Myndo
← Back to Home

Myndo Privacy Policy

Last Updated: May 20, 2025

1. Our Privacy-First Commitment

At Myndo, privacy isn't just a legal requirement—it's a core value and feature of our service. We believe that mental health support should be private and accessible, which is why:

  • We don't even know your name. As a deliberate privacy protection, we do not collect your real name.
  • We minimize data collection. We only collect what's absolutely necessary to provide and improve our Service.
  • We prioritize your mental health privacy. We recognize the sensitive nature of mental health data and apply additional protections.
  • You control your data. You own your data and can delete it when you choose.
  • We're transparent. We clearly disclose what data we collect and why.

This Privacy Policy explains how Nelumbo Labs LLC ("Myndo," "we," "our," or "us") collects, uses, shares, and protects your information when you use our voice-based AI mental health assistant service, including our website, applications, and related services (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide to Us

When you use our Service, you may provide us with the following information:

  • Account Information: We collect your email address for authentication purposes. Importantly, we deliberately do not collect your real name as part of our privacy-first approach.
  • Voice Inputs: When you speak to Myndo, we process your voice in real-time for transcription. We do not store your voice recordings.
  • Conversation Transcripts: We store text transcripts of your conversations with Myndo to provide personalized support and improve our Service.
  • Personalized Insights: We use AI to analyze your conversation transcripts to generate personalized insights that help us provide tailored mental health support. These insights may include patterns in your communication, preferences, wellness indicators, emotional states, and other information relevant to your mental health journey.
  • Payment Information: If you subscribe to Myndo, we collect payment information through our payment processor, Stripe. We do not store complete credit card information on our servers.

2.2 Information We Collect Automatically

When you use our Service, we may automatically collect the following information:

  • Usage Data: Information about how you interact with the Service, including the features you use, the time and duration of your sessions, and your interaction patterns.
  • Session Events: Events and actions taken during your sessions with Myndo.
  • Analytics Data: We use analytics tools to collect anonymized usage data which helps us improve the Service. This may include information about your device (such as IP address, browser type, operating system) and how you interact with our platform.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Personalize your experience with Myndo
  • Generate personalized insights to better understand and support your mental health needs
  • Process your payments and manage your account
  • Communicate with you about the Service
  • Monitor and analyze usage patterns and trends
  • Protect the security and integrity of the Service
  • Comply with legal obligations

Important Note on Voice Processing and Personalized Insights: Your voice inputs are processed in real-time for transcription purposes only. We do not store audio recordings of your voice—only the text transcripts derived from your voice inputs. These transcripts are analyzed by our AI to generate personalized insights that help us provide tailored support. These insights are treated with the same level of confidentiality and protection as your other personal information.

4. Technical Infrastructure and Data Processing

To provide our Service, we use a combination of secure technologies:

  • Web Application Infrastructure: Our web application is built using modern web frameworks and hosted on secure cloud infrastructure.
  • Databases: We use different database systems to securely store different types of data:
    • One database system for session data, transcripts, and personalized insights
    • Another database system for user profile information (e.g., payment status)
  • Analytics: We use industry-standard analytics tools for service improvement
  • Authentication: We use third-party authentication services to securely manage user accounts
  • Voice Processing: Our voice-based interface relies on technologies for real-time audio communication, speech-to-text transcription, and text-to-speech conversion
  • AI Technology: We leverage AI language model capabilities from established providers
  • Payment Processing: Payments are handled by a trusted third-party payment processor

All data is transmitted using encryption protocols and stored in secure, encrypted databases.

5. How We Share Your Information

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who help us operate, provide, improve, and market the Service. These service providers may include:

  • Authentication providers
  • Payment processors
  • Web hosting and infrastructure services
  • Database service providers
  • Analytics services
  • Voice processing services
  • AI technology providers

These service providers are authorized to use your information only as necessary to provide services to us and are required to maintain the confidentiality of your information.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. In such event, we will require any acquiring entity to honor the commitments in this Privacy Policy and to:

  • Use your data solely for the purpose of providing the Service
  • Maintain at least the same level of data protection
  • Not use your data or personalized insights for advertising, marketing to you, or for sale to data brokers
  • Provide you with advance notice and the option to delete your account and all associated data prior to the transfer

We will notify you via email and/or a prominent notice on our website of any change in ownership and provide options for your data before the transfer occurs.

Following any business transfer, the acquiring entity may modify, update, or discontinue certain aspects of the Service, or change the terms and functionality, at their discretion and in accordance with the Terms and Conditions.

5.4 With Your Consent

We may share your information with third parties when we have your consent to do so.

6. Data Retention and Deletion

We retain your information only for as long as necessary to provide the Service. When you delete your account:

  • All your personal information, including your email, payment data, and profile details, is permanently deleted.
  • All conversation transcripts, personalized insights, and session data are irreversibly deleted from our databases.
  • Any data in our system backups will be overwritten in the normal course of business and will not be accessible for any operational use.

We do not retain anonymized versions of your mental health conversations or insights after account deletion. When you leave, your story leaves with you.

7. Your Rights and Choices

7.1 Account Information

You can update your account information, including your email address and payment information, through your account settings.

7.2 Data Access and Portability

You have the right to access the personal information we hold about you and to receive a copy of this information in a structured, commonly used, and machine-readable format.

7.3 Data Correction

You have the right to correct inaccurate or incomplete personal information we hold about you.

7.4 Data Deletion

You have the right to request the deletion of your personal information. You can delete your account and associated data through your account settings.

7.5 Communication Preferences

You can opt out of receiving promotional communications from us by following the instructions provided in those communications or through your account settings.

8. California Privacy Rights

If you are a California resident, you have the rights provided by the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect about you
  • The right to request deletion of your personal information
  • The right to opt-out of the sale of your personal information (note that we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To exercise your California privacy rights, please contact us at privacy@myndo.ai.

9. Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. International Data Transfers

We are based in the United States, and the information we collect is governed by U.S. law. If you are accessing the Service from outside the United States, please be aware that information collected through the Service may be transferred to, processed, stored, and used in the United States and other jurisdictions. Your use of the Service or provision of any information therefore constitutes your consent to the transfer, processing, storage, and use of your information in the United States and other jurisdictions, which may not provide the same level of data protection as your jurisdiction.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

12. Changes to This Privacy Policy and the Service

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Additionally, we reserve the right to modify, suspend, or discontinue the Service (or any part or content thereof) at any time with or without notice. We will not be liable to you or to any third party for any modification, suspension, or discontinuation of the Service, or any features, components, or content thereof.

13. Data Protection Commitment

We are committed to protecting your data beyond standard privacy practices. Our commitments include:

13.1 Purpose Limitation

Your data, including conversation transcripts and personalized insights, will only ever be used for:

  • Providing and improving the Service
  • Personalizing your experience with Myndo
  • Research to improve mental health support (only with anonymized data)

13.2 Irrevocable Commitments

We make the following irrevocable commitments regarding your data:

  • We will never sell your data to third parties
  • We will never use your data for advertising purposes
  • We will never use personalized insights derived from your conversations for any purpose other than providing the Service to you
  • These commitments survive any change in ownership, acquisition, or business transfer

13.3 Technical Safeguards

We implement the following technical safeguards:

  • Encryption of all data in transit and at rest
  • Access controls limiting internal access to your data
  • Regular security audits and vulnerability testing
  • Data minimization practices

13.4 Financial Disincentives

To align our business interests with your privacy:

  • Our business model is subscription-based, not advertising-based
  • We deliberately avoid collecting data that could be monetized through advertising
  • Our privacy commitments are contractually binding, even in the event of acquisition

13.5 Transparency Reports

We will publish annual transparency reports detailing:

  • Types of government requests for data received, if any
  • Our response to such requests
  • Changes to our privacy practices
  • Data incident reports, if any

14. Personalized Insights Protection

We use AI technologies to analyze your conversation transcripts and generate personalized insights to provide tailored mental health support. These insights may include patterns in your communication, preferences, wellness indicators, emotional states, and other information that helps us understand your needs better. We recognize the sensitive nature of these insights and apply additional protections:

  • Limited Use: Personalized insights are used solely to tailor and improve your experience with the Service.
  • Never for Advertising: These insights will never be used for targeted advertising or marketing.
  • No Third-Party Sharing: We do not share your personalized insights with third parties, except as strictly necessary to provide the Service.
  • Protection in Transfer: In the event of a business transfer, the restrictions on the use of personalized insights will transfer with the data.
  • Deletion upon Request: You can request deletion of your personalized insight data at any time through your account settings.
  • Automated Generation: Personalized insights are generated through automated AI processing of your conversation transcripts.
  • No Human Review Without Consent: Your personalized insight data is not routinely reviewed by humans. However, to improve our Service, we may have authorized employees or contractors review pseudonymized conversation transcripts (identified only by user_id with no other identifying information).

We believe that these additional protections are essential for maintaining trust while providing effective mental health support.

15. Limitations of AI-Based Support

Myndo is powered by AI and provides probabilistic responses based on the language you speak. While we strive to ensure accuracy and usefulness, AI can misunderstand your intent, produce irrelevant or incorrect information, or fail to detect important emotional nuance.

Please note:

  • Myndo does not understand tone, sarcasm, or intent beyond your literal words.
  • Myndo is not a substitute for human therapists or clinicians.
  • Myndo may generate responses that feel helpful, but they should not be taken as medical, psychological, or legal advice.

Always consult a qualified mental health professional for medical decisions.

16. Voice and Biometric Data

We do not retain or analyze biometric identifiers, including your voice recordings or voiceprints. Your voice is processed in real-time for transcription purposes using third-party speech-to-text providers, and no audio data is stored or retained by Myndo or its subprocessors.

Similarly, when we generate voice responses through our text-to-speech service, we do not store these audio files after they are delivered to you.

We do not use any biometric data for identification, authentication, or profiling. Our voice processing is strictly limited to enabling conversation with our AI assistant and does not involve creating or storing biometric templates of your voice.

17. International Users and GDPR Rights

If you are a resident of the European Union, United Kingdom, or other jurisdiction with data protection laws, you may have the following additional rights under the General Data Protection Regulation (GDPR) or similar laws:

  • The right to access, rectify, or erase your personal data
  • The right to object to or restrict processing of your personal data
  • The right to data portability
  • The right to withdraw consent at any time, where consent is the legal basis
  • The right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at privacy@myndo.ai. While our service is primarily designed for users in the United States, we respect and will make reasonable efforts to honor the privacy rights of all users regardless of location.

17.1 Legal Basis for Processing

For users in the EU, we process your personal data on the following legal bases:

  • Performance of the contract we have with you (providing the Service)
  • Your consent, where explicitly required
  • Our legitimate interests, which do not override your fundamental rights and freedoms
  • Compliance with legal obligations

17.2 Data Protection Representative

For users in the EU, you may contact our data protection representative at: privacy@myndo.ai

18. AI Transparency Commitment

As part of our commitment to transparency, we make information about our AI agents publicly available. This includes general descriptions of how our AI agents work together to provide mental health support. While we protect specific proprietary details about our AI architecture, we believe users should understand the general principles of the AI systems they interact with.

19. Data Pseudonymization and Human Review

19.1 Pseudonymization of Conversations and Database Separation

We store your conversation transcripts and personalized insights in our MongoDB database with only a user_id and no direct identifiers that link to your real identity. This process, known as pseudonymization, provides an added layer of privacy protection.

As an additional security measure, we deliberately separate your identifying information (stored in NeonDB and Clerk) from your conversation data (stored in MongoDB). This architectural decision creates a technical separation that provides enhanced protection - even in the unlikely event that one database is compromised, an attacker would not have access to both your identity and your mental health conversations. This separation of databases is part of our privacy-by-design approach.

It's important to note that this data is technically pseudonymized rather than fully anonymized because a user_id could theoretically be linked back to your account if someone had access to both databases.

19.2 Human Review for Service Improvement

To improve the quality and effectiveness of our Service, we may have authorized employees or contractors review pseudonymized conversation transcripts. These reviewers only see:

  • A user_id (not your email address or any other identifying information)
  • Conversation transcripts
  • Derived personalized insights

They do not have access to your contact information or other account details, and are bound by strict confidentiality agreements.

19.3 Research Use

We may use aggregated and pseudonymized conversation data for research aimed at improving mental health support. Any research findings will be presented in aggregate form and will not include information that could identify individual users.

20. Contact Us

Support Email: help@myndo.ai
Privacy Email: privacy@myndo.ai
Legal Mailing Address:
Nelumbo Labs LLC
c/o Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713
United States

By using Myndo, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.