minimal (0–4), Mild (5–9), Moderate (10–14), Moderately Severe (15–19), and Severe (20–27).

Purpose within Mind Wellness

PHQ-9 results within the application are used to: (a) help you track changes in self-reported depressive symptoms over time; (b) inform the personalization of wellness content and suggestions; and (c) provide context for AI-generated trend analysis.

With your permission, Mind Wellness may access heart rate and heart rate variability (HRV) data from your device's sensors or a connected wearable device to provide a physiological dimension to your mental wellness insights.

Purpose

Heart rate and HRV data are used to: (a) contextualize mood and stress self-reports with an objective physiological signal; (b) identify patterns that may indicate elevated autonomic arousal or physiological stress; and (c) contribute to holistic wellness trend tracking over time.

Limitations

Heart rate data as processed by Mind Wellness is not a medical-grade measurement. Consumer device sensors may exhibit variability and should not be relied upon for clinical decision-making. Insights derived from heart rate data within the app are informational only and do not constitute a diagnosis of any cardiac or psychological condition. Always consult a healthcare professional regarding any health-related concerns.

Research consistently demonstrates strong relationships between physical activity, sleep quality, screen time, and mental well-being. Mind Wellness optionally integrates with your device's health and activity platform (Apple HealthKit, Google Fit, or equivalent) to incorporate the following behavioral data into your wellness picture:

• Sleep: Duration, sleep efficiency, and sleep schedule regularity. Disrupted sleep is a key indicator in multiple mental health conditions.
• Exercise and Physical Activity: Type, duration, and frequency of physical activity, including step counts and active energy expenditure.
• Screen Time: Daily device usage patterns sourced from your operating system's screen time APIs, where available and consented to.
• Daily Habits: Logged routines such as water intake, meal timing, and mindfulness practice duration when you manually enter or connect a compatible tracking application.

All activity data integration is subject to your explicit consent and the permission scope you grant to our application through your device's health platform. You may withdraw access at any time without affecting your core wellness tracking features.

Your data is stored on secure cloud infrastructure provided by trusted third-party cloud providers (including Google Cloud / Firebase). Data centers used by our providers are certified to relevant international security standards (ISO 27001, SOC 2 Type II).

Encryption

All data transmitted between your device and our servers is encrypted in transit using TLS 1.2 or higher. Personal and health data stored at rest is encrypted using AES-256 symmetric encryption. Encryption keys are managed through a dedicated key management service with regular rotation policies.

Retention

We retain your data for as long as your account remains active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods vary by data category (see Section 18 for details).

Backups

Automated encrypted backups are maintained to ensure data resilience. Backup data is subject to the same access controls and encryption standards as primary data. Backups are retained for a limited period as determined by our data management policies.

We implement a comprehensive, multi-layered security program commensurate with the sensitivity of the health data we process. Our security measures include:

• SSL/TLS Encryption: All network communications between the application and our servers are encrypted using industry-standard TLS protocols.
• Data Encryption at Rest: Sensitive data stored in our databases and file systems is encrypted using AES-256.
• Secure Authentication: User authentication relies on industry-standard protocols (OAuth 2.0, OpenID Connect). Multi-factor authentication is supported and encouraged.
• Secure Database: Production databases are deployed in private, isolated network environments. Direct public internet access to databases is prohibited.
• Access Control: Internal access to user data follows the principle of least privilege. Access is granted on a role-based, need-to-know basis, and all access events are logged.
• Continuous Monitoring: We employ real-time security monitoring and intrusion detection systems to identify and respond to anomalous activity.
• Regular Audits: We conduct periodic security reviews, penetration testing, and vulnerability assessments to proactively identify and remediate risks.

Notwithstanding these measures, no security system is impenetrable. In the event of a data breach affecting your rights and freedoms, we will notify you and applicable regulatory authorities as required by law, within the legally specified timeframes.

Mind Wellness integrates with a limited set of trusted third-party service providers to deliver and support the Service. Each provider is carefully selected and bound by data processing agreements that require them to protect your data in accordance with applicable laws and our standards.

We do not share personally identifiable health data with any third-party provider beyond what is strictly necessary to deliver the Service. We are not responsible for the independent privacy practices of third parties when you interact with their services outside of Mind Wellness.

When you access Mind Wellness via a web browser, we and our service providers may use cookies, local storage, session tokens, and similar technologies to support the functioning of the Service, maintain your session, remember your preferences, and gather anonymized analytics.

• Strictly Necessary Cookies: Required for the Service to function (e.g., session tokens, authentication cookies). These cannot be disabled.
• Functional Cookies: Used to remember your preferences, language settings, and personalization choices.
• Analytics Cookies: Used by Google Analytics / Firebase to collect aggregated, anonymized data about how users interact with the Service. These can be disabled via your browser settings or our cookie preference manager.

We do not use advertising cookies or cross-site tracking technologies. You may manage or delete cookies through your browser settings at any time. Disabling strictly necessary cookies will impair the functionality of the Service.

Depending on your jurisdiction, you may have the following rights with respect to your personal data. We are committed to honoring these rights without undue delay:

• Right of Access: You may request a copy of the personal data we hold about you, including its category, source, purpose, and recipients.
• Right to Correction: You may request correction of inaccurate or incomplete personal data. You may update many details directly through your in-app profile settings.
• Right to Deletion ("Right to Be Forgotten"): You may request deletion of your personal data, subject to our legal retention obligations. Account deletion triggers a scheduled purge of your data from our systems.
• Right to Data Portability: You may request an export of your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV).
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
• Right to Object: You may object to processing based on our legitimate interests, and you may opt out of direct marketing communications at any time.
• Right to Restrict Processing: In certain circumstances, you may request that we restrict how we use your data while a dispute is being resolved.

To exercise any of these rights, please contact us at codecraftersitinnovation@gmail.com. We will respond within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

Mind Wellness is intended for users who are at least 16 years of age (or the minimum age of digital consent in their jurisdiction, whichever is higher). We do not knowingly collect personal data from children under this age without verifiable parental or guardian consent.

If we discover that we have inadvertently collected personal information from a child under the applicable age threshold without appropriate consent, we will promptly delete such data from our systems. If you believe we have collected information from a child without proper consent, please contact us immediately at codecraftersitinnovation@gmail.com.

Where Mind Wellness is made available to users under 18 (e.g., in a supervised therapeutic context with guardian consent), we apply enhanced data minimization and additional access controls appropriate to the sensitivity of minors' health data.

Mind Wellness is available globally. By using the Service, you acknowledge that your information may be transferred to, stored in, and processed in countries other than your country of residence, including countries whose data protection laws may differ from those in your jurisdiction.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, such transfers are conducted in accordance with applicable data transfer mechanisms, including Standard Contractual Clauses (SCCs) approved by relevant data protection authorities, ensuring your data receives an adequate level of protection.

We comply with applicable data protection regulations in the jurisdictions where we operate, including the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA) where applicable. If you have questions about international transfers, please contact our Privacy Team at codecraftersitinnovation@gmail.com.

We retain your data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law. Upon account deletion, we initiate a data purge process within 30 days for most data types, subject to legal hold obligations. Key retention periods:

You may delete your Mind Wellness account and request deletion of your associated data at any time through the following methods:

• In-App: Navigate to Settings → Account → Delete Account. This action is irreversible and will initiate the deletion process.
• By Email: Send a deletion request to codecraftersitinnovation@gmail.com from your registered email address, including your account username or associated email.

Upon receiving a valid deletion request, we will: (a) deactivate your account immediately; (b) initiate deletion of personal data from our active systems within 30 days; (c) purge data from backups within 90 days; and (d) confirm completion of the deletion process to your registered email address.

Please note that certain data may be retained where required by law (e.g., financial transaction records), but such retained data will be isolated and not used for any operational purpose.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

• Post the updated Policy within the application and on our website with an updated "Effective Date."
• Send an in-app notification and, where appropriate, an email notification to your registered address.
• For material changes affecting your rights or the way we process sensitive health data, seek your renewed consent before the changes take effect.

Your continued use of Mind Wellness following the effective date of any update constitutes your acceptance of the revised Policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Privacy Team:

• Email: codecraftersitinnovation@gmail.com
• Application: Mind Wellness
• Company: Code Crafters IT Innovation
• Response Time: We aim to respond to all privacy-related inquiries within 5 business days and within any legally mandated timeframe for formal rights requests.

For general support inquiries unrelated to privacy, please use the Support section within the Mind Wellness application.

Mind Wellness and Code Crafters IT Innovation make no representations or warranties of any kind, express or implied, regarding the completeness, accuracy, reliability, suitability, or availability of the Service or the information contained herein for any particular purpose. The Service is provided on an "as is" and "as available" basis.

To the maximum extent permitted by applicable law, Code Crafters IT Innovation and its directors, officers, employees, agents, and service providers shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of or inability to use the Service, including but not limited to loss of data, loss of profits, or personal injury, even if we have been advised of the possibility of such damages.

Nothing in this Privacy Policy shall be construed to limit our liability for death or personal injury caused by our negligence, fraud, or fraudulent misrepresentation, or any other liability that cannot be excluded by law.

Always seek the guidance of a qualified physician, psychiatrist, psychologist, or other licensed healthcare professional with any questions you may have regarding a mental or physical health condition. Never disregard professional medical advice or delay seeking it because of something you have read or experienced in Mind Wellness.

If you are experiencing a mental health emergency, suicidal ideation, thoughts of self-harm, or any other psychiatric emergency — contact your local emergency services (911 in the US, 999 in the UK, 112 in the EU) or a crisis helpline immediately. Mind Wellness is not equipped to provide crisis intervention.

Artificial intelligence and machine learning form the backbone of several Mind Wellness features. Users should understand the following about AI-generated content within the application:

• AI-generated insights, suggestions, and content are probabilistic outputs based on pattern recognition across your submitted data and model training data. They are not deterministic or infallible.
• AI models may produce outputs that are incomplete, inaccurate, or not fully applicable to your unique situation. Always apply your own judgment.
• Our AI models are not licensed mental health practitioners and cannot replicate the nuanced judgment, empathy, or professional responsibility of a qualified clinician.
• We continuously work to improve model fairness, reduce bias, and enhance accuracy; however, no AI system achieves perfect outcomes across all populations or contexts.
• You are never obligated to follow AI-generated suggestions. If any suggestion feels inappropriate or inaccurate, please use the in-app feedback mechanism to report it.

Certain categories of processing — particularly processing of special category health data (including mental health, biometric, and physiological data) — require your explicit, freely given, specific, informed, and unambiguous consent, which we obtain through in-app consent flows.

You may withdraw consent at any time by: (a) adjusting your data preferences in Settings; (b) disabling specific device permissions; or (c) contacting us directly. Withdrawal of consent does not affect the lawfulness of any processing that occurred prior to withdrawal.

Where processing is based on legitimate interests (e.g., security monitoring, fraud prevention, service improvement using anonymized data), you retain the right to object. Where processing is necessary to fulfill our contractual obligations to you (e.g., delivering the core Service), we may not be able to continue providing certain features if the necessary processing cannot be performed.

This Privacy Policy and any disputes arising from or relating to it shall be governed by and construed in accordance with the laws of the jurisdiction in which Code Crafters IT Innovation is registered, without regard to its conflict of law principles, and subject to the mandatory data protection laws of the user's jurisdiction.

For users in the EEA or UK, the applicable supervisory authority for data protection complaints is the data protection authority of your country of residence. We encourage you to raise concerns with us directly in the first instance; however, you are always entitled to lodge a complaint with your supervisory authority.

Any legal action arising out of this Privacy Policy that is not resolved through our internal complaint process shall be subject to the exclusive jurisdiction of the courts of the governing jurisdiction, unless mandatory consumer protection laws in your country require otherwise.