🔒 GIOMIND – PRIVACY POLICY
COMPREHENSIVE VERSION
Last Updated: December 1, 2025
Effective Date: December 1, 2025
Applicable to All Users Worldwide
⚠️ IMPORTANT PRIVACY NOTICE ⚠️
This Privacy Policy explains how GioMind collects, uses, shares, and protects your personal information when you use our wellness and mindfulness application.
BY USING GIOMIND, YOU AGREE TO THE COLLECTION AND USE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.
If you do not agree with this Privacy Policy, you must not use GioMind.
This Privacy Policy is incorporated into and subject to our Terms of Use.
TABLE OF CONTENTS
1. Introduction & Key Information
2. Information We Collect
3. How We Use Your Information
4. Legal Bases for Processing (GDPR)
5. Sharing Your Information with Third Parties
6. International Data Transfers
7. Data Retention & Deletion
8. Your Privacy Rights by Jurisdiction
9. Children's Privacy
10. Security Measures
11. Cookies & Tracking Technologies
12. Third-Party Services & Links
13. AI Processing & Data Usage
14. Marketing & Communications
15. Changes to Privacy Policy
16. Contact Information & Data Protection Officer
17. Jurisdiction-Specific Provisions
18. California Privacy Rights (CCPA/CPRA)
19. European Union & UK Rights (GDPR)
20. Additional Regional Rights
1. INTRODUCTION & KEY INFORMATION
1.1 Who We Are
GioMind is a digital wellness and mindfulness application available exclusively on iOS (iPhone and iPad) through the Apple App Store.
Service Provider Information:
• Service Name: GioMind
• Legal Entity: [Legal entity name - To be completed]
• Business Address: [To be completed]
• Registration Number: [If applicable - To be completed]
• Contact Email: giomind.app@gmail.com
1.2 Scope of This Policy
This Privacy Policy applies to:
✓ The GioMind mobile application (iOS)
✓ All features and services within the App
✓ Communications between you and GioMind
✓ Data collected through Apple App Store integration
This Privacy Policy does NOT apply to:
❌ Third-party websites or services (even if linked from our App)
❌ Third-party AI providers' data practices (see their privacy policies)
❌ Apple's data collection practices (see Apple Privacy Policy)
1.3 Key Privacy Principles
We are committed to:
✓ Transparency about data collection and use
✓ Collecting only necessary information
✓ Protecting your data with appropriate security measures
✓ Complying with applicable privacy laws worldwide
✓ Respecting your privacy rights
✓ Never selling your personal data to third parties
1.4 Data Controller & Processor Roles
• Data Controller: GioMind (we determine purposes and means of processing)
• Data Processors: Our service providers (OpenAI, Firebase, Cloudflare, etc.)
1.5 Updates to This Policy
We may update this Privacy Policy from time to time.
• Changes will be posted in the App
• "Last Updated" date will be changed
• Material changes will be notified via email or in-app notification
• Continued use after changes constitutes acceptance
2. INFORMATION WE COLLECT
We collect information in three main categories:
A) Information you provide directly
B) Information collected automatically
C) Information from third parties
2.1 INFORMATION YOU PROVIDE DIRECTLY
A. Account Information
When you create an account, we collect:
• Email address (required)
• Password (encrypted, we cannot see your actual password)
• Display name (optional)
• Profile picture (optional)
• Account preferences and settings
B. Wellness & Usage Data
When you use GioMind features, you may provide:
• Mood tracking data (mood ratings, emotional states)
• Journal entries and personal notes
• Meditation session preferences
• Goal setting and progress tracking
• Gratitude entries and reflections
• Custom reminders and notifications settings
C. AI Conversation Data
When you interact with AI features:
• Questions you ask the AI
• Conversation history with AI assistants
• Feedback on AI responses
• Topics you discuss with AI wellness coach
D. Support & Communication Data
When you contact us:
• Email correspondence
• Support ticket information
• Feedback and suggestions
• Bug reports
• Survey responses (if you participate)
E. Payment Information
• Subscription purchase information (processed by Apple)
• We do NOT directly collect or store credit card information
• Apple App Store handles all payment processing
2.2 INFORMATION COLLECTED AUTOMATICALLY
A. Device Information
• Device type (iPhone model, iPad model)
• Operating system version (iOS version)
• Device identifiers (IDFA - if you consent, Device ID)
• Screen resolution and device settings
• Time zone and language settings
• Mobile carrier information
B. Usage Analytics
• App usage patterns (features used, frequency)
• Session duration and timestamps
• Navigation paths within the App
• Feature engagement metrics
• In-app actions and interactions
• Performance data (load times, errors)
C. Technical & Log Data
• IP address
• Browser type (if applicable)
• App version number
• Crash logs and error reports
• Diagnostic data
• Network connection type (Wi-Fi, cellular)
D. Location Information (Limited)
• General location (country, city-level) inferred from IP address
• We do NOT collect precise GPS location
• We do NOT track your physical movements
E. Cookies & Similar Technologies
• Session cookies (for logged-in sessions)
• Analytics cookies (Firebase Analytics)
• Functional cookies (to remember preferences)
• See Section 11 for detailed cookie information
2.3 INFORMATION FROM THIRD PARTIES
A. Apple App Store
• Purchase and subscription information
• App Store account information (as provided by Apple)
• Subscription status and renewal data
• Refund and cancellation information
B. Authentication Providers (if enabled)
• Apple Sign-In: Name, email, Apple ID token
• Other SSO providers (if we add them in future)
C. Analytics & Service Providers
• Aggregated usage statistics from Firebase
• Crash analytics from Firebase Crashlytics
• Performance monitoring data
D. AI Service Providers
• OpenAI and Anthropic receive conversation data we send them
• They may generate usage metadata
• See their privacy policies for their data practices
2.4 INFORMATION WE DO NOT COLLECT
We do NOT collect:
❌ Health data (as defined by HIPAA or similar laws)
❌ Precise GPS location or real-time location tracking
❌ Contacts from your phone
❌ Photos from your device (unless you explicitly upload)
❌ Microphone recordings (except if using voice features with your permission)
❌ Camera access (unless you take photos within the app)
❌ Biometric data (fingerprint, Face ID data stays on your device)
❌ Financial information (credit cards - Apple handles this)
❌ Social media content or friends lists
❌ Government ID numbers (SSN, passport, etc.)
3. HOW WE USE YOUR INFORMATION
We use your information for the following purposes:
3.1 PRIMARY PURPOSES (Essential for Service)
A. Providing Core Services
✓ Creating and managing your account
✓ Authenticating your identity
✓ Delivering meditation and wellness content
✓ Providing AI-powered conversational support
✓ Saving your progress, goals, and preferences
✓ Synchronizing data across your devices (via iCloud if enabled)
B. Subscription Management
✓ Processing subscription purchases (via Apple)
✓ Managing subscription status and renewals
✓ Providing access to premium features
✓ Handling cancellations and refund requests
C. AI Content Generation
✓ Processing your questions and conversations with AI
✓ Generating personalized wellness suggestions
✓ Providing contextually relevant meditation recommendations
✓ Improving AI response quality for you
D. Customer Support
✓ Responding to your inquiries and support requests
✓ Troubleshooting technical issues
✓ Investigating bugs and crashes
✓ Providing account assistance
3.2 SECONDARY PURPOSES (Service Improvement)
E. Analytics & Performance
✓ Understanding how users interact with the App
✓ Identifying popular features and content
✓ Measuring engagement and retention
✓ Analyzing usage patterns to improve user experience
F. Product Development
✓ Developing new features and improvements
✓ Testing and optimizing existing features
✓ Conducting A/B tests (with anonymized data)
✓ Researching user needs and preferences
G. Security & Fraud Prevention
✓ Detecting and preventing fraud or abuse
✓ Protecting against security threats
✓ Enforcing our Terms of Use
✓ Investigating violations of our policies
H. Technical Maintenance
✓ Monitoring system performance
✓ Diagnosing technical problems
✓ Optimizing app performance and speed
✓ Managing infrastructure and servers
3.3 OPTIONAL PURPOSES (With Your Consent)
I. Marketing Communications (Opt-In)
✓ Sending promotional emails about new features
✓ Sharing wellness tips and content
✓ Announcing updates and improvements
✓ Conducting surveys (you can opt out anytime)
J. Personalized Recommendations
✓ Suggesting relevant meditation programs
✓ Recommending content based on your usage
✓ Customizing your in-app experience
✓ Tailoring notifications to your preferences
K. Research & Aggregated Insights
✓ Creating anonymized, aggregated statistics
✓ Publishing research on wellness trends (no personal data)
✓ Improving AI models (with de-identified data)
3.4 LEGAL PURPOSES
L. Compliance & Legal Obligations
✓ Complying with applicable laws and regulations
✓ Responding to legal requests (subpoenas, court orders)
✓ Enforcing our legal rights
✓ Protecting rights, property, or safety of GioMind or others
✓ Resolving disputes
✓ Meeting tax and accounting requirements
3.5 PURPOSES WE DO NOT USE YOUR DATA FOR
We do NOT use your information to:
❌ Sell or rent your personal data to third parties
❌ Share your personal data for third-party advertising
❌ Make automated decisions that significantly affect you (except as disclosed)
❌ Discriminate against you based on protected characteristics
❌ Create detailed profiles for purposes other than providing our Service
4. LEGAL BASES FOR PROCESSING (GDPR & UK GDPR)
If you are in the European Union, United Kingdom, or a jurisdiction with similar laws, we process your personal data based on the following legal grounds:
4.1 CONTRACT PERFORMANCE (GDPR Art. 6(1)(b))
Processing necessary to provide the Service you requested:
• Account creation and management
• Delivering app features and content
• Subscription management
• Customer support
4.2 LEGITIMATE INTERESTS (GDPR Art. 6(1)(f))
Processing necessary for our legitimate interests (or those of a third party), provided your rights don't override these interests:
• Improving our Service and user experience
• Analytics and usage insights
• Security and fraud prevention
• Technical maintenance and optimization
• Business operations and administration
4.3 LEGAL OBLIGATION (GDPR Art. 6(1)(c))
Processing required to comply with legal obligations:
• Responding to legal requests
• Tax and accounting requirements
• Regulatory compliance
• Enforcing Terms of Use
4.4 CONSENT (GDPR Art. 6(1)(a))
Processing based on your explicit consent:
• Marketing communications (you can withdraw anytime)
• Optional data collection (you can refuse)
• Non-essential cookies (you can decline)
• Location data (if we collect in future)
You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
4.5 VITAL INTERESTS (GDPR Art. 6(1)(d))
In rare cases, processing necessary to protect vital interests:
• Emergency situations involving life or death
• Preventing serious harm
4.6 SPECIAL CATEGORIES OF DATA
We generally do NOT process "special categories" of personal data (health, biometric, etc.) as defined by GDPR.
However, IF you voluntarily provide health-related information in:
• Journal entries
• Mood tracking
• AI conversations
We process this data based on:
• Your explicit consent (GDPR Art. 9(2)(a)), AND/OR
• You have manifestly made the data public (GDPR Art. 9(2)(e))
You can withdraw consent or delete this data at any time.
5. SHARING YOUR INFORMATION WITH THIRD PARTIES
We share your information only as described below. We do NOT sell your personal data.
5.1 SERVICE PROVIDERS (DATA PROCESSORS)
We share data with trusted third-party service providers who help us operate GioMind:
A. AI & Machine Learning Providers
• OpenAI (GPT models)
- Receives: Your AI conversation data, prompts, questions
- Purpose: Generating AI responses
- Location: United States
- Privacy Policy: https://openai.com/policies/privacy-policy
• Anthropic (Claude AI)
- Receives: Your AI conversation data (if Claude is used)
- Purpose: Generating AI responses
- Location: United States
- Privacy Policy: https://www.anthropic.com/legal/privacy
⚠️ IMPORTANT: AI providers may use data to improve their models unless you opt out (check their policies).
B. Cloud Infrastructure & Hosting
• Google Firebase (Google LLC)
- Receives: Account data, usage analytics, crash reports
- Purpose: Database, authentication, analytics, hosting
- Location: United States (may use global servers)
- Privacy Policy: https://firebase.google.com/support/privacy
• Cloudflare R2
- Receives: Media files, audio content
- Purpose: Content delivery and storage
- Location: Global CDN
- Privacy Policy: https://www.cloudflare.com/privacypolicy/
C. Payment Processing
• Apple Inc. (App Store)
- Receives: Purchase information, subscription data
- Purpose: Processing payments and subscriptions
- Location: United States (global operations)
- Privacy Policy: https://www.apple.com/legal/privacy/
D. Analytics & Monitoring
• Firebase Analytics
- Receives: Usage data, device info, crash logs
- Purpose: App performance and usage analytics
- Location: United States
• Firebase Crashlytics
- Receives: Crash reports, device info, error logs
- Purpose: Identifying and fixing bugs
- Location: United States
E. Communication Services (if we use them)
• Email service providers (SendGrid, Mailgun, etc.)
- Receives: Email address, communication content
- Purpose: Sending service emails and notifications
- Location: United States
F. Customer Support Tools (if we use them)
• Support platforms (Zendesk, Intercom, etc.)
- Receives: Support inquiries, email, device info
- Purpose: Managing customer support
- Location: United States
G. Content & Media Providers
• Suno AI
- Receives: Audio generation requests (no personal data)
- Purpose: Generating AI-powered music and soundscapes for meditation
- Location: United States
- Privacy Policy: https://suno.com/privacy
- Note: We do NOT send your personal information to Suno; only content generation parameters
• Pixabay
- Receives: Media request queries (no personal data)
- Purpose: Providing stock images, videos, and sound effects
- Location: Germany (EU)
- Privacy Policy: https://pixabay.com/service/privacy/
- Note: Pixabay content is accessed via their API; no user data is shared
5.2 BUSINESS TRANSFERS
If GioMind is involved in a:
• Merger
• Acquisition
• Sale of assets
• Bankruptcy or insolvency
Your information may be transferred to the acquiring entity. You will be notified of any such change via email or in-app notice.
5.3 LEGAL REQUIREMENTS & LAW ENFORCEMENT
We may disclose your information if required by law or in response to:
• Subpoenas, court orders, or legal processes
• Government or regulatory requests
• Law enforcement investigations
• National security requirements
• Protection of our legal rights
• Prevention of fraud, abuse, or illegal activity
• Protection of safety of any person
We will notify you of legal requests unless prohibited by law.
5.4 AGGREGATED & ANONYMIZED DATA
We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you with:
• Research partners
• Academic institutions
• Industry analysts
• Public (in reports or publications)
This data is NOT considered personal data under most privacy laws.
5.5 WITH YOUR CONSENT
We may share data with other third parties if you explicitly consent, such as:
• Integrations you enable
• Third-party services you connect
• Sharing features you use
You can revoke consent at any time.
5.6 WE DO NOT SHARE WITH:
❌ Advertisers (we don't have third-party ads)
❌ Data brokers
❌ Marketing companies for their own use
❌ Social media platforms (unless you explicitly share)
❌ Employers, insurers, or government agencies (except as legally required)
6. INTERNATIONAL DATA TRANSFERS
6.1 Where Your Data Is Processed
GioMind operates globally. Your data may be transferred to, stored in, and processed in countries outside your country of residence, including:
• United States (OpenAI, Anthropic, Firebase, Cloudflare)
• European Union (if we use EU servers)
• Other countries where our service providers operate
6.2 Data Transfer Safeguards
When transferring data internationally, we use appropriate safeguards:
FOR EUROPEAN UNION & UK USERS:
✓ Standard Contractual Clauses (SCCs) approved by EU Commission
✓ Adequacy decisions (for transfers to countries with adequate protection)
✓ Binding Corporate Rules (if applicable)
✓ Additional security measures for US transfers post-Schrems II
FOR OTHER JURISDICTIONS:
✓ Compliance with local data transfer requirements
✓ Contractual protections with service providers
✓ Security and encryption measures
6.3 US Data Transfers (Post-Schrems II)
Many of our service providers are in the United States, which may not provide the same level of data protection as the EU.
We implement additional safeguards:
✓ Standard Contractual Clauses
✓ Encryption in transit and at rest
✓ Access controls and security measures
✓ Regular security audits
6.4 Your Rights Regarding International Transfers
EU/UK users have the right to:
• Obtain information about safeguards for international transfers
• Object to transfers in certain circumstances
• Request a copy of the safeguards we use
6.5 Third-Party Certifications
Some of our service providers participate in:
• EU-US Data Privacy Framework (if certified)
• UK Extension to EU-US Data Privacy Framework
• Swiss-US Data Privacy Framework
Check individual provider privacy policies for their certifications.
7. DATA RETENTION & DELETION
7.1 How Long We Keep Your Data
ACTIVE ACCOUNTS:
• Account data: Retained while your account is active
• Usage data: Retained for up to 24 months
• AI conversation history: Retained while account is active (you can delete anytime)
• Journal entries: Retained while account is active
• Analytics data: Retained for up to 24 months
AFTER ACCOUNT DELETION:
• Personal data: Deleted within 90 days of account deletion request
• Backups: May persist in backups for up to 180 days
• Anonymized data: May be retained indefinitely (cannot identify you)
• Legal holds: Retained as required by law or ongoing legal matters
SPECIFIC DATA TYPES:
• Email communications: Up to 5 years (for legal purposes)
• Support tickets: Up to 3 years
• Payment records: As required by tax laws (typically 7 years)
• Crash logs: Up to 90 days
• Session logs: Up to 30 days
7.2 Data Retention Criteria
We determine retention periods based on:
• Purpose for which data was collected
• Legal obligations (tax, accounting, litigation)
• Legitimate business needs
• User expectations and rights
• Nature and sensitivity of data
7.3 How to Delete Your Data
TO DELETE YOUR ENTIRE ACCOUNT:
1. Open GioMind App
2. Go to Settings
3. Tap "Account"
4. Tap "Delete Account"
5. Confirm deletion
6. Your data will be deleted within 90 days
OR EMAIL US: giomind.app@gmail.com
Subject: "Account Deletion Request"
Include: Your email address used for account
7.4 What Happens After Deletion
✓ You will lose access to the App immediately
✓ Your subscription will be canceled (no refund for current period)
✓ Personal data will be deleted within 90 days
✓ You can create a new account in the future (fresh start)
7.5 Data We Cannot Delete
• Anonymized/aggregated data (not personally identifiable)
• Data required for legal compliance
• Data in backups (deleted within 180 days)
• Data subject to legal hold or litigation
7.6 Third-Party Data Retention
Note that third-party service providers (OpenAI, Firebase, etc.) have their own data retention policies. We request deletion from them, but cannot guarantee their compliance timelines.
8. YOUR PRIVACY RIGHTS BY JURISDICTION
Your privacy rights depend on where you live. See specific sections below for detailed rights by jurisdiction.
8.1 UNIVERSAL RIGHTS (Available to All Users)
Regardless of location, you can:
✓ Delete your account and data (Settings → Delete Account)
✓ Contact us with privacy questions (giomind.app@gmail.com)
8.2 EUROPEAN UNION & UK USERS (GDPR Rights)
See Section 19 for comprehensive GDPR rights.
8.3 CALIFORNIA USERS (CCPA/CPRA Rights)
See Section 18 for comprehensive California privacy rights.
8.4 OTHER US STATE PRIVACY LAWS
VIRGINIA (VCDPA), COLORADO (CPA), CONNECTICUT (CTDPA), UTAH (UCPA):
You have the right to:
✓ Confirm whether we process your personal data
✓ Access your personal data
✓ Delete your personal data
✓ Obtain a copy of your personal data
✓ Opt out of targeted advertising (we don't do this)
✓ Opt out of sale of personal data (we don't sell data)
To exercise these rights:
📧 Email: giomind.app@gmail.com
Subject: "[Your State] Privacy Rights Request"
8.5 CANADA (PIPEDA & PROVINCIAL LAWS)
Canadian users have the right to:
✓ Know what personal information we collect
✓ Access your personal information
✓ Correct inaccuracies
✓ Withdraw consent (where processing is based on consent)
✓ Challenge our compliance
QUEBEC (Law 25): Enhanced rights including:
✓ Right to data portability
✓ Right to de-indexing
✓ Enhanced consent requirements
To exercise rights:
📧 Email: giomind.app@gmail.com
Subject: "Canadian Privacy Rights Request"
8.6 BRAZIL (LGPD)
Brazilian users have the right to:
✓ Confirmation of processing
✓ Access to personal data
✓ Correction of incomplete or inaccurate data
✓ Anonymization, blocking, or deletion of data
✓ Portability of data to another service provider
✓ Information about public and private entities with which we share data
✓ Information about the possibility of denying consent
✓ Revocation of consent
To exercise rights:
📧 Email: giomind.app@gmail.com
Subject: "LGPD Rights Request"
You may also file complaints with ANPD (Autoridade Nacional de Proteção de Dados).
8.7 AUSTRALIA (PRIVACY ACT)
Australian users have the right to:
✓ Know what information we hold about you
✓ Access your personal information
✓ Correct inaccurate information
✓ Make a complaint to us or OAIC (Office of the Australian Information Commissioner)
To exercise rights:
📧 Email: giomind.app@gmail.com
Subject: "Australian Privacy Rights Request"
OAIC: https://www.oaic.gov.au/
8.8 NEW ZEALAND (PRIVACY ACT 2020)
New Zealand users have the right to:
✓ Access personal information
✓ Request correction of information
✓ Complain to Privacy Commissioner
To exercise rights:
📧 Email: giomind.app@gmail.com
Subject: "New Zealand Privacy Rights Request"
8.9 INDIA (IT RULES 2021 & DPDP ACT)
Indian users have the right to:
✓ Obtain confirmation about processing
✓ Access personal data
✓ Correct or update data
✓ Data portability
✓ Withdraw consent
Grievance Officer: [To be appointed if required]
📧 Email: giomind.app@gmail.com
Response time: 24 hours acknowledgment, resolution within 15 days
8.10 TURKEY (KVKK)
Turkish users have the right to:
✓ Learn whether personal data is processed
✓ Request information if processed
✓ Learn purpose of processing and whether used appropriately
✓ Know third parties to whom data is transferred
✓ Request correction of incomplete or inaccurate data
✓ Request deletion or destruction under certain conditions
✓ Object to automated processing
To exercise rights:
📧 Email: giomind.app@gmail.com
Subject: "KVKK Rights Request"
You may also apply to Turkish Data Protection Authority (KVK Kurumu).
8.11 SOUTH AFRICA (POPIA)
South African users have the right to:
✓ Access personal information
✓ Correct or delete personal information
✓ Object to processing
✓ Lodge complaints with Information Regulator
8.12 JAPAN (APPI)
Japanese users have the right to:
✓ Disclosure of personal information
✓ Correction, addition, or deletion
✓ Suspension of use or deletion
8.13 SOUTH KOREA (PIPA)
Korean users have the right to:
✓ Access personal information
✓ Correct or delete personal information
✓ Suspend processing
✓ Withdraw consent
8.14 SINGAPORE (PDPA)
Singaporean users have the right to:
✓ Access personal data
✓ Correct personal data
✓ Withdraw consent
8.15 HOW TO EXERCISE YOUR RIGHTS
TO EXERCISE ANY PRIVACY RIGHT:
1. Email us at: giomind.app@gmail.com
2. Subject line: "[Your Country/Region] Privacy Rights Request"
3. Include:
• Your full name
• Email address associated with your account
• Specific right you wish to exercise
• Any additional information to verify your identity
RESPONSE TIME:
• Acknowledgment: Within 5 business days
• Full response: Within 30 days (may be extended to 60 days for complex requests)
• Specific jurisdictions may have different timelines (we will comply with local law)
VERIFICATION:
• We may request additional information to verify your identity
• This protects your data from unauthorized access
• Verification should not be overly burdensome
NO FEE:
• Exercising your rights is generally free
• We may charge a reasonable fee for excessive or repetitive requests
9. CHILDREN'S PRIVACY
9.1 Age Restriction
GioMind is NOT intended for children under 18 years of age.
✓ You must be at least 18 years old to use GioMind
✓ We do not knowingly collect data from anyone under 18
✓ We do not target content to children
9.2 COPPA Compliance (United States)
We comply with the Children's Online Privacy Protection Act (COPPA).
• We do not knowingly collect personal information from children under 13
• We do not have actual knowledge that we process children's data
9.3 If We Discover Underage Users
If we learn that we have collected data from someone under 18:
1. We will immediately delete the account
2. We will delete all associated personal data
3. We will not provide a refund for any subscription fees paid
4. The user will be permanently banned from creating new accounts
9.4 Parental Notice
If you are a parent or guardian and discover your child has created an account:
📧 Email us immediately: giomind.app@gmail.com
Subject: "Underage Account - Immediate Deletion Required"
Include: Child's email or username, your contact information
We will promptly delete the account and all data.
9.5 Age Verification
While we require users to confirm they are 18+:
• We do not currently implement strict age verification
• We rely on user honesty
• Parents are responsible for monitoring their children's app usage
10. SECURITY MEASURES
10.1 Our Commitment to Security
We implement reasonable technical, administrative, and physical safeguards to protect your personal data from unauthorized access, disclosure, alteration, or destruction.
10.2 TECHNICAL SECURITY MEASURES
A. Encryption
✓ Data in transit: TLS/SSL encryption (HTTPS)
✓ Data at rest: AES-256 encryption for sensitive data
✓ Password storage: Bcrypt hashing with salt
✓ End-to-end encryption: For certain sensitive features (if implemented)
B. Access Controls
✓ Multi-factor authentication for admin accounts
✓ Role-based access control (RBAC)
✓ Principle of least privilege
✓ Regular access audits
C. Network Security
✓ Firewalls and intrusion detection systems
✓ DDoS protection (via Cloudflare)
✓ Regular vulnerability scanning
✓ Penetration testing (periodic)
D. Application Security
✓ Secure coding practices
✓ Input validation and sanitization
✓ SQL injection prevention
✓ Cross-site scripting (XSS) prevention
✓ CSRF token protection
E. Infrastructure Security
✓ Secure cloud hosting (Firebase, Cloudflare)
✓ Regular security patches and updates
✓ Isolated environments (production, staging, development)
✓ Backup and disaster recovery systems
10.3 ADMINISTRATIVE SECURITY MEASURES
A. Employee Training
✓ Security awareness training
✓ Privacy training
✓ Incident response training
B. Policies & Procedures
✓ Information security policy
✓ Data breach response plan
✓ Access control policy
✓ Data retention policy
C. Vendor Management
✓ Security requirements in contracts
✓ Regular vendor security assessments
✓ Data processing agreements
D. Monitoring & Auditing
✓ Security event logging
✓ Regular security audits
✓ Compliance monitoring
10.4 PHYSICAL SECURITY MEASURES
✓ Secure data centers (managed by Google, Cloudflare)
✓ Physical access controls
✓ 24/7 surveillance (at data center facilities)
✓ Environmental controls
10.5 YOUR ROLE IN SECURITY
To keep your data safe, YOU should:
✓ Choose a strong, unique password
✓ Never share your password with others
✓ Log out when using shared devices
✓ Keep your iOS device updated
✓ Enable device passcode/biometric lock
✓ Report suspicious activity immediately
10.6 DATA BREACH NOTIFICATION
In the event of a data breach:
1. We will investigate and contain the breach
2. We will assess the risk to your data
3. We will notify affected users within timeframes required by law:
• GDPR: Within 72 hours to authorities, without undue delay to users
• CCPA: Without unreasonable delay
• Other jurisdictions: As required by local law
4. We will provide information about:
• Nature of the breach
• Data affected
• Steps we're taking
• Steps you should take
5. We will notify applicable data protection authorities
10.7 LIMITATIONS OF SECURITY
⚠️ IMPORTANT DISCLAIMER:
While we implement strong security measures, NO SYSTEM IS 100% SECURE.
• Data transmission over the internet is never completely secure
• Unauthorized access, hacking, or data breaches may occur
• We cannot guarantee absolute security
• You use GioMind at your own risk
If you believe your account has been compromised:
📧 Email immediately: giomind.app@gmail.com
Subject: "URGENT: Security Incident"
11. COOKIES & TRACKING TECHNOLOGIES
11.1 What Are Cookies?
Cookies are small text files stored on your device that help us provide and improve our Service.
11.2 Types of Cookies We Use
A. ESSENTIAL COOKIES (Always Active)
• Purpose: Enable core functionality
• Examples: Session management, authentication, security
• Legal Basis: Necessary for service performance
• Cannot be disabled
B. ANALYTICAL/PERFORMANCE COOKIES
• Purpose: Understand how you use the App
• Examples: Firebase Analytics, crash reporting
• Legal Basis: Legitimate interest / Consent (depending on jurisdiction)
• Can be disabled in Settings
C. FUNCTIONAL COOKIES
• Purpose: Remember your preferences
• Examples: Language settings, theme preferences
• Legal Basis: Legitimate interest / Consent
• Can be disabled in Settings
D. ADVERTISING COOKIES
• We do NOT currently use advertising cookies
• We do NOT serve third-party ads
11.3 Other Tracking Technologies
A. Mobile SDKs
• Firebase SDK (analytics, crash reporting)
• Apple SDK (App Store, payment processing)
B. Local Storage
• App uses local storage to save:
- User preferences
- Session data
- Cached content
C. Device Identifiers
• IDFA (Identifier for Advertisers) - only if you consent via iOS ATT prompt
• Device ID - for basic functionality
11.4 How to Manage Cookies & Tracking
IN-APP CONTROLS:
• Settings → Privacy → Analytics
• Toggle on/off for non-essential tracking
iOS DEVICE SETTINGS:
• Settings → Privacy → Tracking
• Toggle "Allow Apps to Request to Track"
• Settings → Privacy → Apple Advertising
• Toggle "Personalized Ads" off
CONSEQUENCES OF DISABLING TRACKING:
• App will still function
• We cannot provide personalized recommendations
• We cannot analyze crashes or bugs as effectively
• Some features may be limited
11.5 Do Not Track (DNT)
• iOS does not have a Do Not Track setting for apps
• You can use iOS ATT (App Tracking Transparency) instead
• We respect iOS ATT choices
11.6 Third-Party Cookies
• We do not control third-party cookies set by service providers
• Review third-party privacy policies:
- Firebase: https://firebase.google.com/support/privacy
- Apple: https://www.apple.com/legal/privacy/
12. THIRD-PARTY SERVICES & LINKS
12.1 Third-Party Service Providers
GioMind integrates with third-party services as described in Section 5 (Sharing Information).
• We are not responsible for third-party privacy practices
• Each provider has its own privacy policy
• Review their policies before using our Service:
- OpenAI: https://openai.com/policies/privacy-policy
- Anthropic: https://www.anthropic.com/legal/privacy
- Google/Firebase: https://firebase.google.com/support/privacy
- Cloudflare: https://www.cloudflare.com/privacypolicy/
- Apple: https://www.apple.com/legal/privacy/
- Suno AI: https://suno.com/privacy
- Pixabay: https://pixabay.com/service/privacy/
12.2 Links to Third-Party Websites
GioMind may contain links to third-party websites, resources, or services.
⚠️ We are NOT responsible for:
• Privacy practices of linked sites
• Content of external websites
• Terms of service of third parties
✓ We recommend reviewing privacy policies before providing data to third parties
12.3 Social Media Features
If we add social sharing features in the future:
• Social media platforms may collect data when you use these features
• Your interactions are governed by the privacy policy of the social network
12.4 No Endorsement
Inclusion of third-party links does NOT imply:
• Endorsement of their services
• Guarantee of their privacy practices
• Any partnership or affiliation beyond technical integration
13. AI PROCESSING & DATA USAGE
13.1 How AI Uses Your Data
When you interact with AI features in GioMind:
1. Your prompts/questions are sent to AI providers (OpenAI, Anthropic)
2. AI processes your input to generate responses
3. Conversation history may be retained for context
4. Your data may be used to improve AI models (subject to provider policies)
13.2 Data Sent to AI Providers
AI providers receive:
✓ Your questions and conversation messages
✓ Context from your previous conversations (within the session)
✓ Your preferences and settings
✓ Metadata (timestamps, session IDs)
AI providers do NOT automatically receive:
❌ Your email address (unless you mention it)
❌ Your payment information
❌ Your device information
❌ Your location
13.3 AI Provider Data Practices
OPENAI:
• May use data to improve models (you can opt out via their settings)
• Retains data for 30 days (as of their current policy)
• Subject to their Data Processing Agreement
• Privacy Policy: https://openai.com/policies/privacy-policy
ANTHROPIC:
• May use data to improve models (subject to their policies)
• Retention periods vary
• Privacy Policy: https://www.anthropic.com/legal/privacy
⚠️ AI provider policies may change. Check their privacy policies directly.
13.4 How to Limit AI Data Usage
TO REDUCE AI DATA COLLECTION:
• Be vague in your conversations (don't share personal details)
• Clear conversation history regularly (Settings → Clear AI History)
• Don't share sensitive information with AI
TO OPT OUT OF AI MODEL TRAINING:
• For OpenAI: Follow their opt-out process at https://openai.com/policies/privacy-policy
• For Anthropic: Check their privacy policy for opt-out options
13.5 AI Data Retention
• In-app conversation history: Retained until you delete it or close your account
• AI provider retention: Subject to their policies (typically 30-90 days)
13.6 No Human Review (Except for Safety)
• Your AI conversations are NOT routinely reviewed by humans
• Exceptions: Safety reviews if AI flags concerning content (self-harm, abuse, etc.)
• Support staff may access conversations if you request help
13.7 AI Limitations & Disclaimers
⚠️ Remember:
• AI may generate inaccurate or inappropriate content
• AI does not provide medical or professional advice
• Do not rely on AI for critical decisions
• See our Terms of Use for full AI disclaimers
13A. CONTENT LICENSING & THIRD-PARTY MEDIA
13A.1 AI-Generated Music (Suno AI)
Some meditation music and soundscapes in GioMind are generated using Suno AI technology.
• Suno AI generates music based on our creative prompts
• We have a license to use Suno-generated music within GioMind
• No personal user data is sent to Suno for music generation
• Music is generated in advance and stored on our servers
• You may listen to this music only within the App
IMPORTANT: You may NOT:
❌ Extract, download, or save Suno-generated music
❌ Use audio recording tools to capture the music
❌ Share or redistribute music files outside GioMind
❌ Use the music for commercial purposes
13A.2 Stock Media (Pixabay)
Some images, videos, and sound effects are sourced from Pixabay under their Content License.
• Pixabay provides royalty-free stock content
• We use Pixabay content under their license terms
• Pixabay API access does not involve sharing user data
• Content is displayed within the App only
IMPORTANT: You may NOT:
❌ Extract, download, or save Pixabay images or videos
❌ Screenshot or screen-record for redistribution
❌ Use Pixabay content outside of GioMind
❌ Claim ownership of Pixabay content
13A.3 Other Licensed Content
Some content may be licensed from other stock providers, music libraries, or creative platforms.
• All content is properly licensed for use in GioMind
• Third-party licenses restrict use to within the App
• You have no rights to extract or reuse this content
13A.4 Privacy Implications
Using licensed content does NOT involve:
✓ Sharing your personal data with content providers
✓ Tracking your viewing or listening habits by third parties
✓ Any data exchange beyond content delivery
Content providers (Suno, Pixabay) do NOT receive:
❌ Your name, email, or account information
❌ Your usage patterns or preferences
❌ Any personally identifiable information
14. MARKETING & COMMUNICATIONS
14.1 Types of Communications
A. TRANSACTIONAL EMAILS (Cannot Opt Out)
• Account creation confirmation
• Password reset emails
• Subscription confirmations and renewals
• Payment receipts
• Account termination notices
• Security alerts
• Legal notices and Terms/Policy updates
B. SERVICE EMAILS (Cannot Opt Out)
• Feature announcements (major changes)
• Service disruption notifications
• Security updates
15. CHANGES TO PRIVACY POLICY
15.1 Right to Modify
We may update this Privacy Policy from time to time to reflect:
• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• Security improvements
• User feedback
15.2 Notice of Changes
When we make changes:
1. "Last Updated" date at the top will be changed
2. Material changes will be notified via:
• Email to your registered address
• In-app notification
• Prominent notice on app launch
3. Notice period: Typically 30 days before changes take effect
15.3 Material vs. Non-Material Changes
MATERIAL CHANGES (require active notice):
• New categories of personal data collected
• New purposes for data use
• New third parties receiving your data
• Reduced data security or retention
• Changes that negatively affect your rights
NON-MATERIAL CHANGES (may not require notice):
• Clarifications or rewording
• Formatting improvements
• Contact information updates
• Administrative changes
15.4 Acceptance of Changes
• Continued use of GioMind after changes = acceptance of new Privacy Policy
• If you disagree with changes, you must:
- Stop using the Service
- Delete your account
- We will process your data under the new policy going forward
15.5 Accessing Previous Versions
• Previous versions may be archived and available upon request
• Email giomind.app@gmail.com for historical Privacy Policy versions
16. CONTACT INFORMATION & DATA PROTECTION
16.1 General Privacy Inquiries
For questions or concerns about this Privacy Policy or our data practices:
📧 Email: giomind.app@gmail.com
Subject: "Privacy Inquiry"
Response time: Within 5-7 business days
16.2 Data Protection Officer (DPO)
If required by law (e.g., GDPR), our Data Protection Officer:
📧 Email: giomind.app@gmail.com
Subject: "Attention: Data Protection Officer"
[If a separate DPO is appointed, update this section]
16.3 EU Representative (GDPR Article 27)
If we are required to appoint an EU representative:
[To be appointed if necessary]
[Contact details to be added]
16.4 UK Representative (UK GDPR Article 27)
If we are required to appoint a UK representative:
[To be appointed if necessary]
[Contact details to be added]
16.5 Grievance Officer (India - IT Rules 2021)
For Indian users:
Grievance Officer: [To be appointed if necessary]
📧 Email: giomind.app@gmail.com
Response time: 24 hours acknowledgment, 15 days resolution
16.6 Business Information
Service Provider: [Legal entity name - To be completed]
Business Address: [To be completed]
Registration Number: [If applicable]
Contact: giomind.app@gmail.com
16.7 Supervisory Authorities
Depending on your location, you may contact data protection authorities:
EUROPEAN UNION:
• List of EU DPAs: https://edpb.europa.eu/about-edpb/board/members_en
• Your local supervisory authority (based on your country)
UNITED KINGDOM:
• Information Commissioner's Office (ICO)
• Website: https://ico.org.uk/
• Phone: 0303 123 1113
CALIFORNIA:
• California Attorney General
• Website: https://oag.ca.gov/privacy
OTHER JURISDICTIONS:
• Check your local data protection authority website
17. JURISDICTION-SPECIFIC PROVISIONS
17.1 United States
• We comply with applicable US federal and state privacy laws
• California users: See Section 18 (CCPA/CPRA)
• Other state users: See Section 8.4
• We do not respond to Do Not Track signals (as they are not standardized for mobile apps)
17.2 European Union
• We comply with GDPR (Regulation (EU) 2016/679)
• See Section 19 for comprehensive GDPR rights
• Legal basis for processing: See Section 4
17.3 United Kingdom
• We comply with UK GDPR and Data Protection Act 2018
• Rights similar to EU GDPR (see Section 19)
• ICO is the supervisory authority
17.4 Canada
• We comply with PIPEDA (federal)
• Quebec users: We comply with Law 25 / Bill 64
• See Section 8.5 for Canadian rights
17.5 Brazil
• We comply with LGPD (Lei Geral de Proteção de Dados)
• See Section 8.6 for LGPD rights
• ANPD is the data protection authority
17.6 Australia
• We comply with Privacy Act 1988 (including Australian Privacy Principles)
• See Section 8.7 for Australian rights
• OAIC is the privacy regulator
17.7 Turkey
• We comply with KVKK (Kişisel Verilerin Korunması Kanunu)
• See Section 8.10 for KVKK rights
• KVK Kurumu is the data protection authority
17.8 India
• We comply with IT Act 2000 and IT Rules 2021
• Digital Personal Data Protection Act (when effective)
• See Section 8.9 for Indian rights
17.9 Other Jurisdictions
We strive to comply with data protection laws in all jurisdictions where we operate. If your jurisdiction is not specifically mentioned, please contact us to inquire about applicable protections.
18. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
This section applies to California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
18.1 CATEGORIES OF PERSONAL INFORMATION COLLECTED
In the past 12 months, we have collected the following categories:
A. IDENTIFIERS
• Email address, name, account ID, device ID
• Collected: Yes
• Source: Directly from you
• Business Purpose: Account management, authentication
• Shared with: Firebase, Apple
B. COMMERCIAL INFORMATION
• Subscription purchase records, transaction history
• Collected: Yes
• Source: Apple App Store
• Business Purpose: Subscription management
• Shared with: Apple
C. INTERNET/NETWORK ACTIVITY
• App usage data, navigation history, interaction with features
• Collected: Yes
• Source: Automatically collected
• Business Purpose: Analytics, service improvement
• Shared with: Firebase (Analytics)
D. GEOLOCATION DATA
• General location (city/country level from IP)
• Collected: Yes (approximate only)
• Source: Automatically collected
• Business Purpose: Analytics, content delivery
• Shared with: Firebase, Cloudflare
E. INFERENCES
• Preferences, interests, behavior patterns
• Collected: Yes
• Source: Derived from your usage
• Business Purpose: Personalization, recommendations
• Shared with: None (used internally)
F. SENSITIVE PERSONAL INFORMATION (as defined by CPRA)
• Potentially: Contents of journal entries or AI conversations (if they reveal health data)
• Collected: Only if you voluntarily provide
• Source: Directly from you
• Business Purpose: Providing wellness features
• Shared with: OpenAI, Anthropic (for AI processing only)
• Limit use: You can request limited use (see below)
18.2 YOUR CALIFORNIA PRIVACY RIGHTS
A. RIGHT TO KNOW (CCPA § 1798.100)
You have the right to request:
✓ Categories of personal information we collected
✓ Categories of sources
✓ Business or commercial purposes for collecting
✓ Categories of third parties we share with
✓ Specific pieces of personal information we collected about you
B. RIGHT TO DELETE (CCPA § 1798.105)
You have the right to request deletion of your personal information, subject to certain exceptions.
C. RIGHT TO CORRECT (CPRA § 1798.106)
You have the right to request correction of inaccurate personal information.
D. RIGHT TO OPT-OUT OF SALE/SHARING (CCPA § 1798.120)
✓ We do NOT sell your personal information
✓ We do NOT share your personal information for cross-context behavioral advertising
✓ Therefore, no opt-out is necessary
E. RIGHT TO LIMIT USE OF SENSITIVE PERSONAL INFORMATION (CPRA § 1798.121)
✓ You can request we limit use of sensitive information to only what's necessary to provide services
✓ We only use sensitive information (if any) for providing our Service
F. RIGHT TO NON-DISCRIMINATION (CCPA § 1798.125)
✓ We will NOT discriminate against you for exercising your privacy rights
✓ You will receive equal service and pricing
18.3 HOW TO EXERCISE CALIFORNIA RIGHTS
TO SUBMIT A REQUEST:
📧 Email: giomind.app@gmail.com
Subject: "California Privacy Rights Request"
Include:
• Your name
• Email address associated with account
• Specific right you're exercising
• California residency confirmation
OR use in-app tools:
• Settings → Privacy → California Privacy Rights
VERIFICATION:
• We will verify your identity before responding
• May request additional information (driver's license, account details)
RESPONSE TIME:
• Acknowledgment: Within 10 days
• Full response: Within 45 days (may extend to 90 days if complex)
AUTHORIZED AGENTS:
• You may designate an authorized agent to submit requests
• Must provide signed authorization
• We may still verify your identity directly
18.4 DO NOT SELL OR SHARE MY PERSONAL INFORMATION
✓ We DO NOT sell your personal information to third parties
✓ We DO NOT share your personal information for cross-context behavioral advertising
✓ We DO NOT have a "Do Not Sell or Share" link because we don't engage in these practices
If our practices change, we will:
• Update this Privacy Policy
• Provide a clear "Do Not Sell or Share My Personal Information" link
• Honor your opt-out choices
18.5 FINANCIAL INCENTIVES
We do NOT currently offer financial incentives for collecting, retaining, or selling personal information.
If we introduce such programs in the future:
• We will provide clear terms
• You can opt in voluntarily
• You can opt out at any time
18.6 CALIFORNIA SHINE THE LIGHT LAW (CIVIL CODE § 1798.83)
California residents may request information about disclosure of personal information to third parties for direct marketing purposes.
• We do NOT disclose personal information to third parties for their direct marketing
• Therefore, no "Shine the Light" disclosure is required
18.7 CALIFORNIA MINORS (BUSINESS & PROFESSIONS CODE § 22581)
• GioMind is NOT directed to minors under 18
• We do NOT knowingly collect data from minors
• If you are under 18, do NOT use GioMind
19. EUROPEAN UNION & UK RIGHTS (GDPR)
This section applies to individuals in the European Union, European Economic Area, and United Kingdom under GDPR.
19.1 YOUR GDPR RIGHTS
A. RIGHT TO BE INFORMED (Art. 13-14)
✓ This Privacy Policy provides required information
✓ You have the right to clear information about data processing
B. RIGHT OF ACCESS (Art. 15)
✓ Request confirmation of whether we process your data
✓ Request a copy of your personal data
✓ Request information about processing purposes, categories, recipients
C. RIGHT TO RECTIFICATION (Art. 16)
✓ Request correction of inaccurate or incomplete data
✓ Update your information in Settings or contact us
D. RIGHT TO ERASURE / "Right to Be Forgotten" (Art. 17)
✓ Request deletion of your personal data
✓ Subject to legal obligations or legitimate interests
✓ Delete your account to exercise this right
E. RIGHT TO RESTRICTION OF PROCESSING (Art. 18)
✓ Request we limit processing in certain circumstances:
- While verifying accuracy of contested data
- When processing is unlawful but you prefer restriction to deletion
- When we no longer need data but you need it for legal claims
- While verifying legitimate grounds for processing
F. RIGHT TO DATA PORTABILITY (Art. 20)
✓ Receive your data in structured, commonly used, machine-readable format
✓ Transmit your data to another controller
✓ Applies when processing is based on consent or contract
G. RIGHT TO OBJECT (Art. 21)
✓ Object to processing based on legitimate interests
✓ Object to direct marketing (we will stop immediately)
✓ Object to automated decision-making (if applicable)
H. RIGHTS RELATED TO AUTOMATED DECISION-MAKING (Art. 22)
✓ We do NOT make automated decisions that significantly affect you without human involvement
✓ AI suggestions are not binding decisions
I. RIGHT TO WITHDRAW CONSENT (Art. 7(3))
✓ Where processing is based on consent, you can withdraw at any time
✓ Withdrawal does not affect lawfulness of prior processing
J. RIGHT TO LODGE A COMPLAINT (Art. 77)
✓ You have the right to complain to a supervisory authority
✓ Your local data protection authority (DPA)
✓ List: https://edpb.europa.eu/about-edpb/board/members_en
19.2 HOW TO EXERCISE GDPR RIGHTS
TO SUBMIT A REQUEST:
📧 Email: giomind.app@gmail.com
Subject: "GDPR Rights Request"
Include:
• Your name and email
• Specific right you're exercising
• Any relevant details
RESPONSE TIME:
• Within 1 month (may extend to 2 months for complex requests)
• We will inform you if we need an extension
VERIFICATION:
• We may request additional information to verify identity
• Reasonable verification, not excessive
FREE OF CHARGE:
• Exercising rights is generally free
• May charge reasonable fee for excessive or repetitive requests
19.3 LEGAL BASIS FOR PROCESSING
See Section 4 for detailed legal bases under GDPR.
19.4 INTERNATIONAL DATA TRANSFERS (Art. 44-50)
See Section 6 for information about international data transfers and safeguards.
✓ Standard Contractual Clauses (SCCs)
✓ Adequacy decisions
✓ Additional security measures
19.5 DATA PROTECTION IMPACT ASSESSMENT (DPIA)
When required by law, we conduct Data Protection Impact Assessments for:
• High-risk processing activities
• Large-scale processing of special categories of data
• Systematic monitoring
19.6 DATA PROTECTION OFFICER (DPO)
If required under GDPR, contact our DPO:
📧 Email: giomind.app@gmail.com
Subject: "Attention: Data Protection Officer"
[If a separate DPO is appointed, update contact details]
19.7 EU REPRESENTATIVE (Art. 27)
If we are not established in the EU but offer services to EU residents, we may appoint an EU representative:
[To be appointed if necessary]
19.8 SUPERVISORY AUTHORITIES
You have the right to lodge a complaint with:
• Your local data protection authority
• List of EU/EEA authorities: https://edpb.europa.eu/about-edpb/board/members_en
EXAMPLES:
• Germany: BfDI (Bundesbeauftragte für den Datenschutz)
• France: CNIL (Commission Nationale de l'Informatique et des Libertés)
• Ireland: DPC (Data Protection Commission)
• UK: ICO (Information Commissioner's Office)
19.9 SPECIAL CATEGORIES OF PERSONAL DATA (Art. 9)
We generally do NOT intentionally collect special categories of data.
However, if you voluntarily provide:
• Health-related information in journal entries or AI conversations
We process it based on:
✓ Your explicit consent (Art. 9(2)(a)), AND/OR
✓ You have manifestly made the data public (Art. 9(2)(e))
You can withdraw consent or delete this data anytime.
20. ADDITIONAL REGIONAL RIGHTS
20.1 Nevada (SB 220)
Nevada residents have the right to opt out of the sale of certain covered information.
• We do NOT sell your covered information
• No opt-out is necessary
20.2 Switzerland
Swiss residents have rights similar to GDPR.
• Swiss Federal Data Protection Act (FADP)
• Contact: Federal Data Protection and Information Commissioner (FDPIC)
20.3 Mexico (LFPDPPP)
Mexican residents have ARCO rights:
• Access (Acceso)
• Rectification (Rectificación)
• Cancellation (Cancelación)
• Opposition (Oposición)
20.4 Argentina (PDPA)
Argentine residents have rights under Personal Data Protection Act.
• Similar to GDPR rights
• Contact: Agencia de Acceso a la Información Pública
20.5 Israel (Privacy Protection Law)
Israeli residents have the right to:
• Access personal information
• Request correction or deletion
• Contact: Privacy Protection Authority
20.6 Hong Kong (PDPO)
Hong Kong residents have data access and correction rights.
• Contact: Office of the Privacy Commissioner for Personal Data
20.7 Philippines (DPA)
Philippine residents have rights under Data Privacy Act 2012.
• Contact: National Privacy Commission
20.8 Thailand (PDPA)
Thai residents have rights under Personal Data Protection Act.
• Similar to GDPR rights
20.9 Indonesia (PDP Law)
Indonesian residents have rights under Personal Data Protection Law.
• Right to access, correct, and delete data
20.10 Other Countries
If your country has specific data protection laws not mentioned here, please contact us to inquire about your rights.
21. FINAL PROVISIONS
21.1 Entire Privacy Policy
This Privacy Policy, together with our Terms of Use, constitutes the complete privacy agreement between you and GioMind.
21.2 Severability
If any provision is found unenforceable, the remaining provisions remain in effect.
21.3 Language
• English is the primary language
• Translations may be provided for convenience
• English version controls in case of discrepancies
21.4 Contact for Privacy Questions
For any privacy-related questions or concerns:
📧 Email: giomind.app@gmail.com
Subject: "Privacy Question"
21.5 Acknowledgment
By using GioMind, you acknowledge that:
✓ You have read and understood this Privacy Policy
✓ You consent to the collection and use of your information as described
✓ You understand your rights and how to exercise them
📋 PRIVACY POLICY SUMMARY (Quick Reference)
WHAT WE COLLECT:
• Account info (email, name)
• Usage data (how you use the app)
• Device info (iOS version, device type)
• AI conversations (what you say to the AI)
• Journal entries and mood data (if you use these features)
HOW WE USE IT:
• Provide and improve the Service
• AI-powered wellness support
• Analytics and product development
• Customer support
WHO WE SHARE WITH:
• AI providers (OpenAI, Anthropic)
• Cloud hosting (Firebase, Cloudflare)
• Apple (for payments)
• We do NOT sell your data
YOUR RIGHTS:
• Access your data
• Delete your account and data
• Opt out of marketing emails
• Additional rights based on your location (GDPR, CCPA, etc.)
SECURITY:
• Encryption, access controls, regular security audits
• No system is 100% secure
CONTACT US:
📄 END OF PRIVACY POLICY
Last Updated: December 1, 2025
Thank you for trusting GioMind with your wellness journey.
We are committed to protecting your privacy.
© 2025 GioMind. All Rights Reserved.