Skip to main content

Privacy Policy

MindyCore (MINDYWORLD OÜ)

Effective date: [DATE] Last updated: [DATE]

MindyCore is committed to protecting your privacy and the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information. We comply with the European Union's General Data Protection Regulation (GDPR), and we aim to respect applicable data protection laws in other regions where our services are used, including the United States.

1. Who we are

Our services are provided by MINDYWORLD OÜ (trading as MindyCore), registered in Estonia. Registration number: 17339961. Registered address: Jõe tn 3-315, Tallinn, Estonia. We are the data controller.

Contact: core@mindycore.com. Data Protection Officer (DPO): available on request.

You can view our official company registration here: inforegister.ee/en/17339961-MINDYWORLD-OU.

2. What personal data we collect

  • Identity data: name, username.
  • Contact data: email address, and postal address if you provide it.
  • Account data: username, encrypted password, account preferences and settings.
  • Conversation and interaction data: what you type, say (voice), or share (images) when using NeuroMindy, and its responses. This is core to how the service works.
  • Usage data: features used, time spent, actions taken.
  • Technical data: IP address, browser type, device information, operating system.
  • Transaction data: payment and billing details, purchase history.
  • Communications data: your messages with our support team.
  • Cookies and similar technologies: see the Cookies section below.

Sensitive information you may choose to share: because NeuroMindy is a companion for neurodivergent people, you may choose to share information that can be sensitive (for example, about how you think, feel, or experience the world). You are never required to share this. Where such information counts as a special category of data under GDPR, we handle it with extra care and only as needed to provide the service.

3. How NeuroMindy uses your conversations

This section explains specifically how we treat what you share with the AI.

We use your conversations to provide the service: to generate responses, keep context within a chat, and (if you have an account) remember your settings and history so your experience is consistent.

We do not sell your conversations. We never use them to create romantic, sexual, or harmful content, and we never target children with such content.

4. How we collect your data

  • Directly from you: when you create an account, use NeuroMindy, fill out a form, or contact us.
  • Automatically: through cookies and analytics when you use our website or apps.
  • From organisations: if a school or organisation provides our service to you, with appropriate consent.

5. How we use your data and our legal bases

  • To provide NeuroMindy and MindyPlay, and their features.
  • To manage your account, authentication, and security.
  • To process payments and manage subscriptions.
  • To respond to support, questions, and feedback.
  • To improve and maintain our services.
  • To send communications you have agreed to receive.
  • To keep the service secure, prevent fraud, and fix problems.
  • To comply with legal obligations.

Legal bases under GDPR: consent (where you have given it), contract (to provide what you signed up for), legal obligation, legitimate interests (balanced against your rights), and vital interests (to protect someone's life).

6. Sharing and third parties

We do not sell your personal data. We may share it with:

  • Service providers: cloud hosting, AI infrastructure providers, payment processors, and email services that help us run the service.
  • Organisations: schools or organisations that provide our service to their members.
  • Professional advisers: lawyers, auditors, accountants.
  • Authorities: when required by law or to protect rights and safety.
  • Business transfers: in a merger, acquisition, or sale of assets.

All third parties are bound by confidentiality and data protection agreements. NeuroMindy runs on AI infrastructure provided by third parties; we choose providers that meet appropriate data protection standards.

7. International data transfers

Your data may be processed in countries outside the European Economic Area (EEA), including the United States, for example by our service providers. When we transfer data internationally, we use approved safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or other legally recognised mechanisms. You can request more information by contacting us.

8. Data security

  • Encryption: in transit (TLS/SSL) and at rest.
  • Access controls: role-based access and authentication.
  • Audits: regular security checks.
  • Incident response: procedures to detect and respond to breaches.
  • Backups: regular, securely stored.

If a data breach poses a risk to your rights, we will notify you and the relevant authority within 72 hours, as GDPR requires.

9. How long we keep your data

  • Active accounts: while your account is active.
  • Inactive accounts: up to 24 months after last activity, then deleted.
  • Conversations: kept while your account is active, and deleted when your account is deleted. You can delete your conversations at any time.
  • Transaction records: kept as required by tax and accounting law.
  • Marketing data: until you withdraw consent.

When data is no longer needed, we delete or anonymise it. Anonymised data may be kept for statistics and research.

10. Your rights

Under GDPR, you have the right to: access your data; correct it; delete it ('right to be forgotten'); restrict processing; receive it in a portable format; object to certain processing; withdraw consent; lodge a complaint with a data protection authority; and not be subject to solely automated decisions with legal effects.

To exercise any right, contact core@mindycore.com. We respond within one month (extendable by two months for complex requests, with notice).

11. Children and young people

We take the privacy of children and young people very seriously. MindyPlay games are intended for users aged 13 and over. NeuroMindy is intended for users aged 16 and over. It is the responsibility of a parent or legal guardian to ensure a minor does not use a service that is not intended for their age.

We collect the minimum data necessary from young users and require parental or guardian consent where the law requires it. Parents and guardians may review, change, or delete their child's data by contacting us.

We never knowingly collect more data than necessary from children, and we never create romantic, sexual, or harmful content directed at minors. If we learn we have collected a child's data without proper consent, we delete it promptly.

Where we provide the service to a school or organisation, use by their members, including minors, is governed by our separate agreement with that organisation, which includes the parental or guardian consent required by law.

12. Automated processing

NeuroMindy generates responses automatically using AI. This is how the service works, and it does not make legal or similarly significant decisions about you. We do not use your data for solely automated decisions that produce legal effects without human involvement. If that ever changes, we will inform you and offer human review.

13. Marketing communications

We only send marketing communications with your consent, or where we have a legitimate interest and you have not opted out. You can opt out anytime via the unsubscribe link or by contacting us. We will still send essential service messages (like security or account notices).

14. Cookies and similar technologies

Our website uses cookies and similar technologies. We comply with GDPR and the ePrivacy Directive. When you first visit, a consent banner lets you accept, reject non-essential cookies, or customise your choices. We do not set non-essential cookies without your consent. You can change your choice anytime via 'Cookie Settings' in the footer.

Types of cookies

  • Strictly necessary: security, language, and saving your cookie preferences. No consent needed.
  • Functional/preference: language, theme, accessibility settings, timezone.
  • Analytics: to understand site usage. Only set with your consent.

Note on the games: MindyPlay uses non-personalised advertising.

Cookie list (confirm against the real site)

This list reflects only the cookies we actually use.

15. Changes to this policy

We may update this policy. Changes are posted here with a new effective date. For significant changes, we notify you by email or a prominent notice. Continued use after changes take effect means you accept the updated policy.

16. Contact and complaints

For any question or request about your data, contact core@mindycore.com (subject: 'Privacy Inquiry' or 'Data Protection Request').

If you are not satisfied, you can complain to a data protection authority. As we are based in Estonia, the relevant authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): www.aki.ee/en.

MindyCore © 2026 MINDYWORLD OÜ Reg. 17339961 This draft requires review by a qualified lawyer before publication.