Myndo
← Back to Home

Myndo Privacy Policy

Last Updated: December 28, 2025

1. Our Privacy-First Commitment

At Myndo, privacy isn't just a legal requirement—it's a core value and feature of our service. We believe that mental health support should be private and accessible, which is why:

  • We minimize data collection. We only collect what is absolutely necessary to provide and improve our Service.
  • We prioritize your mental health privacy. We recognize the sensitive nature of mental health data and apply additional protections. We are committed to irrevocable data protection commitments (See section 13).
  • You control your data. You own your data and can delete it when you choose.
  • We implement pseudonymization. When you are using Myndo, your data is fully pseudonymized throughout the system, including to third parties (except our authentication provider).
  • Complete deletion. When you delete your account, we permanently delete all your personal content. We retain only minimal billing metadata required by law.
  • We're transparent. We clearly disclose what data we collect and why

This Privacy Policy explains how Nelumbo Labs LLC ("Myndo," "we," "our," or "us") collects, uses, shares, and protects your information when you use our voice-based AI mental health assistant service, including our website, applications, and related services (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide to Us

When you use our Service, you may provide us with the following information:

  • Account Information: We collect your email address for authentication and communication purposes (including marketing communications with your consent). Your name is collected for personalization and may be used by our AI assistant during conversations and in personalized content we generate for you.
  • Timezone Information: We collect your timezone to deliver time-sensitive features at appropriate times.
  • Voice Inputs: When you speak to Myndo, we process your voice in real-time for transcription. We do not store your voice recordings.
  • Conversation Transcripts: We store text transcripts of your conversations with Myndo to provide personalized support and improve our Service.
  • AI-Generated Content: We use AI to analyze your conversation transcripts to generate personalized content including insights, themes, patterns, summaries, and other information to help provide tailored mental health support. This content is used to personalize your experience across the Service.
  • Payment Information: If you subscribe to Myndo, we collect payment information through our payment processor, Stripe. We do not store complete credit card information on our servers.

2.2 Information We Collect Automatically

When you use our Service, we may automatically collect the following information:

  • Usage Data: Information about how you interact with the Service, including the features you use, the time and duration of your sessions, and your interaction patterns.
  • Session Events: Events and actions taken during your sessions with Myndo.
  • Analytics Data: We use analytics tools to collect pseudonymized usage data which helps us improve the Service. This may include information about your device (such as IP address, browser type, operating system) and how you interact with our platform.
  • Push Notification Data: If you enable notifications on our mobile app, we collect device tokens to send you reminders and updates. We also collect basic device information (device identifier, platform) to ensure reliable notification delivery. You can disable notifications at any time through your device settings.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Personalize your experience with Myndo
  • Generate personalized insights to better understand and support your mental health needs
  • Process your payments and manage your account
  • Communicate with you about the Service (see Section 3.1)
  • Monitor and analyze usage patterns and trends
  • Protect the security and integrity of the Service
  • Comply with legal obligations

Important Note on Voice Processing and Personalized Insights: Your voice inputs are processed in real-time for transcription purposes only. We do not store audio recordings of your voice—only the text transcripts derived from your voice inputs. These transcripts are analyzed by our AI to generate personalized insights that help us provide tailored support. These insights are treated with the same level of confidentiality and protection as your other personal information.

3.1 Service Communications

To provide our Service effectively, we may send you communications via email, push notifications, or in-app messages. These may include personalized content, reminders, account notifications, service updates, and other information related to your use of the Service.

You can manage your communication preferences in your account settings. Note that you cannot opt out of essential account and security notifications while maintaining an active account.

3.2 Marketing Communications

With your explicit consent, we may send you marketing communications including:

  • Newsletters: Updates about Myndo features, product news, and company announcements
  • Mental Wellness Content: Tips, insights, and educational content related to mental health and well-being
  • Promotional Offers: Information about subscription offers, discounts, or special programs

Consent-Based Only: Marketing communications are strictly opt-in. We will only send you marketing emails if you have explicitly consented, either during sign-up or through your account settings.

How We Obtain Consent: We ask for your marketing consent through a clear prompt when you first use the Service, or you can enable marketing communications at any time in your account settings.

Withdrawing Consent: You can withdraw your consent at any time by:

  • Clicking the "Unsubscribe" link in any marketing email
  • Updating your preferences in Settings > Emails within the app
  • Contacting us at privacy@myndo.ai

We will process your opt-out request promptly, and in any case within 10 business days.

Transactional vs. Marketing: Even if you opt out of marketing communications, you will still receive essential transactional communications such as account security alerts, billing notifications, and critical service announcements. These are necessary for us to provide the Service and are not considered marketing.

4. Technical Infrastructure and Data Processing

To provide our Service, we use a combination of secure technologies:

  • Web Application Infrastructure: Our web application is built using modern web frameworks and hosted on secure cloud infrastructure.
  • Databases: We use different database systems to securely store different types of data:
    • One database system for session data, transcripts, and personalized insights
    • Another database system for user profile information (e.g., payment status)
  • Analytics: We use industry-standard analytics tools for service improvement
  • Authentication: We use third-party authentication services to securely manage user accounts
  • Voice Processing: Our voice-based interface relies on technologies for real-time audio communication, speech-to-text transcription, and text-to-speech conversion
  • AI Technology: We leverage AI language model capabilities from established providers
  • Payment Processing: Payments are handled by a trusted third-party payment processor

All data is transmitted using encryption protocols and stored in secure, encrypted databases.

5. How We Share Your Information

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

We work with carefully selected third-party service providers to operate Myndo. These providers process data only on our behalf and under strict contractual obligations to protect your information. Our service providers include:

  • Authentication providers to securely manage your account access
  • Cloud infrastructure and database providers to store and process your data securely
  • Real-time communication infrastructure to enable voice conversations
  • Speech recognition services to transcribe voice to text (we do not store voice recordings)
  • AI language model providers to power our conversational AI assistant
  • Text-to-speech services to generate voice responses
  • Analytics providers to understand how users interact with our service (using pseudonymized data)
  • Payment processors (Stripe) to handle subscription billing securely
  • Push notification services to deliver reminders and alerts to your device

All service providers are bound by data processing agreements that restrict their use of your data to providing services to us and require appropriate security measures.

5.1.1 Enhanced Privacy Through Data Minimization

Privacy Leadership Through Pseudonymization: When sharing data with service providers, we use pseudonymized identifiers rather than your real identity. Third-party services receive only cryptographically-generated user IDs, ensuring they cannot identify you personally. This includes:

  • Voice processing services (receive pseudonymized session identifiers only)
  • AI language model providers (receive pseudonymized user context only)
  • Analytics services (receive pseudonymized usage data only)
  • Database services (store conversation data with pseudonymized user IDs only)

This privacy-by-design approach goes beyond industry standards to ensure your mental health conversations remain confidential even from our service providers.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. In such event, we will require any acquiring entity to honor the commitments in this Privacy Policy and to:

  • Use your data solely for the purpose of providing the Service
  • Maintain at least the same level of data protection
  • Not use your data or personalized insights for advertising, marketing to you, or for sale to data brokers
  • Provide you with advance notice and the option to delete your account and all associated data prior to the transfer

We will notify you via email and/or a prominent notice on our website of any change in ownership and provide options for your data before the transfer occurs.

Following any business transfer, the acquiring entity may modify, update, or discontinue certain aspects of the Service, or change the terms and functionality, at their discretion and in accordance with the Terms and Conditions.

5.4 With Your Consent

We may share your information with third parties when we have your consent to do so.

6. Data Retention and Deletion

We retain your personal information only for as long as necessary to provide the Service.

6.1 Complete Deletion of Personal Content

When you delete your account, we permanently delete all your personal content from our systems:

  • All your personal information, including your email, profile details, and account data, is permanently deleted.
  • All conversation transcripts are permanently deleted.
  • All memories, insights, and AI-generated content are permanently deleted.
  • All topics, weekly reviews, and personalized content are permanently deleted.
  • Any data in our system backups will be overwritten in the normal course of business.

6.2 Billing Metadata Retention

To comply with financial record-keeping requirements and support billing dispute resolution, we retain minimal non-personal metadata:

  • Session timestamps and durations (when sessions started and ended, how long they lasted)
  • Usage metrics (token counts, not content)
  • Payment processor references (e.g., Stripe customer ID, if applicable)

This billing metadata contains no personal content, conversation text, or identifying information beyond what is necessary for financial records. It is retained for up to 7 years as required by law, then automatically deleted.

6.3 Why Complete Deletion

We believe complete deletion of personal content provides the strongest privacy protection:

  • No ambiguity: Your conversations and insights are gone, not "anonymized"
  • Privacy-first: Aligns with our commitment to mental health privacy
  • GDPR/CCPA compliant: Meets the highest standards for the "right to erasure"

When you leave, your story leaves with you.

7. Your Rights and Choices

7.1 Account Information

You can update your account information, including your email address and payment information, through your account settings.

7.2 Data Access and Portability

You have the right to access the personal information we hold about you and to receive a copy of this information in a structured, commonly used, and machine-readable format.

7.3 Data Correction

You have the right to correct inaccurate or incomplete personal information we hold about you.

7.4 Data Deletion

You have the right to request the deletion of your personal information. You can delete your account and associated data through your account settings, which triggers permanent deletion of all your personal content (see Section 6).

7.5 Communication Preferences

You can opt out of receiving promotional communications from us by following the instructions provided in those communications or through your account settings.

By opting in to marketing communications, you agree to receive promotional emails, newsletters, and updates from Myndo. You can withdraw your consent at any time from the application settings.

8. California Privacy Rights

If you are a California resident, you have the rights provided by the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect about you
  • The right to request deletion of your personal information
  • The right to opt-out of the sale of your personal information (note that we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To exercise your California privacy rights, please contact us at privacy@myndo.ai.

9. Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. International Data Transfers

We are based in the United States, and the information we collect is governed by U.S. law. If you are accessing the Service from outside the United States, please be aware that information collected through the Service may be transferred to, processed, stored, and used in the United States and other jurisdictions. Your use of the Service or provision of any information therefore constitutes your consent to the transfer, processing, storage, and use of your information in the United States and other jurisdictions, which may not provide the same level of data protection as your jurisdiction.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

12. Changes to This Privacy Policy and the Service

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Additionally, we reserve the right to modify, suspend, or discontinue the Service (or any part or content thereof) at any time with or without notice. We will not be liable to you or to any third party for any modification, suspension, or discontinuation of the Service, or any features, components, or content thereof.

13. Data Protection Commitment

We are committed to protecting your data beyond standard privacy practices. Our commitments include:

13.1 Purpose Limitation

Your data, including conversation transcripts and personalized insights, will only ever be used for:

  • Providing and improving the Service
  • Personalizing your experience with Myndo

13.2 Irrevocable Commitments

We make the following irrevocable commitments regarding your data:

  • We will never sell your data to third parties
  • We will never use your data for advertising purposes
  • We will never use personalized insights derived from your conversations for any purpose other than providing the Service to you
  • These commitments survive any change in ownership, acquisition, or business transfer.

13.3 Technical Safeguards

We implement the following technical safeguards:

  • Encryption of all data in transit and at rest
  • Access controls limiting internal access to your data
  • Regular security audits and vulnerability testing
  • Data minimization practices
  • Pseudonymization for both third-party providers and internal use

13.4 Financial Disincentives

To align our business interests with your privacy:

  • Our business model is subscription-based, not advertising-based
  • We deliberately avoid collecting data that could be monetized through advertising
  • Our privacy commitments are contractually binding, even in the event of acquisition

13.5 Transparency Reports

We will publish annual transparency reports detailing:

  • Types of government requests for data received, if any
  • Our response to such requests
  • Changes to our privacy practices
  • Data incident reports, if any

14. Personalized Insights Protection

We use AI technologies to analyze your conversation transcripts and generate personalized insights to provide tailored mental health support. These insights may include patterns in your communication, preferences, wellness indicators, emotional states, and other information that helps us understand your needs better. We recognize the sensitive nature of these insights and apply additional protections:

  • Limited Use: Personalized insights are used solely to tailor and improve your experience with the Service.
  • Never for Advertising: These insights will never be used for targeted advertising or marketing.
  • No Third-Party Sharing: We do not share your personalized insights with third parties, except as strictly necessary to provide the Service.
  • Protection in Transfer: In the event of a business transfer, the restrictions on the use of personalized insights will transfer with the data.
  • Complete Deletion: Your personalized insights are permanently deleted when you delete your account (see Section 6).
  • Automated Generation: Personalized insights are generated through automated AI processing of your conversation transcripts.
  • Limited Human Review: Your personalized insight data is not routinely reviewed by humans. However, to improve our Service, we may have authorized employees or contractors review pseudonymized conversation transcripts (identified only by pseudonymized_user_id with no other identifying information).

We believe that these additional protections are essential for maintaining trust while providing effective mental health support.

15. Limitations of AI-Based Support

Myndo is powered by AI and provides probabilistic responses based on the language you speak. While we strive to ensure accuracy and usefulness, AI can misunderstand your intent, produce irrelevant or incorrect information, or fail to detect important emotional nuance.

Please note:

  • Myndo does not understand tone, sarcasm, or intent beyond your literal words.
  • Myndo is not a substitute for human therapists or clinicians.
  • Myndo may generate responses that feel helpful, but they should not be taken as medical, psychological, or legal advice.

Always consult a qualified mental health professional for medical decisions.

16. Voice and Biometric Data

We do not retain or analyze biometric identifiers, including your voice recordings or voiceprints. Your voice is processed in real-time for transcription purposes using third-party speech-to-text providers, and no audio data is stored or retained by Myndo or its subprocessors.

Similarly, when we generate voice responses through our text-to-speech service, we do not store these audio files after they are delivered to you.

We do not use any biometric data for identification, authentication, or profiling. Our voice processing is strictly limited to enabling conversation with our AI assistant and does not involve creating or storing biometric templates of your voice.

17. International Users and GDPR Rights

If you are a resident of the European Union, United Kingdom, or other jurisdiction with data protection laws, you may have the following additional rights under the General Data Protection Regulation (GDPR) or similar laws:

  • The right to access, rectify, or erase your personal data
  • The right to object to or restrict processing of your personal data
  • The right to data portability
  • The right to withdraw consent at any time, where consent is the legal basis
  • The right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at privacy@myndo.ai. While our service is primarily designed for users in the United States, we respect and will make reasonable efforts to honor the privacy rights of all users regardless of location.

17.1 Legal Basis for Processing

For users in the EU, we process your personal data on the following legal bases:

  • Performance of contract: Providing the Service you requested
  • Consent: Marketing communications (you may withdraw consent at any time via account settings or unsubscribe links)
  • Legitimate interests: Service improvement and security, which do not override your fundamental rights and freedoms
  • Legal compliance: Where required by law

17.2 Data Protection Representative

For users in the EU, you may contact our data protection representative at: privacy@myndo.ai

18. AI Transparency Commitment

As part of our commitment to transparency, we make information about our AI agents publicly available. This includes general descriptions of how our AI agents work together to provide mental health support. While we protect specific proprietary details about our AI architecture, we believe users should understand the general principles of the AI systems they interact with.

19. Data Pseudonymization and Database Separation

19.1 Privacy-by-Design Architecture

We store your conversation transcripts and personalized insights in our database with only a pseudonymized_user_id and no direct identifiers that link to your real identity. This process, known as pseudonymization, provides an added layer of privacy protection.

As an additional security measure, we deliberately separate your identifying information from your conversation data into different databases. This architectural decision creates a technical separation that provides enhanced protection - even in the unlikely event that one database is compromised, an attacker would not have access to both your identity and your mental health conversations. This separation of databases is part of our privacy-by-design approach.

19.2 Human Access to Your Data

Myndo is designed so that our team members do not need to access your personal data during normal operations. Our systems use pseudonymized identifiers that prevent casual identification.

Support Access: If you contact us for support and resolution requires reviewing your account or conversation data, we will ask you to explicitly grant access. You can do this by generating a temporary access code in your account settings. This code:

  • Is valid for a limited time period (you choose the duration)
  • Allows our support team to view your records while assisting you
  • Automatically expires, ending access
  • Can be revoked by you at any time

Without an active access code, our team members can only view anonymized or pseudonymized data that cannot be linked to your identity.

Exceptions: We may access identifiable data without a user-generated code only:

  • To comply with valid legal process (court order, subpoena)
  • To address imminent safety concerns
  • To investigate fraud or abuse

Any such access is logged and subject to internal review.

19.3 Pseudonymized Review for Service Improvement

To improve the quality and effectiveness of our Service, we may have authorized employees or contractors review pseudonymized conversation transcripts. These reviewers only see:

  • A pseudonymized_user_id (not your name, email address or any other identifying information)
  • Conversation transcripts
  • Derived personalized insights

They do not have access to your contact information or other account details, and are bound by strict confidentiality agreements.

19.4 Service Improvement

We may analyze pseudonymized conversation data while you are an active user to improve our Service. When you delete your account, all your conversation data is permanently deleted and is not retained for research purposes.

20. Contact Us

Support Email: help@myndo.ai
Privacy Email: privacy@myndo.ai
Legal Mailing Address:
Nelumbo Labs LLC
c/o Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713
United States

By using Myndo, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.