In crisis? You are not alone.116 123 Samaritans
Mindful

Privacy Policy

Last updated: 16 April 2026

Mindful is committed to protecting your personal data and your right to privacy. This policy explains how we collect, use, and protect your information in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

Mindful ("we", "us", "our") is a mental health and wellbeing platform. We act as the Data Controller for personal data collected through this website and our application. If you have any questions about this policy, please contact us at privacy@mindful.app.

2. What Personal Data We Collect

Depending on how you use Mindful, we may collect the following categories of personal data:

Account Information: Name, email address, and password when you register.
Health and Wellbeing Data: Mood entries, sleep logs, journal entries, trigger records, medication notes, and stress tracker data. This is Special Category data under UK GDPR and is handled with the highest level of protection.
AI Conversation Data: Text you enter in the AI Chat and Calm Now features. This data is used solely to provide the service to you.
Usage Data: Pages visited, features used, and session duration, collected to improve the platform.
Payment Data: Payment transactions are processed by Stripe. We do not store your full card details.
Technical Data: IP address, browser type, device type, and cookies (see our Cookie Policy).

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: To provide the services you have signed up for.
  • Consent: For health and wellbeing data (Special Category), we rely on your explicit consent, which you can withdraw at any time.
  • Legitimate Interests: To improve the platform, detect fraud, and ensure security.
  • Legal Obligation: Where required by law.

4. How We Use Your Data

  • To provide, maintain, and improve the Mindful platform.
  • To personalise your experience and display relevant insights.
  • To process payments and manage your subscription.
  • To send service-related emails (e.g. account confirmation, password resets).
  • To detect and prevent fraud or misuse of the platform.
  • To comply with legal obligations.

We will never sell your personal data to third parties, and we will never use your health data for advertising purposes.

5. Data Sharing and Third Parties

We only share your data with trusted third-party service providers who assist us in operating the platform, and only to the extent necessary. These include:

  • Stripe - Payment processing (PCI-DSS compliant).
  • OpenAI - AI conversation features. Data is processed under strict data processing agreements.
  • Cloud Hosting Providers - Secure data storage within the UK/EEA.

All third parties are required to handle your data securely and in accordance with UK GDPR. We do not transfer your data outside the UK/EEA without appropriate safeguards.

6. Data Retention

We retain your personal data only for as long as necessary to provide the service and fulfil the purposes outlined in this policy. When you delete your account, your personal data and health records will be permanently deleted within 30 days, except where we are required to retain certain information by law.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of the data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ('right to be forgotten').

Right to Restriction

Ask us to limit how we use your data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests.

To exercise any of these rights, please contact us at privacy@mindful.app. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Cookies

We use cookies and similar tracking technologies. For full details, please read our Cookie Policy. You can manage your cookie preferences at any time using the Cookie Settings option in the footer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by displaying a prominent notice on the platform. The date at the top of this page indicates when the policy was last revised.

Questions About Your Privacy?

Our Data Protection team is here to help. Contact us at any time.

Contact Privacy Team
Terms of ServiceCookie PolicyGDPR Rights