This Privacy Policy describes how Udabyte LLC (d/b/a Mindirus) ("Mindirus," "we," "us," or "our") collects, uses, and discloses your personal information when you use our website at mindirus.com and related services (the "Service").
When you register, we collect your name, email address, and password (stored as a secure hash). If you sign in with Google, we receive your name, email, and profile picture from Google.
We collect data about how you use the platform, including:
When you submit feedback through the in-app widget, we also collect your browser type and device information to help us reproduce and resolve issues.
Payment processing is handled entirely by Stripe. We never see, store, or have access to your credit card number or payment details. We only receive confirmation of successful payments and subscription status from Stripe.
When you authenticate with Google, we access your Google Account profile information (name, email address, and profile picture) solely to create and manage your Mindirus account. We do not access your Google Drive, Gmail, Calendar, Contacts, or any other Google services. We do not store your Google access token beyond the authentication session. Your Google data is subject to Google's Privacy Policy at https://policies.google.com/privacy. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. You can revoke Mindirus's access to your Google data at any time through your Google Account settings at https://myaccount.google.com/permissions.
We use your information to:
We do not sell your personal information. We share data only with:
We may disclose information if required by law or to protect the rights, safety, or property of Mindirus or its users.
Your data is stored in a PostgreSQL database hosted on Railway with encrypted connections. We use industry-standard security measures including:
We use essential cookies for authentication (httpOnly session cookies). We do not use third-party tracking cookies or advertising cookies. Our service worker may cache static assets locally for offline access.
We also use browser local storage to save: your theme preference (light/dark mode), last visited page (for session resumption), study progress per course, and dismissed onboarding prompts. This data stays on your device and is not transmitted to our servers.
Some browsers offer a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals because there is no industry-standard technology for honoring them. However, we do not use third-party tracking cookies or behavioral advertising, and our analytics provider (Plausible) is cookieless and privacy-friendly by design. We will update this policy if a uniform DNT standard is adopted.
We honor Global Privacy Control (GPC) signals as required by California, Colorado, and Connecticut privacy laws. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for the sale or sharing of personal information.
We use automated algorithms to personalize your learning experience, including:
These automated processes help optimize your study plan but do not produce legal effects or similarly significant decisions. You may request human review of any automated decision or opt out of profiling by contacting support@mindirus.com.
You have the right to:
You have the right to know what personal information we collect, use, disclose, and sell; to delete your personal information; to correct inaccurate personal information; to opt out of sale or sharing of personal information (we do not sell or share your data for cross-context behavioral advertising); to limit use of sensitive personal information; and to non-discrimination for exercising your rights. To submit a verifiable request, email support@mindirus.com with the subject "CCPA Request." We will verify your identity using your account email. You may also designate an authorized agent with written authorization.
You have rights to access, correct, delete, and obtain a portable copy of your data. You may opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. If we deny your request, you may appeal by emailing support@mindirus.com with subject "VCDPA Appeal." We will respond within 60 days.
You have the same rights as Virginia residents. We honor universal opt-out signals including Global Privacy Control (GPC).
You have the same rights as Virginia residents, including the right to appeal denied requests.
Many U.S. states including Texas, Oregon, Delaware, New Jersey, Maryland, Minnesota, Nebraska, Montana, Iowa, Indiana, and Tennessee have enacted consumer privacy laws. If you reside in any state with an applicable privacy law, you generally have the right to access, correct, and delete your personal information, and to opt out of targeted advertising and data sales. To exercise any privacy right, contact support@mindirus.com. We will respond within the timeframe required by your state's law.
We process data based on consent (account creation) and legitimate interest (platform improvement and security). You may withdraw consent at any time by deleting your account. You have the right to lodge a complaint with your local supervisory authority.
For all privacy requests, we will respond within 45 days (extendable by 45 days with notice). We will not discriminate against you for exercising any of these rights.
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymized, aggregated data may be retained for analytics purposes.
Transactional (cannot be opted out): Account verification, password reset, payment receipts, security alerts.
Non-transactional (opt-out available): Weekly study digest with progress summary and recommendations.
You can unsubscribe from non-transactional emails by clicking the "unsubscribe" link in any email or by contacting support@mindirus.com. Unsubscribe requests are processed within 10 business days.
In the event of a data breach affecting your personal information, we will notify affected users via email and/or in-app notification within 72 hours of confirming the breach, or as otherwise required by applicable law. We will describe the nature of the breach, the data affected, and steps you can take to protect yourself.
Your information is stored and processed in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) and our service providers' data processing agreements to ensure adequate protection for international transfers.
The Service is designed for users aged 16 and older. We do not knowingly collect personal information from children under 13. If you are between 13 and 16, you may use the Service only with parental or guardian consent. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly. Parents or guardians who believe their child has provided personal information to us may contact support@mindirus.com to request review or deletion of their child's data.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service. Your continued use constitutes acceptance of the updated policy.
For privacy-related questions or data requests, contact us at support@mindirus.com.