MINDZONE PRIVACY
Aiora Technologies LLC
Last updated 7 July 2026

Privacy, in plain words

Most privacy policies are written so you won't read them. This one is written so you will. It says what we store about you, where it goes, what could go wrong, and how to get everything deleted. If anything here is unclear, write to us and we'll answer, a person, not a bot.

01Who we are

MindZone AI is built and run by Aiora Technologies LLC, a company registered in Wyoming, USA and operating from Paphos, Cyprus. For anything in this document, email aioraownr@gmail.com. There is no support department. The person reading that inbox is the person who wrote the code.

Age and minors. MindZone is for people 13 and over. Anyone under 18 needs a parent or guardian's consent to take part, and that guardian's consent is part of what we store for a minor's application. We don't knowingly collect anything from a child under 13; if you believe we have, email us and we'll delete it.

02What we store, and why

03What we don't do

No advertising. No analytics scripts, no trackers, no pixels. No selling or renting data to anyone, in any form, aggregated or not. No reading your contacts, location, photos, or anything else on your device. The only cookie we set is the one that keeps you logged in.

We also don't pretend. When the audio can't adapt to your heart rate (it's fixed once rendered), we say so, and only the visuals and breathing guide adapt. The same rule applies to this document: nothing here is aspirational. It describes the system as it is built.

04Where your data travels

Everything lives on a single server we rent from Hetzner, a European hosting company. There is no data warehouse and no analytics pipeline. Three things leave that server, and only when you use the matching feature:

05How it's protected

Traffic is encrypted (HTTPS). Passwords are hashed with bcrypt. Login sessions are stored only as digests, so a stolen database cannot be replayed as logins. Wearable tokens are encrypted at rest. The database and application files are readable only by the service itself. Logins are rate-limited and accounts lock after repeated failures. Every security-relevant event is logged.

06When things go wrong

Honest software plans for its own bad days. Here is ours:

07What we keep, and for how long

DataKept
Rendered audio filesabout 1 hour, then deleted
Live heart-rate streamnever stored
Session promptslast 200 per account
Biometric daily summarieslast 90 per account
Login sessions7 days, then expired and purged
Account, security log, alpha applicationuntil you ask us to delete

08What we value

Minimal collection. Every stored field exists because a feature needs it. There is no "collect now, find a use later".

Honesty over polish. If a limitation exists, we name it. That's why this page lists our failure modes instead of hiding them in clause 14(b).

A real exit. Leaving should be as easy as joining. One email deletes everything.

Calm by design. The product exists to lower nervous-system load. Software that spies on its users raises it. Those two things can't coexist, so we chose.

09Your rights

Wherever you live, we treat GDPR as the floor. Email aioraownr@gmail.com from your account email and you can:

If you're in the EU and unhappy with our answer, you can complain to your local data protection authority. Cyprus's is the Commissioner for Personal Data Protection.

10Changes

If this policy changes in a way that matters, we'll say so on the site and, for anything significant, by email, before it takes effect. The date at the top always tells you when it last moved. This page is currently published in English only; if any translation ever conflicts with it, the English text governs.