Privacy, in plain words
Most privacy policies are written so you won't read them. This one is written so you will. It says what we store about you, where it goes, what could go wrong, and how to get everything deleted. If anything here is unclear, write to us and we'll answer, a person, not a bot.
01Who we are
MindZone AI is built and run by Aiora Technologies LLC, a company registered in Wyoming, USA and operating from Paphos, Cyprus. For anything in this document, email aioraownr@gmail.com. There is no support department. The person reading that inbox is the person who wrote the code.
Age and minors. MindZone is for people 13 and over. Anyone under 18 needs a parent or guardian's consent to take part, and that guardian's consent is part of what we store for a minor's application. We don't knowingly collect anything from a child under 13; if you believe we have, email us and we'll delete it.
02What we store, and why
- Your account. A username and a hash of your password. We never store the password itself, and we can't recover it, only reset it.
- Your session prompts. The sentences you type ("45 minute deep work session") are kept, up to the last 200 per account. They power your history view and let us investigate abuse. Write them accordingly: a prompt is the one place where you decide how much of your life to tell us.
- Rendered audio. Generated files live on the server for about an hour so you can play and download them, then they are deleted automatically.
- Biometric readings. Only if you connect a wearable or type readings in yourself. We keep daily summaries (HRV, resting heart rate, readiness, sleep score), at most the last 90 per account, to compute your personal baseline.
- Wearable account keys. If you connect Oura or another provider, the access tokens are stored encrypted. We can read your recovery data with them; we cannot see your provider password.
- The live heart stream. During a session, beat data flows through the server and straight back out as a breathing pace. It is never written to disk. When the session ends, it's gone.
- Alpha applications. If you apply for testing we keep the name, email, age, device, and occupation you gave us, plus the IP address the application came from (that's how we filter bots). If you're under 18, we also record that a parent or guardian consented.
- A security log. Logins, failed logins, and admin actions, with IP address and browser signature. This exists so that if someone attacks your account, we can see it and prove it.
03What we don't do
No advertising. No analytics scripts, no trackers, no pixels. No selling or renting data to anyone, in any form, aggregated or not. No reading your contacts, location, photos, or anything else on your device. The only cookie we set is the one that keeps you logged in.
We also don't pretend. When the audio can't adapt to your heart rate (it's fixed once rendered), we say so, and only the visuals and breathing guide adapt. The same rule applies to this document: nothing here is aspirational. It describes the system as it is built.
04Where your data travels
Everything lives on a single server we rent from Hetzner, a European hosting company. There is no data warehouse and no analytics pipeline. Three things leave that server, and only when you use the matching feature:
- Your prompt goes to OpenAI when you generate with the GPT strategy. OpenAI processes it to plan your session and is contractually barred from training on API data. If you'd rather your prompts never leave our server, switch the strategy to Heuristic. It works offline and nothing is sent anywhere.
- Your browser fetches fonts from Google Fonts, which means Google sees your IP address made a font request. We plan to self-host the font and close even this.
- Wearable providers (Oura, Garmin, Strava, Polar) see that MindZone is requesting your recovery data, because you authorized exactly that.
05How it's protected
Traffic is encrypted (HTTPS). Passwords are hashed with bcrypt. Login sessions are stored only as digests, so a stolen database cannot be replayed as logins. Wearable tokens are encrypted at rest. The database and application files are readable only by the service itself. Logins are rate-limited and accounts lock after repeated failures. Every security-relevant event is logged.
06When things go wrong
Honest software plans for its own bad days. Here is ours:
- A data breach. If someone gets our database despite the measures above, the worst realistic exposure is: usernames, prompt history, daily biometric summaries, and the security log. Not your password (hashed), not your active sessions (digested), not your wearable password (we never had it). If a breach happens, we will email every affected account within 72 hours and say plainly what was taken.
- Flickering light. Parts of MindField and MindSight can flash. Flicker can trigger seizures in people with photosensitive epilepsy. It is off for everyone by default and only turns on after you read the warning and consent. If you or anyone in your family has a seizure history, leave it off. If you feel unwell during any session, stop.
- This is not medicine. MindZone is an experimental cognitive optimization prototype. It is not a medical device, and its sessions are not clinical treatments. Don't use it to replace care, and don't use it while driving or operating anything dangerous.
- Loud audio. You control the volume. Start low, especially with headphones. Prolonged loud listening damages hearing regardless of what is playing.
- Wrong biometric readings. Wearable data is noisy. A bad sensor night can make the engine think you're exhausted when you're fine. We only use these readings to nudge session settings. We never diagnose, score your health, or make decisions with consequences beyond one audio session.
- Server loss. If the server dies, rendered audio and anything not yet backed up may be lost. We treat your data as yours, not as an asset to hoard, so we keep as little as possible in the first place.
- Our mistake. If we ever mishandle your data ourselves, the policy is the same as for a breach: we tell you, quickly and specifically, and we fix the process that allowed it.
07What we keep, and for how long
| Data | Kept |
|---|---|
| Rendered audio files | about 1 hour, then deleted |
| Live heart-rate stream | never stored |
| Session prompts | last 200 per account |
| Biometric daily summaries | last 90 per account |
| Login sessions | 7 days, then expired and purged |
| Account, security log, alpha application | until you ask us to delete |
08What we value
Minimal collection. Every stored field exists because a feature needs it. There is no "collect now, find a use later".
Honesty over polish. If a limitation exists, we name it. That's why this page lists our failure modes instead of hiding them in clause 14(b).
A real exit. Leaving should be as easy as joining. One email deletes everything.
Calm by design. The product exists to lower nervous-system load. Software that spies on its users raises it. Those two things can't coexist, so we chose.
09Your rights
Wherever you live, we treat GDPR as the floor. Email aioraownr@gmail.com from your account email and you can:
- See everything we hold about you (we'll send a copy within 30 days);
- Correct anything wrong;
- Delete your account and all of its data, including biometrics, prompts, and your alpha application. Deletion is real deletion, not a hidden flag;
- Disconnect a wearable at any time from the MindSync page, which also deletes its stored tokens.
If you're in the EU and unhappy with our answer, you can complain to your local data protection authority. Cyprus's is the Commissioner for Personal Data Protection.
10Changes
If this policy changes in a way that matters, we'll say so on the site and, for anything significant, by email, before it takes effect. The date at the top always tells you when it last moved. This page is currently published in English only; if any translation ever conflicts with it, the English text governs.