Privacy Policy

Effective Date: 16 April 2026  |  Last Updated: 16 April 2026

1. Introduction

This Privacy Policy applies to the Mindelyx mobile application and the mindelyx.com website (collectively, the "Service") operated by Vaultneur PTY LTD, a company registered in the Republic of South Africa with its principal place of business at Pretoria, South Africa ("we," "us," "our," or "Vaultneur").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (hashed and never stored in plain text)
• Profile information you choose to provide

2.2 Conversation Data

• Encrypted Messages: All conversations with Mindelyx are encrypted on your device using AES-256 encryption before being transmitted to our servers
• Encryption Keys: Your encryption keys are stored exclusively on your device in secure storage and are never transmitted to or accessible by Vaultneur
• Memory Summaries: AI-generated summaries of your conversations are also encrypted with the same device-only encryption keys

2.3 Usage Data

We may collect information about how you access and use the Service, including:

• Device information (device type, operating system, unique device identifiers)
• App usage statistics (features used, time spent, crash reports)
• IP address and general location information (country/city level only)

2.4 Payment Information

If you subscribe to premium features:

• Payment processing is handled by third-party payment processors (Stripe, PayPal, Apple In-App Purchase, or Google Play Billing)
• We receive only transaction confirmations and subscription status
• We do not store your credit card or banking information

3. How We Use Your Information

3.1 To Provide the Service

• Authenticate your account and provide access to Mindelyx
• Store your encrypted conversations and memory summaries
• Process AI requests through third-party providers (Anthropic Claude API)
• Sync your data across your devices

3.2 To Improve the Service

• Analyze usage patterns to improve features (using anonymized, aggregated data only)
• Diagnose and fix technical issues
• Develop new features and functionality

3.3 To Communicate With You

• Send service-related notifications (subscription status, security alerts)
• Respond to your support requests
• Send marketing communications (only with your consent, and you may opt out at any time)

4. End-to-End Encryption & Data Privacy

4.1 What We CAN See

• Your email address and account metadata
• Encrypted (unreadable) conversation data stored on our servers
• Payment and subscription status
• Usage statistics and error logs

4.2 What We CANNOT See

• The content of your conversations with Mindelyx — all messages are encrypted on your device before transmission
• Your memory summaries — these are encrypted using keys that exist only on your device
• Your encryption keys — these never leave your device

4.3 Third-Party AI Processing

When you send a message to Mindelyx:

1. Your message is encrypted on your device
2. The encrypted message is sent to our servers
3. Our servers decrypt it using temporary session keys and forward it to Anthropic (Claude API)
4. Anthropic processes the request and returns a response
5. The response is encrypted and sent back to your device
6. Your device decrypts and displays the response

Important Disclaimers:

• While in transit to Anthropic, your messages are temporarily unencrypted
• Anthropic's data processing is governed by their Privacy Policy and Terms of Service
• According to Anthropic's policies, API data is not used to train AI models unless you explicitly opt in
• Vaultneur has no control over the AI's responses, accuracy, safety, or appropriateness
• Vaultneur cannot prevent the AI from generating harmful, inaccurate, or dangerous content
• You use AI-generated content entirely at your own risk

5. Data Retention

• Active Accounts: Your encrypted conversations and memory summaries are retained indefinitely while your account is active
• Deleted Accounts: When you delete your account, all your data (including encrypted conversations and summaries) is permanently deleted within 30 days
• Inactive Accounts: Accounts inactive for more than 3 years may be deleted after email notification

6. Data Sharing & Disclosure

6.1 We DO NOT Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Service Providers

We share data with trusted third-party service providers who assist in operating the Service:

• Anthropic (Claude API): AI processing (message content is sent unencrypted to generate responses). IMPORTANT: Vaultneur has no control over Anthropic's AI models, their outputs, accuracy, or safety. Any harm resulting from AI-generated content is governed by Anthropic's terms, not ours.
• Supabase: Encrypted database hosting
• Payment Processors: Stripe, PayPal, Apple, Google (for subscription processing)
• Analytics Providers: Aggregated, anonymized usage data only

All service providers are contractually bound to protect your data and use it only for specified purposes. However, Vaultneur is not responsible for any breaches, failures, or misconduct by these third-party providers.

6.3 Legal Compliance

We may disclose your information if required by law or in response to:

• Valid legal requests from law enforcement or government authorities
• Enforcement of our Terms of Service
• Protection of the rights, property, or safety of Vaultneur, our users, or the public

Note: Due to end-to-end encryption, we cannot decrypt your conversation content even if legally compelled to provide it.

7. International Data Transfers

Your data may be transferred to and processed in countries outside of South Africa, including the United States (where Anthropic and Supabase servers are located). By using the Service, you consent to the transfer of your encrypted data to these jurisdictions.

We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

8.1 Access & Portability

• Request a copy of your personal data
• Export your encrypted conversation data

8.2 Correction

• Update or correct your account information at any time through the app settings

8.3 Deletion

• Delete your account and all associated data through the app settings or by contacting us

8.4 Opt-Out

• Unsubscribe from marketing emails (service-related emails cannot be opted out of while your account is active)
• Disable analytics tracking (this may affect app functionality)

8.5 Complaints

If you believe we have not complied with this Privacy Policy or applicable data protection laws, you may:

• Contact us at info@vaultneur.com
• File a complaint with the Information Regulator (South Africa) at https://inforegulator.org.za

9. Children's Privacy

The Service is not intended for users under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at info@vaultneur.com, and we will delete the information.

10. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
• Encryption at Rest: Your conversations and memory summaries are encrypted using AES-256 on your device before being stored
• Secure Authentication: Passwords are hashed using bcrypt with salt
• Regular Security Audits: We conduct periodic security reviews and updates

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

• The "Last Updated" date at the top will be revised
• You will be notified via email or in-app notification
• Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy

Previous versions of this Privacy Policy will be archived and available upon request.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Vaultneur PTY LTD
Pretoria, South Africa
Email: info@vaultneur.com
Website: https://mindelyx.com

---