Myndo
← Back to Home

Myndo Privacy Policy

Last Updated: August 9, 2025

1. Our Privacy-First Commitment

At Myndo, privacy isn't just a legal requirement—it's a core value and feature of our service. We believe that mental health support should be private and accessible, which is why:

  • We minimize data collection. We only collect what is absolutely necessary to provide and improve our Service. E.g. as a deliberate privacy protection, we do not collect your real name.
  • We prioritize your mental health privacy. We recognize the sensitive nature of mental health data and apply additional protections. We are committed to irrevocable data protection commitments (See section 13).
  • You control your data. You own your data and can delete it when you choose.
  • We implement pseudonymization and anonymization. When you are using Myndo, your data is fully pseudonymized throughout the system, including to third parties (except our authentication provider). When you delete your account, your data becomes truly anonymous and irreversibly untraceable.
  • We're transparent. We clearly disclose what data we collect and why

This Privacy Policy explains how Nelumbo Labs LLC ("Myndo," "we," "our," or "us") collects, uses, shares, and protects your information when you use our voice-based AI mental health assistant service, including our website, applications, and related services (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide to Us

When you use our Service, you may provide us with the following information:

  • Account Information: We collect your email address for authentication purposes. Importantly, we deliberately do not collect your real name as part of our privacy-first approach.
  • Voice Inputs: When you speak to Myndo, we process your voice in real-time for transcription. We do not store your voice recordings.
  • Conversation Transcripts: We store text transcripts of your conversations with Myndo to provide personalized support and improve our Service.
  • Personalized Insights: We use AI to analyze your conversation transcripts to generate personalized insights that help us provide tailored mental health support. These insights may include patterns in your communication, preferences, wellness indicators, emotional states, and other information relevant to your mental health journey.
  • Payment Information: If you subscribe to Myndo, we collect payment information through our payment processor, Stripe. We do not store complete credit card information on our servers.

2.2 Information We Collect Automatically

When you use our Service, we may automatically collect the following information:

  • Usage Data: Information about how you interact with the Service, including the features you use, the time and duration of your sessions, and your interaction patterns.
  • Session Events: Events and actions taken during your sessions with Myndo.
  • Analytics Data: We use analytics tools to collect pseudonymized usage data which helps us improve the Service. This may include information about your device (such as IP address, browser type, operating system) and how you interact with our platform.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Personalize your experience with Myndo
  • Generate personalized insights to better understand and support your mental health needs
  • Process your payments and manage your account
  • Communicate with you about the Service
  • Monitor and analyze usage patterns and trends
  • Protect the security and integrity of the Service
  • Comply with legal obligations

Important Note on Voice Processing and Personalized Insights: Your voice inputs are processed in real-time for transcription purposes only. We do not store audio recordings of your voice—only the text transcripts derived from your voice inputs. These transcripts are analyzed by our AI to generate personalized insights that help us provide tailored support. These insights are treated with the same level of confidentiality and protection as your other personal information.

4. Technical Infrastructure and Data Processing

To provide our Service, we use a combination of secure technologies:

  • Web Application Infrastructure: Our web application is built using modern web frameworks and hosted on secure cloud infrastructure.
  • Databases: We use different database systems to securely store different types of data:
    • One database system for session data, transcripts, and personalized insights
    • Another database system for user profile information (e.g., payment status)
  • Analytics: We use industry-standard analytics tools for service improvement
  • Authentication: We use third-party authentication services to securely manage user accounts
  • Voice Processing: Our voice-based interface relies on technologies for real-time audio communication, speech-to-text transcription, and text-to-speech conversion
  • AI Technology: We leverage AI language model capabilities from established providers
  • Payment Processing: Payments are handled by a trusted third-party payment processor

All data is transmitted using encryption protocols and stored in secure, encrypted databases.

5. How We Share Your Information

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who help us operate, provide, improve, and market the Service. These service providers may include:

  • Authentication providers
  • Payment processors
  • Web hosting and infrastructure services
  • Database service providers
  • Analytics services
  • Voice processing services
  • AI technology providers

These service providers are authorized to use your information only as necessary to provide services to us and are required to maintain the confidentiality of your information.

5.1.1 Enhanced Privacy Through Data Minimization

Privacy Leadership Through Pseudonymization: When sharing data with service providers, we use pseudonymized identifiers rather than your real identity. Third-party services receive only cryptographically-generated user IDs, ensuring they cannot identify you personally. This includes:

  • Voice processing services (receive pseudonymized session identifiers only)
  • AI language model providers (receive pseudonymized user context only)
  • Analytics services (receive pseudonymized usage data only)
  • Database services (store conversation data with pseudonymized user IDs only)

This privacy-by-design approach goes beyond industry standards to ensure your mental health conversations remain confidential even from our service providers.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. In such event, we will require any acquiring entity to honor the commitments in this Privacy Policy and to:

  • Use your data solely for the purpose of providing the Service
  • Maintain at least the same level of data protection
  • Not use your data or personalized insights for advertising, marketing to you, or for sale to data brokers
  • Provide you with advance notice and the option to delete your account and all associated data prior to the transfer

We will notify you via email and/or a prominent notice on our website of any change in ownership and provide options for your data before the transfer occurs.

Following any business transfer, the acquiring entity may modify, update, or discontinue certain aspects of the Service, or change the terms and functionality, at their discretion and in accordance with the Terms and Conditions.

5.4 With Your Consent

We may share your information with third parties when we have your consent to do so.

6. Data Retention and Superior Anonymization

We retain your personal information only for as long as necessary to provide the Service.

6.1 True Anonymization Through Cryptographic Mapping Destruction

When you delete your account:

  • All your personal information, including your email, payment data, and profile details, is permanently deleted from our systems.
  • Your conversation transcripts and insights are transformed into truly anonymous data through the irreversible destruction of the cryptographic mapping that links them to your identity.
  • This anonymized data cannot be traced back to you in any way and may be retained to improve mental health support for future users.
  • Any data in our system backups will be overwritten in the normal course of business and will not be accessible for any operational use.

6.2 Why This Approach is Superior

This approach provides superior privacy protection compared to traditional deletion methods because:

  • True anonymization: Once the mapping is destroyed, your data becomes genuinely untraceable. No one, not even us, can link it back to you
  • Enables continued research: The anonymized data helps us improve the product and mental health support for future users
  • GDPR compliant: True anonymization meets the highest standards for the "right to erasure"

When you leave, your identity leaves with you, but your contribution to improving mental health care can continue anonymously.

7. Your Rights and Choices

7.1 Account Information

You can update your account information, including your email address and payment information, through your account settings.

7.2 Data Access and Portability

You have the right to access the personal information we hold about you and to receive a copy of this information in a structured, commonly used, and machine-readable format.

7.3 Data Correction

You have the right to correct inaccurate or incomplete personal information we hold about you.

7.4 Data Deletion

You have the right to request the deletion of your personal information. You can delete your account and associated data through your account settings, which triggers our deletion and anonymization process.

7.5 Communication Preferences

You can opt out of receiving promotional communications from us by following the instructions provided in those communications or through your account settings.

8. California Privacy Rights

If you are a California resident, you have the rights provided by the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect about you
  • The right to request deletion of your personal information
  • The right to opt-out of the sale of your personal information (note that we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To exercise your California privacy rights, please contact us at privacy@myndo.ai.

9. Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. International Data Transfers

We are based in the United States, and the information we collect is governed by U.S. law. If you are accessing the Service from outside the United States, please be aware that information collected through the Service may be transferred to, processed, stored, and used in the United States and other jurisdictions. Your use of the Service or provision of any information therefore constitutes your consent to the transfer, processing, storage, and use of your information in the United States and other jurisdictions, which may not provide the same level of data protection as your jurisdiction.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

12. Changes to This Privacy Policy and the Service

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Additionally, we reserve the right to modify, suspend, or discontinue the Service (or any part or content thereof) at any time with or without notice. We will not be liable to you or to any third party for any modification, suspension, or discontinuation of the Service, or any features, components, or content thereof.

13. Data Protection Commitment

We are committed to protecting your data beyond standard privacy practices. Our commitments include:

13.1 Purpose Limitation

Your data, including conversation transcripts and personalized insights, will only ever be used for:

  • Providing and improving the Service
  • Personalizing your experience with Myndo
  • Research to improve mental health support

13.2 Irrevocable Commitments

We make the following irrevocable commitments regarding your data:

  • We will never sell your data to third parties
  • We will never use your data for advertising purposes
  • We will never use personalized insights derived from your conversations for any purpose other than providing the Service to you
  • These commitments survive any change in ownership, acquisition, or business transfer.

13.3 Technical Safeguards

We implement the following technical safeguards:

  • Encryption of all data in transit and at rest
  • Access controls limiting internal access to your data
  • Regular security audits and vulnerability testing
  • Data minimization practices
  • Pseudonymization for both third-party providers and internal use

13.4 Financial Disincentives

To align our business interests with your privacy:

  • Our business model is subscription-based, not advertising-based
  • We deliberately avoid collecting data that could be monetized through advertising
  • Our privacy commitments are contractually binding, even in the event of acquisition

13.5 Transparency Reports

We will publish annual transparency reports detailing:

  • Types of government requests for data received, if any
  • Our response to such requests
  • Changes to our privacy practices
  • Data incident reports, if any

14. Personalized Insights Protection

We use AI technologies to analyze your conversation transcripts and generate personalized insights to provide tailored mental health support. These insights may include patterns in your communication, preferences, wellness indicators, emotional states, and other information that helps us understand your needs better. We recognize the sensitive nature of these insights and apply additional protections:

  • Limited Use: Personalized insights are used solely to tailor and improve your experience with the Service.
  • Never for Advertising: These insights will never be used for targeted advertising or marketing.
  • No Third-Party Sharing: We do not share your personalized insights with third parties, except as strictly necessary to provide the Service.
  • Protection in Transfer: In the event of a business transfer, the restrictions on the use of personalized insights will transfer with the data.
  • Full Anonymization upon Deletion: Your personalized insight data becomes truly anonymous when you delete your account through our cryptographic mapping destruction process.
  • Automated Generation: Personalized insights are generated through automated AI processing of your conversation transcripts.
  • Limited Human Review: Your personalized insight data is not routinely reviewed by humans. However, to improve our Service, we may have authorized employees or contractors review pseudonymized conversation transcripts (identified only by pseudonymized_user_id with no other identifying information).

We believe that these additional protections are essential for maintaining trust while providing effective mental health support.

15. Limitations of AI-Based Support

Myndo is powered by AI and provides probabilistic responses based on the language you speak. While we strive to ensure accuracy and usefulness, AI can misunderstand your intent, produce irrelevant or incorrect information, or fail to detect important emotional nuance.

Please note:

  • Myndo does not understand tone, sarcasm, or intent beyond your literal words.
  • Myndo is not a substitute for human therapists or clinicians.
  • Myndo may generate responses that feel helpful, but they should not be taken as medical, psychological, or legal advice.

Always consult a qualified mental health professional for medical decisions.

16. Voice and Biometric Data

We do not retain or analyze biometric identifiers, including your voice recordings or voiceprints. Your voice is processed in real-time for transcription purposes using third-party speech-to-text providers, and no audio data is stored or retained by Myndo or its subprocessors.

Similarly, when we generate voice responses through our text-to-speech service, we do not store these audio files after they are delivered to you.

We do not use any biometric data for identification, authentication, or profiling. Our voice processing is strictly limited to enabling conversation with our AI assistant and does not involve creating or storing biometric templates of your voice.

17. International Users and GDPR Rights

If you are a resident of the European Union, United Kingdom, or other jurisdiction with data protection laws, you may have the following additional rights under the General Data Protection Regulation (GDPR) or similar laws:

  • The right to access, rectify, or erase your personal data
  • The right to object to or restrict processing of your personal data
  • The right to data portability
  • The right to withdraw consent at any time, where consent is the legal basis
  • The right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at privacy@myndo.ai. While our service is primarily designed for users in the United States, we respect and will make reasonable efforts to honor the privacy rights of all users regardless of location.

17.1 Legal Basis for Processing

For users in the EU, we process your personal data on the following legal bases:

  • Performance of the contract we have with you (providing the Service)
  • Your consent, where explicitly required
  • Our legitimate interests, which do not override your fundamental rights and freedoms
  • Compliance with legal obligations

17.2 Data Protection Representative

For users in the EU, you may contact our data protection representative at: privacy@myndo.ai

18. AI Transparency Commitment

As part of our commitment to transparency, we make information about our AI agents publicly available. This includes general descriptions of how our AI agents work together to provide mental health support. While we protect specific proprietary details about our AI architecture, we believe users should understand the general principles of the AI systems they interact with.

19. Data Pseudonymization and Database Separation

19.1 Privacy-by-Design Architecture

We store your conversation transcripts and personalized insights in our database with only a pseudonymized_user_id and no direct identifiers that link to your real identity. This process, known as pseudonymization, provides an added layer of privacy protection.

As an additional security measure, we deliberately separate your identifying information from your conversation data into different databases. This architectural decision creates a technical separation that provides enhanced protection - even in the unlikely event that one database is compromised, an attacker would not have access to both your identity and your mental health conversations. This separation of databases is part of our privacy-by-design approach.

19.2 Human Review for Service Improvement

To improve the quality and effectiveness of our Service, we may have authorized employees or contractors review pseudonymized conversation transcripts. These reviewers only see:

  • A pseudonymized_user_id (not your email address or any other identifying information)
  • Conversation transcripts
  • Derived personalized insights

They do not have access to your contact information or other account details, and are bound by strict confidentiality agreements.

19.3 Research Use

We may use aggregated and pseudonymized conversation data for research aimed at improving mental health support. Any research findings will be presented in aggregate form and will not include information that could identify individual users.

20. Contact Us

Support Email: help@myndo.ai
Privacy Email: privacy@myndo.ai
Legal Mailing Address:
Nelumbo Labs LLC
c/o Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713
United States

By using Myndo, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.