Privacy Policy
Last updated: April 4, 2026
The short version
- Your journal is yours. No human reads it unless you choose to share with a coach.
- AI processes your entries to coach you — then the data stays in your account. Anthropic does not train on your data.
- We don’t sell your data. Not to advertisers, not to data brokers, not to anyone.
- You can export or delete everything at any time from your account settings.
- Voice sessions are processed in real time and not stored after the session ends.
- We use only essential cookies. Analytics cookies are optional and you can opt out.
1. Overview
Mindcraft is operated by All Minds on Deck LLC (“we,” “us,” “our”). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. It applies to all users of the Mindcraft platform.
We take your privacy seriously — especially because the data you share with us is deeply personal. We designed Mindcraft to give you control over your information and to minimise what we share with third parties.
2. Data we collect
We collect the following categories of personal information:
| Category | What | Why |
|---|---|---|
| Account | Email address, hashed password (or magic link token if passwordless) | Authentication, account recovery, contact |
| Intake responses | Values, goals, family patterns, work context, programme-specific questions | Personalise your coaching plan and goal generation |
| Journal entries | Free-form text you write during daily sessions | AI coaching reflections, pattern detection, exercise selection |
| Exercise responses | Your written answers to coaching exercises, ratings, feedback | Track progress, avoid repeat exercises, refine recommendations |
| Assessment data | Enneagram, Leadership Circle, or Saboteur results (if you upload them) | Personalise exercises and coaching insights |
| Payment | Email, programme purchased, payment status | Process payment, manage subscriptions |
| Contact messages | Issue type and message text from the support form | Customer support |
| Voice data (optional) | Audio recordings during voice coaching sessions | Real-time transcription and voice coaching. Audio is processed in real time and not stored after the session ends. |
| Usage analytics | Page views, attribution source (how you found us) | Improve the product and understand how people find us |
We do not collect: phone numbers, government IDs, physical addresses, IP addresses for tracking, or social media profiles.
3. How we use your data
We use your data to:
- Deliver coaching: Your journal entries and exercise responses are processed by AI to generate personalised reflections, detect patterns, and select relevant exercises.
- Generate goals: Your intake responses and early journal entries are used to create personalised coaching goals.
- Create summaries: If you choose to share with a coach, we generate AI summaries of your progress that you review and approve before sharing.
- Improve the platform: Aggregate, anonymised usage data helps us understand what works and what to improve. This is optional and you can opt out.
- Communicate with you: Respond to support requests, send programme updates, and notify you of changes to these policies.
We do not use your data to: train AI models, sell to third parties, serve advertisements, or build marketing profiles.
4. AI processing — how it works
Mindcraft uses artificial intelligence to power its coaching features. Here is exactly what happens when you write a journal entry:
- Your journal entry text is sent to Claude (made by Anthropic) via their API.
- A semantic search retrieves your most relevant past entries (up to 5) to provide context. This uses Voyage AI to generate text embeddings stored in our database.
- Claude generates a coaching reflection and theme tags based on your entry and past context.
- The response is returned to you. Nothing is stored by Anthropic or Voyage AI beyond the API call.
Important: Your data is sent to these AI services only for real-time processing. Anthropic does not use API data to train their models (per their data usage policy). We do not use your data to train or fine-tune any model.
AI processing is required for the coaching service to function. If you are uncomfortable with this, you should not use the platform.
5. Third-party services
We share limited data with the following services:
| Service | Data shared | Purpose |
|---|---|---|
| Anthropic (Claude) | Journal text, past entries context, exercise responses | Generate coaching reflections, summaries, and exercise selection |
| Voyage AI | Journal text (for embedding generation) | Semantic search to find relevant past entries |
| Stripe | Email, programme/tier, payment details | Payment processing |
| Supabase | All platform data (encrypted at rest) | Database hosting, authentication, file storage |
| Resend | Email address, support message | Deliver contact form emails |
| LiveKit | Voice audio (real-time, not stored) | Voice coaching session infrastructure |
| Deepgram | Voice audio (real-time transcription) | Convert speech to text for voice coaching sessions |
| ElevenLabs | Generated coaching text | Convert coaching responses to spoken audio |
| Google Analytics | Page views, attribution source (anonymised) | Product analytics (optional, you can opt out) |
We do not share your data with any other third party. No data brokers, no advertising networks, no marketing platforms.
6. Coach sharing
If you enable coach sharing in your privacy settings, you can generate AI summaries of your coaching progress and share them with your assigned coach. You control this process completely:
- Coach sharing is off by default.
- You review every summary before it is shared.
- You can redact any section you do not want your coach to see.
- You can revoke access to any shared summary at any time.
- Your coach never sees your raw journal entries or exercise responses — only the approved AI-generated summary.
7. Data storage and security
Your data is stored in Supabase (hosted on AWS) with the following protections:
- Encryption at rest: All database content is encrypted.
- Encryption in transit: All connections use HTTPS/TLS.
- Row-level security (RLS): Database policies ensure you can only access your own data. Not even our application code can bypass these policies.
- Secure authentication: Passwords are hashed by Supabase Auth. Session tokens are stored in httpOnly cookies (not accessible to JavaScript).
We do not store credit card numbers or payment details. All financial data is handled by Stripe under their PCI-DSS compliant infrastructure.
8. Data retention
We retain your data for as long as your account is active. If you delete your account or request data deletion, we will delete your personal data within 30 days. This includes journal entries, exercise responses, coaching summaries, intake data, and goals.
We may retain anonymised, aggregated data (e.g., “X% of users completed the programme”) that cannot be linked back to you.
System logs that may contain fragments of your data are automatically purged after 90 days.
9. Your rights
Depending on your location, you may have the following rights under applicable data protection laws (including GDPR and CCPA):
- Access: Request a copy of all personal data we hold about you.
- Correction: Ask us to correct inaccurate data.
- Deletion: Request deletion of your personal data.
- Portability: Receive your data in a commonly used format.
- Restriction: Ask us to limit how we process your data.
- Objection: Object to certain types of processing (e.g., analytics).
- Withdraw consent: For optional data uses like coach sharing and analytics, you can change your settings at any time from the Privacy page in your account.
To exercise any of these rights, email crew@allmindsondeck.com. We will respond within 30 days.
10. Cookies
We use only essential cookies required for authentication (session tokens managed by Supabase Auth). These are httpOnly cookies that cannot be read by JavaScript.
If you have opted into analytics, Google Analytics may set its own cookies to track page views. You can opt out of analytics from your Privacy settings at any time.
We do not use advertising cookies, social media tracking pixels, or third-party marketing cookies.
11. Children’s privacy
Mindcraft is not intended for anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us and we will delete the account promptly.
12. International data transfers
Our services and third-party providers are based in the United States. If you are located outside the US, your data will be transferred to and processed in the US. By using Mindcraft, you consent to this transfer. We rely on the data processing agreements of our service providers (Supabase, Anthropic, Stripe, LiveKit, Deepgram, ElevenLabs) to ensure your data is handled in compliance with applicable regulations.
13. California residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information we collect and how it is used.
- Right to delete your personal information.
- Right to opt out of the “sale” of personal information. We do not sell your personal information.
- Right to non-discrimination for exercising your privacy rights.
14. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the email associated with your account before the changes take effect. The “last updated” date at the top reflects the most recent version.
15. Contact
For any privacy questions or data requests, contact:
All Minds on Deck LLC
crew@allmindsondeck.com
© 2026 Mindcraft · Terms & Conditions