This Privacy Policy explains how MindSteer collects, uses, stores, and deletes personal data. MindSteer is operated from Spain.
1. Controller
Controller: MindSteer (operated by Enrique Ramirez Hernandez)
Contact: privacy@mindsteer.app
Country of operation: Spain
2. Data We Process
- Account and identity data: email, user ID, authentication provider identifiers.
- Profile data: display name and profile preferences you set.
- Mood and wellness content: mood check-ins, notes, journal-like exercise responses, progress markers.
- Usage data: feature interactions, screen views, and app events.
- Diagnostics: crash and error data, technical logs, and device/app environment information.
3. Sensitive Data Notice
Content you enter in wellness exercises may contain health-related or other sensitive personal data. You should only submit data you are comfortable sharing with the Service.
4. Why We Process Data (Purposes)
- Provide authentication and account access.
- Save and sync your progress and in-app content across sessions/devices.
- Deliver app features, personalization, and continuity of use.
- Maintain security, prevent abuse, and debug technical incidents.
- Measure app performance and usage to improve stability and quality.
5. Legal Bases (GDPR)
- Performance of a contract (Art. 6(1)(b) GDPR): to provide the app you request.
- Legitimate interests (Art. 6(1)(f) GDPR): service security, reliability, and product improvement.
- Consent (Art. 6(1)(a) GDPR, and Art. 9(2)(a) where applicable): when required for specific processing.
- Legal obligations (Art. 6(1)(c) GDPR): where retention or disclosure is legally required.
6. Processors and Third Parties
MindSteer uses third-party infrastructure providers to operate the app, including:
- Firebase Authentication (account authentication)
- Cloud Firestore (data storage and sync)
- Firebase Analytics / Google Analytics for Firebase (usage analytics)
- Firebase Crashlytics (crash/error reporting)
- Login providers enabled in the app, such as Google or Facebook
MindSteer does not sell your personal data.
7. International Data Transfers
If data is transferred outside the EEA/UK, MindSteer relies on recognized legal transfer mechanisms offered by its providers (such as Standard Contractual Clauses), where required.
8. Data Retention
- Account and in-app content are generally retained while your account is active.
- When you delete your account in the app, associated data is deleted from app systems.
- Limited technical backup/log retention may remain for a short period where technically necessary.
9. Security
MindSteer applies reasonable technical and organizational safeguards, including access controls and encryption in transit, to reduce unauthorized access risk.
10. Your Rights
Depending on your jurisdiction, including GDPR where applicable, you may have rights to access, rectify, erase, restrict, object, and request portability of your personal data, and to withdraw consent where processing is consent-based.
You may also lodge a complaint with a supervisory authority. In Spain, this is the Agencia Espanola de Proteccion de Datos (AEPD).
11. How to Exercise Rights
- Delete account/data directly in the app (see Data Deletion page).
- For other privacy requests, contact: privacy@mindsteer.app
12. Children
MindSteer is not intended for children under 16. If you believe a child provided personal data, contact us to request removal.
13. Policy Updates
This Privacy Policy may be updated from time to time. Material changes will be reflected by updating the "Last updated" date.