Myndra Privacy Policy

Last Updated: March 11, 2026

Overview

Myndra is a cognitive rehabilitation platform designed to help users improve cognitive function through daily comprehension exercises. This policy describes how we collect, use, store, and protect your data.

Data We Collect

Account Information

• Username and hashed password (we never store plaintext passwords)
• Email address (if provided for account recovery)

Session & Performance Data

• Exercise responses, scores, and completion times
• CPI (Cognitive Performance Index) scores and component scores
• Difficulty levels and progression history
• Session streak data

Biometric Authentication

• Myndra supports Face ID and Touch ID for app lock functionality
• Biometric data is processed entirely by Apple's Secure Enclave on your device
• We never access, collect, or store your biometric data — authentication is handled by iOS LocalAuthentication framework

Purchase Information

• If you subscribe to Pro or Clinician tiers, purchases are processed entirely by Apple through StoreKit
• We do not collect or store payment information (credit cards, billing addresses, etc.)
• We receive only a purchase confirmation and subscription status from Apple

Fatigue Detection

• Myndra analyzes response times and score patterns within a session to detect cognitive fatigue
• This analysis is performed locally and is used solely to flag sessions where fatigue may have affected performance
• Fatigue flags are stored as part of your session data

Device & Technical Data

• No device identifiers, advertising IDs, or tracking data are collected
• Basic server logs (IP address, request timestamps) are retained for up to 30 days for security and abuse prevention, then automatically deleted

How We Use Your Data

• To generate and adapt cognitive exercises to your performance level
• To track your progress and provide performance analytics
• To export session data to your local Obsidian vault (if configured)
• AI-powered evaluation of exercise responses (for Pro and Clinician tiers)
• To detect and flag potential cognitive fatigue patterns within sessions

AI Processing

• Exercise responses may be sent to third-party AI providers (Anthropic Claude, OpenAI) for evaluation
• AI evaluation is only used for Pro and Clinician tier users
• Free tier users receive deterministic (non-AI) scoring — no data is sent to AI providers
• AI providers process data according to their respective privacy policies (Anthropic, OpenAI)
• No AI provider retains your data for training purposes under our data processing agreements
• Data sent to AI providers includes only the exercise passage and your response text — no account information or identifiers are included

Data Storage & Security

• Local-First Architecture: All session and performance data is stored locally on your device
• iOS Local Storage: Session data is stored locally on your device using SwiftData and secured with iOS data protection
• Keychain: Authentication tokens are stored securely in the iOS Keychain
• Obsidian Export: Session notes are exported to your local Obsidian vault as Markdown files
• Encryption in Transit: All data transmitted between the app and server is encrypted using TLS (HTTPS)
• Password Security: Passwords are hashed using industry-standard bcrypt before storage

International Data Transfer

If you use Myndra from outside the United States, your data may be transferred to and processed on servers located in the United States. By using Myndra, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: we rely on your consent (provided when you create an account and accept these terms) as the legal basis for transferring your data internationally.

Data Sharing

• We do not sell your data to third parties
• We do not share your data with advertisers
• We do not use your data for purposes other than providing the Myndra service
• Clinician Tier: If you are added as a patient by a clinician, that clinician can view your session history and performance trends. You will be informed when a clinician links to your account.

Your Rights

All Users

• Access: Export all your data at any time via Settings
• Deletion: Delete your account and all associated data at any time via Settings
• Portability: Data export provides a complete JSON dump of all your information

Additional Rights for EEA/UK Users (GDPR)

Under the General Data Protection Regulation, you also have the right to:

• Rectification: Request correction of inaccurate personal data
• Restriction: Request restriction of processing of your personal data
• Objection: Object to processing of your personal data
• Withdraw Consent: Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal)
• Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing (GDPR): We process your data based on:

• Consent: You consent to data processing when you create an account and accept our terms
• Legitimate Interest: Server logging for security and abuse prevention
• Contract Performance: Processing necessary to provide the Myndra service

To exercise any of these rights, contact us at support@myndraapp.com.

Data Retention

• Your data is retained as long as your account is active
• Upon account deletion, all data is permanently and immediately removed from our servers
• There is no data retention period after deletion
• Server access logs are retained for up to 30 days, then automatically deleted
• iOS local data (SwiftData, Keychain) can be removed by deleting the app from your device

Children's Privacy

Myndra is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children under these ages. If we learn that we have collected data from a child under the applicable age, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at support@myndraapp.com.

Medical Disclaimer

Myndra is not a medical device and has not been evaluated or approved by the FDA, EMA, or any regulatory body. It is not intended to diagnose, treat, cure, or prevent any disease or medical condition. Myndra does not provide medical advice. Always consult a qualified healthcare professional for medical concerns. Performance metrics (including CPI scores and fatigue flags) are for informational purposes only and should not be used as the basis for medical decisions.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the app or via email (if provided). Changes will be reflected in the "Last Updated" date above. Continued use of Myndra after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions or to exercise your data rights, contact us at:

Email: support@myndraapp.com
Website: https://myndraapp.com