Legal

Privacy Policy

Last updated: May 2026  ·  MindGlow by Elevate

1. Who we are

MindGlow is a digital AI reflection and journaling application operated by Elevate. We are committed to protecting your privacy. This Privacy Policy explains what data is collected, how it is used, and your rights regarding that data.

Contact: customer-service@mindglow.me

2. Our core privacy principle: local-first

MindGlow is designed as a local-first application. Your conversations, journal entries, mood check-ins, and profile information are stored directly on your device using your browser’s localStorage. We do not operate a central database of user conversations.

This means: if you clear your browser data, your MindGlow data is deleted. If you switch devices, your data does not transfer automatically. This is by design — your reflections belong to you.

3. What data we collect and why

3a. Data you enter into the app (stored locally on your device only)

  • Name, date of birth, and gender (if provided in your profile)
  • Conversation messages and journal entries
  • Mood check-in selections
  • Language preference and subscription plan status

This data is stored in your browser’s localStorage. It is not transmitted to or stored on Elevate’s servers.

3b. Data transmitted to our AI provider (Anthropic)

When you send a message in the chat, your text input is transmitted to Anthropic’s Claude API to generate a response. The following minimal data is sent:

  • Your message text
  • Your language preference (EN/HE)
  • Your gender setting (if provided, to personalise tone — no name is sent)
  • Your plan tier (to select model tier)

Anthropic processes this data according to their own Privacy Policy. We do not send your name, date of birth, or any identifying information to Anthropic.

3c. Payment data (processed by Paddle)

If you purchase a subscription, payment is handled entirely by Paddle. Elevate does not receive, store, or process your payment card details. Paddle may collect billing information, email address, and transaction data in accordance with their Privacy Policy. Paddle is our Merchant of Record and is responsible for payment compliance.

3d. Technical data (standard web analytics)

We may collect standard technical data such as browser type, device type, and general geographic region through Netlify hosting infrastructure. This data is not linked to your identity and is used solely for service reliability purposes.

4. How we use your data

  • To provide the AI reflection service (messages sent to Anthropic API)
  • To process subscription payments (via Paddle)
  • To maintain and improve the Service
  • To comply with legal obligations

We do not sell, rent, or trade your personal data to third parties for marketing purposes. Ever.

5. Children’s privacy

MindGlow is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided information to the Service, please contact us at customer-service@mindglow.me and we will take appropriate action.

6. Data retention and deletion

Since data is stored on your device, you control deletion. To delete your data:

  • In the app: tap Me → Clear local data
  • In your browser: clear localStorage for mindglow.me

We do not retain copies of your conversation data on our servers.

7. Cookies

MindGlow uses browser localStorage (not traditional cookies) to store your preferences and session data. We do not use third-party tracking cookies. Paddle and Netlify may set cookies as part of their standard operations.

8. Security and Cyber Protection

We implement the following technical and organisational measures to protect the Service and your data:

  • Local-first architecture: Conversation and journal data is stored only on your device. No user conversation database exists on our servers, which eliminates the most common target of data breaches.
  • Encrypted transmission (TLS): All data transmitted between your browser and the Service, and between the Service and Anthropic's API, is encrypted in transit using TLS 1.2+.
  • No passwords stored: MindGlow has no account login system. There is no password database to breach.
  • Minimal data transmission: Only your chat message text, language preference, and gender setting (if provided) are sent to Anthropic's API. No name, email, device ID, or identifying information is transmitted.
  • Payment security: All payment processing is handled exclusively by Paddle (PCI-DSS compliant). We never receive, see, or store your payment card details.
  • Hosting security: The Service is hosted on Netlify, which provides DDoS protection, SSL/TLS certificates, and infrastructure security at the hosting layer.

In the event of a security incident affecting your data, we will notify affected users as required by applicable law, including Israel's Privacy Protection Regulations (Data Security), EU GDPR Article 33 (72-hour breach notification to supervisory authority), and applicable US state laws.

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8a. Geographic coverage — EU, US, Israel

MindGlow's privacy and security practices are designed to comply with:

  • Israel: Israeli Privacy Protection Law (1981) and the Privacy Protection Regulations (Data Security) 2017
  • European Union / EEA: General Data Protection Regulation (GDPR). EU users have rights of access, rectification, erasure, portability, and objection. Data transmitted to Anthropic (US-based) is subject to appropriate safeguards.
  • United States: We comply with applicable US federal and state privacy laws. California residents may have additional rights under CCPA. We do not sell personal data to third parties.

Our primary jurisdiction is Israel. For cross-border data flows, we rely on Anthropic's and Paddle's respective compliance frameworks.

9. International transfers

When messages are sent to Anthropic’s API, they may be processed on servers in the United States. By using MindGlow, you consent to this transfer. Anthropic maintains appropriate data protection safeguards.

10. Your rights (GDPR / Israeli Privacy Protection Law)

Depending on your location, you may have the following rights regarding personal data we hold about you:

  • Access: Request a copy of data we hold
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format (use the in-app Export function)
  • Objection: Object to certain processing

To exercise any right, contact: customer-service@mindglow.me. We will respond within 30 days.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect any changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Disclaimer and Limitation of Liability

MindGlow is not a medical, therapeutic, or crisis service. For full disclaimer of warranties, limitation of liability, governing law, and indemnification terms, please see our Terms & Conditions. Those provisions apply equally to all use of the Service including your privacy rights.

In summary: THE SERVICE IS PROVIDED "AS IS". TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ELEVATE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING FROM YOUR USE OF THE SERVICE OR FROM DATA PROCESSING CONDUCTED IN CONNECTION WITH THE SERVICE.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Israel and the Israeli Privacy Protection Law (1981) and its regulations. For EU/EEA users, we also comply with applicable GDPR obligations.

14. Contact

For any privacy-related questions or requests: customer-service@mindglow.me