Privacy Policy

ThothMind ("we", "our", or "us") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we protect it. We designed ThothMind with a privacy-first architecture: your most sensitive data never leaves your device.

On-device only (never transmitted)

• Your name and personal profile settings
• Mood entries and journal notes
• Session history and audio recordings
• Personal meditation preferences

Cloud-stored (anonymized)

• Anonymized session summaries used to improve AI generation quality
• Subscription status and account management data
• Email address (waitlist, account login, support)
• App usage analytics (feature usage frequency, session completion rates — no personally identifiable information)

We work with the following service providers, each bound by their own data processing agreements:

• Supabase — Authentication and edge function infrastructure (EU and US data centers)
• AI Service Providers — AI-generated meditation scripts (anonymized context only)
• AI Voice Synthesis Providers — High-quality audio generation (text only, no personal data)
• RevenueCat — Subscription management and payment processing
• Vercel — Website hosting (thothmind.app)
• Resend — Transactional email (waitlist confirmations, support)

We do not sell your data to any third party. We do not use your data for advertising.

Mood data entered in ThothMind is wellness data, not medical data. ThothMind is not a medical device and is not subject to HIPAA. We do not collect or process data that would qualify as Protected Health Information (PHI) under US law or Special Categories of personal data under GDPR.

ThothMind is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@thothmind.app.

Depending on your jurisdiction, you may have the following rights:

• Access — Request a copy of the data we hold about you
• Deletion — Request deletion of your account and associated cloud data
• Portability — Receive your data in a structured, machine-readable format
• Opt-out — Opt out of any analytics or marketing communications
• Correction — Request correction of inaccurate data

To exercise any of these rights, contact us at privacy@thothmind.app. We respond within 30 days.

• On-device data is deleted when you uninstall the app
• Cloud account data is deleted within 30 days of account deletion request
• Anonymized session metadata is retained for up to 24 months for AI improvement
• Email addresses are retained until you unsubscribe or request deletion

We use industry-standard security measures: TLS encryption in transit, AES-256 encryption at rest for cloud data, and row-level security in our database. On-device data is protected by your device's native security (Secure Enclave on iOS, Keystore on Android).

ThothMind is operated from Dubai, UAE. If you are in the EU/EEA, your data may be transferred to countries outside the EEA. We ensure appropriate safeguards are in place through Standard Contractual Clauses where required.

We will notify you of material changes to this policy via email (if we have your address) or an in-app notification at least 14 days before the changes take effect.

Privacy questions: privacy@thothmind.app

ThothMind | Dubai, United Arab Emirates