MindWellia – Your Mental Health Companion · v3.6 · Effective 2026-05-31
Published by MindfulBloom AI Inc. Effective Date: May 30, 2026 Version: 3.0
MINDWELLIA IS AN AI WELLNESS COMPANION DESIGNED FOR SELF-REFLECTION, WELLNESS GUIDANCE, AND GENERAL WELLNESS SUPPORT. THIS SERVICE IS NOT A MEDICAL SERVICE, MENTAL HEALTH TREATMENT, THERAPY, COUNSELING, CRISIS INTERVENTION TOOL, OR EMERGENCY SERVICE. ALL CONTENT GENERATED BY THE APPLICATION IS PRODUCED BY ARTIFICIAL INTELLIGENCE AND DOES NOT CONSTITUTE CLINICAL ADVICE, DIAGNOSIS, TREATMENT, OR A PROFESSIONAL RECOMMENDATION OF ANY KIND.
NO THERAPIST-CLIENT, PHYSICIAN-PATIENT, COUNSELOR-CLIENT, OR REGULATED HEALTH PROFESSIONAL RELATIONSHIP IS FORMED THROUGH USE OF THIS APPLICATION.
IF YOU ARE EXPERIENCING A MENTAL HEALTH CRISIS, SUICIDAL IDEATION, SELF-HARM URGES, OR ANY EMERGENCY: - Canada: Call 911 or the Canada Suicide Prevention Service at 988 (call or text, 24/7) - United States: Call 911 or the 988 Suicide and Crisis Lifeline (call or text 988, 24/7) - United Kingdom: Call 999 or the Samaritans at 116 123 (24/7) - International: Visit findahelpline.com for local crisis resources
DO NOT RELY ON THIS APPLICATION IN AN EMERGENCY OR CRISIS SITUATION. THE SERVICE IS NOT EQUIPPED TO PROVIDE EMERGENCY RESPONSE, AND ANY DELAY IN SEEKING PROFESSIONAL HELP MAY RESULT IN SERIOUS HARM OR DEATH.
THE SERVICE IS PROVIDED FOR INFORMATIONAL AND GENERAL WELLNESS PURPOSES ONLY AND IS NOT A SUBSTITUTE FOR PROFESSIONAL MEDICAL, PSYCHOLOGICAL, PSYCHIATRIC, OR THERAPEUTIC ADVICE, DIAGNOSIS, OR TREATMENT. USE OF THIS APPLICATION IS SUBJECT TO YOUR ASSUMPTION OF ALL RISK AND IS ENTIRELY AT YOUR OWN RISK.
MindfulBloom AI Inc. ("MindfulBloom AI," "Company," "we," "our," or "us") is a corporation incorporated under the laws of Canada, operating the MindWellia mobile and web application (the "App") and related services, including the MindWellia website at mindwellia.app, the AI wellness companion, journaling features, social features, breathing exercises, mood tracking, task planning, and all associated functionalities (collectively, the "Service").
This Privacy Policy explains what personal information we collect, how and why we use it, who we share it with, how we protect it, how long we retain it, and the rights and choices you have regarding your personal information. This Policy should be read together with our separate Terms of Use.
Regulatory Framework. As a Canadian organization processing sensitive wellness data, we are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. We have additionally structured this Policy to address the requirements of: - The General Data Protection Regulation (GDPR) and UK GDPR for users in the European Union, European Economic Area, and United Kingdom; - The California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) for California residents; - The Washington My Health My Data Act (MHMDA) for Washington State residents; - Other U.S. state comprehensive privacy laws (Colorado, Connecticut, Virginia, Utah, and others) as applicable; - Apple App Store and Google Play platform requirements for health and wellness applications.
Consent. By creating an account, clicking to accept this Policy, or otherwise using the Service, you agree to this Privacy Policy and our Terms of Use. Because wellness and mental health-related data is considered highly sensitive under Canadian privacy law, GDPR, and other applicable frameworks, we require your meaningful, explicit consent to process your information as described in this Policy. You must explicitly accept both this Policy and our Terms of Use by affirmatively clicking to consent during registration before using the Service. If you do not agree, you must not use the Service.
Definitions. In this Policy: - "Inputs" means the text, messages, images, audio, or other content you provide to the Service, including messages sent to the AI companion, journal entries, mood data, and any other content you upload or submit. - "Outputs" means the responses, messages, recommendations, information, or other content generated by the Service's AI systems in response to your Inputs. - "Content" means Inputs and Outputs collectively. - "Conversation Data" means the full text of your interactions with the AI companion, including your Inputs and the corresponding Outputs, together with associated metadata such as timestamps and related system-generated information. - "Sensitive Wellness-Related Information" means any information that relates to your past, present, or future mental, emotional, or psychological health status, including but not limited to Conversation Data, journal entries, mood indicators, wellness onboarding questionnaire responses, sentiment/affect scores, and breathing exercise usage patterns.
THE SERVICE IS STRICTLY LIMITED TO INDIVIDUALS WHO ARE 18 YEARS OF AGE OR OLDER. By using the Service, you represent and warrant that you are at least 18 years old. We do not knowingly collect, use, or retain personal information from anyone under the age of 18. We do not direct the Service to, or intend it for use by, children under 18 years of age.
If we discover that we have received personal information from a person under 18, we will delete such information within five (5) business days of discovery. If you believe we hold information from a minor, contact us immediately at support@mindfulbloomai.com with the subject line "Minor Data Deletion Request."
Users who misrepresent their age assume all liability for doing so, and the Company reserves the right to immediately terminate the account of any user who has misrepresented their age and to pursue any remedies available under applicable law.
We do not knowingly collect personal information from children under 13 years of age. In accordance with the Children's Online Privacy Protection Act (COPPA) and equivalent legislation in other jurisdictions, if we learn that we have collected personal information from a child under 13, we will take immediate steps to delete that information and terminate the associated account.
We build privacy into the design of our Service from the ground up. Our data practices follow these core principles:
When you create an account and use the Service, we collect registration and profile information including, but not limited to, your username, email address, phone number, password, date of birth, and optional profile details such as a display name, bio, and profile image. This information is used to authenticate your identity, secure your account, facilitate account recovery, provide age-appropriate content, and enable social features. If you choose to register via third-party authentication services, we may also receive unique identifiers associated with those accounts (such as a Google or Apple User ID) for account linking purposes.
Authentication Methods. You may register and sign in using: - Phone Number — Your phone number is verified via a third-party SMS verification provider. Standard security measures are used during registration to prevent automated abuse. - Google Sign-In — We receive your email, profile name, and Google user ID. - Sign in with Apple — We receive your email (which may be an Apple private relay address), full name (first sign-in only), and Apple user ID.
[!CAUTION] This is the most sensitive category of data we process. All data below relates to your mental state, emotions, wellness, or wellness-focused interactions. Under GDPR, this constitutes "special category data" under Article 9. Under PIPEDA, this is "sensitive information" requiring heightened protections. Under the Washington My Health My Data Act, this constitutes "consumer health data."
When you use the core features of our app, we collect data including, but not limited to, the text of your conversations with the AI companion, any images you choose to upload, and your free-text journal entries. We also collect various wellness inputs, such as your responses to initial onboarding questions and self-reported mood indicators. To ensure the Service operates safely and effectively, our systems generate automated insights from these interactions, which may include sentiment analysis, safety or risk classifications, and internal performance logs. Please note that any data regarding your use of breathing exercises is stored entirely locally on your device and is never transmitted to our servers.
Non-Diagnostic Disclaimer. The assessments, mood indicators, and sentiment scores described above are general wellness features designed for self-reflection. They are not clinical assessments, psychological evaluations, or diagnostic tools, and they have not been validated for clinical use. You must not treat these features as substitutes for professional evaluation by a licensed healthcare provider.
Important Notice Regarding Sensitive Wellness-Related Information. We process this data solely to provide, maintain, and improve the Service. We do NOT use this data for advertising, profiling for commercial purposes, or sharing with insurers, employers, or government agencies (unless legally compelled by valid court order or applicable law). This data is NOT Protected Health Information (PHI) as defined under HIPAA, because MindfulBloom AI is not a covered entity or business associate under HIPAA. The Service is not designed for storage of Protected Health Information under HIPAA and should not be used where HIPAA compliance is required.
If you grant location permissions, we may collect location data, including but not limited to, your approximate or precise location (such as latitude and longitude) and timezone information, to provide contextual awareness for the AI and enable features like scheduling or daily reminders.
If you opt to use the "Find Friends" feature and grant the necessary device permissions, we may collect contact information from your device, such as phone numbers, which are securely hashed on your device before being transmitted to our servers for friend discovery.
When voice features are enabled and used, we may process voice and audio data, such as audio files or text-to-speech requests, to facilitate voice interactions with the AI companion. This data is transmitted to third-party providers for processing and is not retained on our servers longer than necessary to fulfill the request.
If you engage with our social features, we collect data related to your social interactions, including but not limited to, your friends list, direct messages, supportive "Pulses," referral information, and public social profile details.
If you participate in our virtual currency system, we collect and store records of your CareCoins balance, an immutable transaction ledger of coins earned or spent, and administrative gifting records.
We may collect images and media that you interact with or upload, such as your profile photo, AI avatar configurations, and images shared during AI chat conversations.
We automatically collect device and technical data when you use the Service, including but not limited to, your push notification token, device platform, operating system version, IP address, user agent string, and app version, for purposes such as service delivery, analytics, and fraud prevention.
We track analytics and usage data to understand how the Service is used and to improve its quality. This may include user event tracking (such as feature usage and session starts), daily active user metrics, aggregate service usage volume, and system logs related to AI interactions for quality assurance and safety monitoring.
We store your in-app preferences (such as display settings, tutorial progress, and playback preferences) on our servers. Daily reminder settings are stored on your device only and are not sent to our servers. A record of your privacy policy acceptance is retained for compliance purposes.
When you contact us through the in-app support system, we collect your ticket subject, category, message thread, and related metadata (priority, status). This data is stored on our servers.
The App may send local (on-device) notifications, such as daily reminders to check in. These are processed entirely on your device and no data about local notification settings or triggers is sent to our servers. You may control local notification permissions through your device settings.
During phone number verification, we temporarily store your phone number, device information, and a secure verification code. Verification sessions expire automatically after a short time period.
We process personal information only for the purposes set out below. Where GDPR or UK GDPR applies, we identify the relevant legal basis for each purpose.
(a) Service Delivery: To authenticate your account, process your Inputs through AI systems, generate and return Outputs, provide journaling, mood tracking, task planning, breathing exercises, social features, and all other Service functions. [Legal basis: performance of contract]
(b) AI Conversation Memory and Context: To search your past conversations and retrieve relevant context to provide more personalized and contextually appropriate AI responses. [Legal basis: performance of contract / explicit consent for special category data]
(c) Sentiment Analysis and Affect Scoring: To generate emotional valence, arousal, and satisfaction scores from your messages for the purpose of providing contextually appropriate conversational responses. These scores are NOT used for diagnostic purposes or to make automated decisions with legal or similarly significant effects. [Legal basis: explicit consent for special category data]
(d) Evidence-Informed Wellness Content: To retrieve wellness education content informed by established psychological frameworks relevant to your conversation topics. This is NOT the provision of therapy, counseling, or treatment, and the content has not been reviewed or approved by a licensed professional for clinical use. [Legal basis: performance of contract / explicit consent for special category data]
(e) Automated Safety Response: The Service includes limited, automated systems that may attempt to detect severe crisis signals in conversations and provide hotline numbers. These systems are entirely automated, are not human-monitored, are not guaranteed to function, and do not create any obligation or duty to detect or respond to crisis situations. [Legal basis: legitimate interests (protecting vital interests of users) / legal obligation]
(f) Service Improvement: To analyze usage data that has been anonymized and aggregated to improve the App's features, performance, and AI response quality. [Legal basis: legitimate interests]
(g) AI Model Development (opt-in only): To use Conversation Data to train or fine-tune AI models. This processing occurs only with your separate, explicit, freely given, and revocable consent. Default is no training. [Legal basis: consent]
(h) Account and Subscription Management: To manage your account, process subscription status signals from Apple or Google, manage CareCoins balances and transactions, and provide customer support. [Legal basis: performance of contract]
(i) Social Features: To facilitate friend discovery, friend requests, Pulses, direct messages, and referral tracking. [Legal basis: performance of contract]
(j) Safety and Security: To detect and prevent fraud, abuse, unauthorized access, automated bot activity, and violations of our Terms of Use, including through rate limiting, IP monitoring, bot prevention verification, and account integrity checks. [Legal basis: legitimate interests / legal obligation]
(k) Push Notifications: To deliver real-time notifications about Pulses, friend requests, CareCoins gifts, support ticket replies, and other Service events via push notification services. [Legal basis: performance of contract / consent]
(l) Legal Compliance: To respond to lawful government, regulatory, or court requests, and to meet our obligations under applicable law, including mandatory breach notification. [Legal basis: legal obligation]
(m) Marketing Communications (opt-in only): To send product updates and other communications you have consented to receive. You may withdraw consent at any time via the unsubscribe link or App notification settings. [Legal basis: consent]
To generate Outputs in response to your Inputs, the Service uses an AI agent architecture that performs the following processing steps:
When you send a message, our systems classify the type of response needed, retrieve relevant context from your past conversations, and transmit your Input along with that context to a Third-Party AI Provider to generate an Output. The AI may also invoke supplementary tools, such as web search or crisis resource lookup, to enhance the response. The Output is then returned to you.
This means your Inputs are processed outside our own infrastructure by Third-Party AI Providers. The specific AI provider used may change over time as we optimize for response quality and safety.
AI Interaction Transparency. In accordance with emerging AI transparency legislation (including the EU AI Act, California SB 243, and similar laws), we disclose that: (a) all conversational responses within the Service are generated by artificial intelligence, not by a human being; (b) the AI companion does not possess consciousness, emotions, sentience, or the ability to form genuine relationships; and (c) the Service may periodically remind you that you are interacting with an AI system.
[!WARNING] Your conversation content is transmitted to these third-party AI providers for processing. We contractually restrict these providers from using your data for their own model training.
We utilize various third-party AI providers (such as xAI, OpenAI, Anthropic, Google, and specialized voice or search tools) to power the Service. We may transmit conversation text, contextual summaries, and specific search queries to these providers to generate AI responses, perform necessary data structuring, or execute voice synthesis and recognition.
Important: We do NOT transmit your name, email address, phone number, or other account identifiers to AI providers. Only conversation text and contextual summaries are sent. However, you may voluntarily disclose personal information within your conversations, and that content will be transmitted to the applicable AI provider for processing.
We also share limited data with other essential service providers, including but not limited to, SMS verification providers for authentication, social sign-in providers, bot prevention services, push notification delivery services, and app store platforms for transaction processing.
All other data processing and storage occurs on our self-hosted infrastructure and does not involve third-party data sharing.
We do not use your identifiable Inputs or Outputs to train, fine-tune, or evaluate any AI model — whether our own or operated by a third party — without your explicit, separate opt-in consent. By default, Conversation Data is used solely to generate the current session's Outputs and to provide conversation memory for future sessions. Where you have opted in to AI model training, you may revoke consent at any time by adjusting your account settings or contacting support@mindfulbloomai.com with the subject line "Revoke AI Training Consent"; revocation is effective prospectively.
Human administrators at MindfulBloom AI do not routinely read or access your private Conversation Data. Human access occurs only: - If you explicitly submit a conversation transcript to our support team for troubleshooting; - If we are legally compelled by a valid court order or subpoena; - For targeted safety reviews where automated systems have flagged a potential risk; or - For quality assurance audits of AI response quality, conducted by authorized personnel on a limited sample basis, subject to confidentiality obligations and access controls.
AI-generated Outputs may be inaccurate, incomplete, biased, outdated, harmful, or fabricated. For full disclaimers regarding AI limitations, your obligations when using Outputs, and important safety-related limitations, see our Terms of Use, Section 4.
MindfulBloom AI Inc. makes no representation or warranty regarding the accuracy, reliability, completeness, or appropriateness of any Output. All use of the Service is at your own risk.
We do not sell, rent, lease, trade, or otherwise monetize your personal information to any third party, for any purpose, at any time. We do not share your Inputs or Outputs for advertising, profiling, cross-context behavioural targeting, or any commercial purpose unrelated to providing the Service.
We do not share Sensitive Wellness-Related Information with insurance companies, employers, educational institutions, or government agencies unless legally compelled by valid court order or applicable law.
We disclose personal information only in the following limited circumstances:
(a) Service Providers and AI Providers: To the categories of vendors and AI providers described in Section 6, strictly for purposes of providing services to us. All service providers are bound by data processing agreements that restrict use of your information to providing services on our behalf and impose confidentiality, security, and data protection obligations.
(b) Between Users (Social Features): When you use social features (friends, Pulses, direct messages), certain information is shared with other users as inherent to those features: your username, avatar, bio, level, and the content of Pulses and messages you send. Your AI conversations, journal entries, mood data, and wellness questionnaire data are NEVER shared with other users.
(c) Business Transactions: If MindfulBloom AI Inc. undergoes a merger, acquisition, asset sale, reorganization, or insolvency proceeding, your personal information may be transferred to the successor entity. We will notify you by email and in-app notice at least thirty (30) days before any such transfer takes effect, and you will be afforded the opportunity to exercise your data rights, including deletion, prior to the transfer.
(d) Legal Obligations: Where required by a valid court order, subpoena, regulatory demand, or applicable law. We will notify you in advance of compliance where legally permitted to do so and may challenge overly broad or improper requests where legally and commercially reasonable.
(e) Safety and Vital Interests: Where we have a good-faith, reasonable belief that disclosure is necessary to prevent imminent risk of serious physical harm to you or another identifiable person, or to protect the vital interests of any person.
(f) Aggregated or De-Identified Data: We may share data that has been aggregated or de-identified such that it cannot reasonably be used to identify you. Such data is no longer considered personal information.
Our servers are located in the United States. Our Third-Party AI Providers and other service partners process data on servers located in multiple jurisdictions, including the United States and potentially other countries. These jurisdictions may have privacy and data protection laws that differ from Canadian law.
We address cross-border data transfer risks through the following safeguards:
By using the Service, you acknowledge and consent to the transfer, storage, and processing of your personal information outside Canada on the terms described in this Section. Where required by applicable law, we will obtain your specific consent before transferring your data to a jurisdiction that does not provide an adequate level of data protection.
If you are a resident of Washington State, the following additional disclosures apply to "consumer health data" as defined under the Washington My Health My Data Act:
Categories of Consumer Health Data Collected: - Mental health status information (conversation content, mood data, journal entries, wellness onboarding questionnaire responses) - Emotional wellness indicators (sentiment/affect scores) - Health-related information you choose to provide in conversations - Information inferred or derived from the above through AI processing
Purposes of Collection: - Providing the AI wellness companion Service - Generating contextually appropriate AI responses - Maintaining conversation memory and context - Service improvement and quality assurance
Categories of Sources: Directly from you through your use of the Service.
Third Parties and Affiliates with Whom Data is Shared: Third-Party AI Providers listed in Section 6.2 (for processing only); no data is sold or shared for advertising.
How to Exercise Your Rights: Contact support@mindfulbloomai.com with the subject line "MHMDA Rights Request" or use the in-app "Delete My Data" function.
We will obtain your separate affirmative consent before collecting or sharing consumer health data that is not strictly necessary to provide the Service you have requested. You may withdraw consent at any time.
If you are a resident of the State of Nevada, the following additional disclosures apply under the Nevada Consumer Health Data Privacy Act (SB 370):
Categories of Consumer Health Data Collected: Same as categories listed in Section 9 (Washington MHMDA Disclosures) above.
Purposes of Collection and Use: Same as purposes listed in Section 9 above.
Consent: We will obtain your separate affirmative consent for the collection and sharing of your consumer health data. Consents for collection and sharing are requested separately.
Consumer Rights: You have the right to: - Confirm whether your consumer health data is being collected, shared, or sold; - Access a list of third parties with whom your consumer health data has been shared; - Request the deletion of your consumer health data; - Withdraw consent for data collection or sharing.
Geofencing: We do not use geofencing within 1,750 feet of any facility that provides in-person healthcare services for the purpose of identifying, tracking, collecting data from, or sending notifications or advertisements to consumers.
How to Exercise Your Rights: Contact support@mindfulbloomai.com with the subject line "Nevada Privacy Rights Request" or use the in-app "Delete My Data" function.
If you are a resident of the Province of Quebec, the following additional disclosures apply under Quebec's Act to modernize legislative provisions as regards the protection of personal information (Law 25):
Privacy Impact Assessment (PIA). In accordance with Law 25, we conduct Privacy Impact Assessments for projects involving the acquisition, development, or overhaul of information systems that involve the collection, use, or disclosure of personal information, including our AI processing systems.
Automated Decision-Making Transparency. The Service uses automated processing, including sentiment analysis and AI-generated responses, to deliver the Service. In accordance with Section 12.1 of Law 25: - We inform you that these systems involve automated processing of your personal information; - Upon request, we will provide information about the personal information used in automated processing, the factors involved, and the logic of the automated system; - You may submit observations to a person who can review any decisions made through automated processing.
Cross-Border Transfer PIA. Where your personal information is transferred outside Quebec (including to Third-Party AI Providers in the United States), we have conducted a specific Privacy Impact Assessment to ensure that the information will receive protection equivalent to that afforded under Quebec law.
How to Exercise Your Rights: Contact support@mindfulbloomai.com with the subject line "Quebec Law 25 Request." You may also file a complaint with the Commission d'accès à l'information du Québec (CAI) at www.cai.gouv.qc.ca.
The Service uses AI to automatically generate sentiment/affect scores (emotional valence, arousal, satisfaction, and confidence metrics) from your messages. These scores are used solely for conversational context — to help the AI companion provide more empathetic and contextually appropriate responses. These scores are: - NOT used for diagnostic purposes; - NOT used to make decisions with legal or similarly significant effects on you; - NOT shared with third parties; - NOT used for insurance, employment, credit, educational, or housing decisions about you.
The Service includes a limited, automated risk classification system that may flag messages for crisis concerns. This system is entirely automated and not monitored by humans in real-time. When a message is flagged: - The AI may automatically output crisis resource information; - An internal audit record is created; - No automated action is taken that would have legal or similarly significant effects on you.
Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Our sentiment analysis and risk classification systems do not make such decisions. If you believe you have been affected by an automated decision with significant effects, you may request human review by contacting support@mindfulbloomai.com with the subject line "Automated Decision Review Request."
We retain personal information only for the minimum period necessary to fulfill the purposes described in this Policy, subject to any longer retention required by law. For example, account credentials, social features data, AI chat conversations, and wellness inputs are generally retained for the duration of your active account and deleted shortly after an account deletion request (typically within 30 calendar days). System records, such as AI interaction logs, analytics events, and transaction ledgers, are retained for specific periods driven by quality assurance, safety monitoring, financial record-keeping, or legal compliance requirements, after which they are permanently deleted or anonymized. Deleted personal information is purged from active backup media within 90 calendar days of the original deletion.
Anonymized Data. Data that has been anonymized in a manner that cannot reasonably be re-identified may be retained indefinitely for research, analytics, and service improvement.
Legal Hold. Notwithstanding the above, we may retain personal information beyond the stated periods where we are required to do so by applicable law, to comply with a legal hold or preservation order, or to establish, exercise, or defend legal claims.
We implement technical and organizational security measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures are proportionate to the sensitivity of the information we process and include, but are not limited to, encryption of data in transit and at rest, access controls, secure credential storage, regular security assessments, employee training on data privacy, and documented incident response procedures. While no system can guarantee absolute security, we continuously evaluate and improve our safeguards in line with industry standards and applicable legal requirements.
We will notify affected individuals and, where required, the Office of the Privacy Commissioner of Canada (OPC) or other applicable regulatory authorities, as soon as reasonably practicable following discovery of a breach that creates a real risk of significant harm, in accordance with PIPEDA's breach of security safeguards reporting requirements and applicable laws. Notification will describe: - The nature and scope of the breach; - Categories of personal information involved; - Steps we have taken and plan to take in response; - Actions you can take to protect yourself; and - Contact information for our Privacy Officer and relevant regulatory authorities.
For EU/EEA users: We will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach likely to result in a risk to the rights and freedoms of individuals, as required by GDPR Article 33.
For terms regarding the use of modified or unauthorized devices (jailbroken or rooted), see our Terms of Use, Section 3.
No security system is infallible. Transmission of data over the internet carries inherent risk. We cannot and do not guarantee that your information will never be accessed, disclosed, altered, or destroyed by a breach of our safeguards. You are responsible for maintaining the confidentiality of your account credentials and for the security of your device.
All subscriptions and in-app purchases are processed exclusively through Apple's App Store or Google Play. MindfulBloom AI Inc. does not directly collect, process, store, or have access to your payment card numbers, bank account details, or other financial credentials. Payment transactions are governed solely by Apple's or Google's applicable privacy policies, terms of service, and refund policies, which you should review independently.
We receive confirmation from the app store of your subscription status and related transaction details sufficient to activate and manage your subscription within the Service. Subscription data stored by us includes your plan type, activation date, expiry date, and transaction reference.
The following rights are available to you based on your location. To exercise any right, email support@mindfulbloomai.com with "Privacy Rights Request" in the subject line, or use the in-app "Delete My Data" function where available. We respond within the period required by applicable law. Identity verification may be required to protect against unauthorized requests.
Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, substantially similar provincial legislation: Alberta's Personal Information Protection Act (PIPA) and British Columbia's Personal Information Protection Act (PIPA).
We will acknowledge your inquiry within five (5) business days and provide a substantive response within the timeframe required by applicable law: - PIPEDA: 30 days - GDPR: 30 days (with possible 60-day extension for complex requests) - CCPA/CPRA: 45 business days (with possible 45-day extension) - MHMDA: 45 days
We may use cookies, web beacons, and similar tracking technologies on our website (mindwellia.app) to support its operation, analyze anonymous usage patterns, and remember your preferences. We do not use tracking technologies to build advertising profiles, for cross-site behavioural tracking, or for targeted advertising.
The mobile App does not use cookies. The App uses push notification tokens for notification delivery, which are functional identifiers and not tracking cookies.
You may disable cookies in your browser settings; doing so may affect functionality of portions of our website. We do not respond to Do Not Track (DNT) signals at this time, as no uniform standard currently applies. We do not engage in any "tracking" as defined by Apple's App Tracking Transparency framework.
The Service may contain links to third-party websites, services, or resources. MindfulBloom AI Inc. is not responsible for the privacy practices, security, content, accuracy, or availability of those third parties. We encourage you to review their respective privacy policies and terms before providing any personal information or accessing their services.
Where required by GDPR Article 35 or other applicable law, we conduct Data Protection Impact Assessments (DPIAs) for processing activities likely to result in a high risk to the rights and freedoms of individuals. Given the sensitive nature of Sensitive Wellness-Related Information processed by the Service, we have conducted or will conduct DPIAs covering:
You may request information about our DPIA activities by contacting our Data Protection Officer.
We may update this Privacy Policy to reflect changes in our practices, the Service, or applicable law. For material changes: - We will notify you by email to your registered address and via an in-app notification at least thirty (30) days before the change takes effect; - We will update the Effective Date and Version number at the top of this Policy; - We will present the updated Policy for your acceptance through the in-app consent mechanism.
For changes that require consent under applicable law, we will seek your fresh consent before the changes take effect. Continued use of the Service after the effective date of any update constitutes acceptance of the revised Policy. If you do not agree with a material change, you must stop using the Service and may request deletion of your personal information.
This Privacy Policy and any dispute or claim arising from or in connection with it or its subject matter shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of laws principles. Dispute resolution procedures are set forth in our Terms of Use.
MindfulBloom AI Inc. has designated a Privacy Officer responsible for overseeing compliance with this Policy and applicable privacy legislation. To exercise your rights, ask questions, raise concerns, or file a complaint, contact us at:
Privacy Officer, MindfulBloom AI Inc. Email: support@mindfulbloomai.com For privacy inquiries, use the subject line: "Privacy Inquiry" For data protection or DPO inquiries, use the subject line: "DPO Inquiry" Canada
We will acknowledge your inquiry within five (5) business days and provide a substantive response within the timeframe required by applicable law.
If you are not satisfied with our response, you may file a complaint with: - Canada (Federal): Office of the Privacy Commissioner of Canada at www.priv.gc.ca - Canada (Quebec): Commission d'accès à l'information du Québec at www.cai.gouv.qc.ca - Canada (Alberta): Office of the Information and Privacy Commissioner of Alberta at www.oipc.ab.ca - Canada (British Columbia): Office of the Information and Privacy Commissioner for BC at www.oipc.bc.ca - United Kingdom: Information Commissioner's Office at www.ico.org.uk - European Union: The relevant supervisory authority in your jurisdiction - California: The California Attorney General at oag.ca.gov - Washington State: The Washington State Attorney General at atg.wa.gov - Nevada: The Nevada Attorney General at ag.nv.gov