Mind Awake — Privacy Policy
Last Updated: May 4, 2026
Effective Date: May 4, 2026
Version: 1.0.0
Overview
Mind Awake ("App," "we," "us," or "our") takes your privacy seriously. Dream journals contain deeply personal content, and we treat that data with the care it deserves.
This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data. Mind Awake is operated by Jason Cassidy, a sole proprietor doing business as "Mind Awake," located in California, United States.
1. Information We Collect
Information You Provide
- Account Information: Email address, display name, and authentication credentials (or third-party sign-in tokens).
- Onboarding Data: Age range, sleep health information, lucid dreaming experience level, and wellness screening responses. We collect this to customize your experience and ensure safe use of the App.
- Dream Journal Entries: Text descriptions of your dreams, tags, dates, lucidity ratings, and any notes you add.
- Guide Conversations: Text messages exchanged with Maya, our AI guide.
- Subscription Information: Subscription status and billing period (payment details are handled by Apple, Google, or Stripe — we never see your full credit card number).
- Support Communications: Emails or messages you send to our support team.
- Legal Acceptance Records: Timestamp and version of the Terms of Service and Privacy Policy you accepted.
Information Generated by the App
- AI-Generated Content: Maya's responses, milestones, and dream images generated from your data.
- Guide Memory: Summarized context from your conversations and journal entries, used to personalize Maya's guidance.
- Dream Analytics: Patterns, frequencies, and statistics derived from your journal entries.
Information Collected Automatically
- Usage Data: App opens, feature usage, session duration, and interaction patterns. Collected via Mixpanel.
- Device Information: Device type, operating system version, app version, and language setting.
- Crash and Performance Data: Error logs and performance metrics, used to improve App stability.
Information We Do NOT Collect
- Biometric data (fingerprints, face scans)
- Location data
- Contacts or address book
- Photos or camera access (the App does not request these permissions)
- Browsing history
- Data from other apps on your device
- Health data from Apple Health or Google Fit (unless future opt-in is added)
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the AI guide service | Journal entries, conversations, onboarding data | Performance of contract |
| Generate milestones and dream images | Journal entries, conversation history | Performance of contract |
| Personalize curriculum and recommendations | Onboarding data, usage patterns, journal data | Performance of contract |
| Process subscriptions | Subscription status (via Apple, Google, or Stripe) | Performance of contract |
| Improve the App | Aggregated usage data, crash reports | Legitimate interest |
| Safety monitoring and abuse prevention | Guide conversations (sampled, anonymized) | Legitimate interest |
| Respond to support requests | Support communications, account info | Performance of contract |
| Comply with legal obligations | As required | Legal obligation |
We do NOT:
- Sell your personal data to third parties
- Use your dream journal content for advertising
- Share your individual dream entries with other users (unless you choose to share them in any future community feature)
- Train our own AI models on your data
- Use your data for purposes unrelated to providing and improving the App
3. How We Share Your Information
Service Providers (Data Processors)
We share data with third-party providers who help us deliver the App:
| Provider | Data Shared | Purpose |
|---|---|---|
| Anthropic (Claude) | Guide conversation text, journal context | AI text generation |
| fal.ai (FLUX) | Dream descriptions (text only) | AI dream image generation |
| Neon (Postgres) | All stored user data | Database hosting |
| Vercel | API requests, server logs, hosted images | Backend hosting and image storage |
| Mixpanel | Usage events (anonymized identifiers) | Product analytics |
| Stripe | Email, subscription status, payment metadata | Subscription billing |
| Apple / Google | Subscription status (when applicable) | App distribution and billing |
All service providers are bound by their respective data processing agreements and may only use your data to provide their service to us. We may add, remove, or replace providers as the App evolves; the current list is reflected here.
AI Provider Data Handling
Your conversations with Maya are processed by Anthropic's Claude API. Per Anthropic's API terms, data sent through the Claude API is not used to train Anthropic's models. The same applies to fal.ai — API data is processed and returned, not retained for training purposes.
Legal Requirements
We may disclose your information if required by law, court order, subpoena, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers
If Mind Awake is acquired, merged, or sells assets (including a future formation of a corporate successor entity), your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
4. Data Storage and Security
Where We Store Your Data
Your data is stored on servers in the United States via Neon (database) and Vercel (backend and image storage). AI processing occurs on servers operated by Anthropic and fal.ai, also primarily in the United States.
How We Protect Your Data
- Encrypted in transit (TLS/HTTPS for all connections)
- Encrypted at rest (database encryption via Neon)
- Authentication required for all API access
- Role-based access controls on infrastructure
- Regular security reviews of third-party provider practices
- Minimal data retention (see Section 6)
Dream Journal Security
Dream journal entries are among the most personal data a person can create. We apply additional protections:
- Journal entries are not shared with other users
- AI processing of journal content uses only the minimum context needed to generate responses
- Guide memory summaries are stored separately from raw journal entries
- You can delete individual entries or your entire journal at any time
Breach Notification
In the event of a data breach affecting your personal information, we will notify you within the timeframe required by applicable law (generally 72 hours under GDPR, "without unreasonable delay" under most US state laws).
5. Your Rights
All Users
- Access: Request a copy of all data we hold about you
- Deletion: Delete your account and all associated data
- Export: Export your dream journal entries
- Correction: Update or correct your account information
- Withdraw Consent: Opt out of optional data collection
- Restrict Processing: Request we limit how we use your data
California Residents (CCPA/CPRA)
You have the right to:
- Know what personal information we collect, use, and disclose
- Request deletion of your personal information
- Opt out of the "sale" or "sharing" of personal information (we do not sell or share your data for cross-context behavioral advertising)
- Correct inaccurate personal information
- Limit the use of sensitive personal information
- Non-discrimination for exercising your privacy rights
To exercise these rights, email support@mindawake.co or use the in-app data deletion feature.
European Economic Area / United Kingdom Residents (GDPR / UK GDPR)
If you are in the EEA or UK, you additionally have the right to:
- Data portability (receive your data in a structured, machine-readable format)
- Object to processing based on legitimate interest
- Lodge a complaint with your local data protection authority
International data transfer: Your data is transferred to the United States. We rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework (where applicable) for lawful data transfer.
How to Exercise Your Rights
- Email: support@mindawake.co
- Response Time: Within 30 days (extendable by 60 days for complex requests, with notice)
We will not require you to create an account to make a privacy request, but we may need to verify your identity before fulfilling certain requests.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Dream journal entries | Until you delete them or delete your account |
| Guide conversations | Until account deletion |
| Guide memory summaries | Until account deletion |
| AI-generated content (images, milestones) | Until account deletion |
| Usage analytics (Mixpanel) | 14 months, then anonymized or deleted |
| Crash reports | 90 days |
| Support communications | 2 years after resolution |
| Legal acceptance records (TOS/Privacy versions accepted) | Duration of account + 3 years after deletion (for legal defense) |
Account Deletion
When you delete your account:
- All personal data is permanently deleted within 30 days
- Anonymized, aggregated data (e.g., usage statistics with no link to you) may be retained
- Backup copies are purged within 90 days
- We retain a record of the date of deletion and the version of the legal terms you previously accepted, for our legal records
7. Children's Privacy
Mind Awake is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly and terminate the associated account.
Users between 13 and 18 require parental or guardian consent. The onboarding screening includes age confirmation. Parents or guardians who believe their child has provided personal information to us without consent should contact support@mindawake.co.
We comply with the Children's Online Privacy Protection Act (COPPA) by maintaining a 13+ minimum age and not knowingly collecting from younger users.
8. Push Notifications and Email
We may send you:
- Transactional email: Account verification, password reset, subscription confirmations, security alerts. These are necessary for the service and cannot be opted out of while you have an active account.
- Product email (if applicable): Onboarding tips, feature announcements. You can unsubscribe from these at any time via the link in each email.
- Push notifications (if enabled): When and if push notifications launch, you can disable them in your device settings.
We do not send marketing email to non-account-holders.
9. Cookies and Tracking
The Mind Awake mobile app does not use browser cookies. The web version (mindawake.co) uses session cookies necessary for authentication. We use the following analytics technologies:
- Mixpanel: In-app and web event tracking for product analytics. Uses an anonymized identifier tied to your account.
Opt-Out Options
- Limit Ad Tracking: Enable "Limit Ad Tracking" (iOS) or "Opt Out of Ads Personalization" (Android) in your device settings
- Analytics Opt-Out: Email support@mindawake.co with the subject line "ANALYTICS OPT-OUT" — we will exclude your account from product analytics within 14 days
- Do Not Track: We honor browser-level Do Not Track signals on the web
10. Third-Party Links
The App may contain links to external websites or resources (for example, the 988 Suicide and Crisis Lifeline). We are not responsible for the privacy practices of third-party sites. We encourage you to read their privacy policies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email at least 14 days before the changes take effect. The "Last Updated" and "Version" fields at the top reflect the most recent revision.
When a new version is published, you may be required to re-accept the Privacy Policy to continue using the App.
12. Contact Us
For privacy questions, data requests, or concerns:
Email: support@mindawake.co
Website: mindawake.co
Mind Awake is a sole proprietorship operated by Jason Cassidy, located in California, United States. References to "we," "us," and "our" in this Privacy Policy refer to that entity.