Privacy Policy

Effective Date: May 30, 2025

1. Introduction

At Christian Gunzelmann & Dominik Grau GbR (operating as Mindmed.ai), we understand that your privacy is paramount, especially when you're engaging in personal and often sensitive conversations. This Privacy Policy is designed to clearly inform you about how LUMI, our AI-powered application, handles your information.

We're deeply committed to protecting your personal data and upholding your privacy rights. This commitment forms the bedrock of our service, as we recognize the immense trust you place in us when you use LUMI for self-reflection and support. This policy outlines in detail:

• What information we collect from you.

• Why we collect it.

• How we use it.

• How we protect it.

• When and why we might share it (with minimal sharing being our core principle).

• Your rights regarding your data.

Our aim is to be fully transparent and to ensure you have a clear understanding of our data practices, empowering you to make informed decisions about your privacy. By using LUMI, you agree to the terms outlined in this Privacy Policy. We encourage you to read it thoroughly.

2. Information We Collect

To provide, maintain, and secure LUMI, Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) collects certain types of information. Our data collection practices are designed to be as minimal as possible while ensuring the functionality and safety of our service.

2.1. Information You Directly Provide to Us

This refers to any data you consciously and actively provide when interacting with LUMI.

• Account and Profile Information: When you create an account, we collect basic details necessary for your registration and to manage your subscription. This includes:

  • Your email address (used for login, subscription management, and important service notifications).

  • Your real name.

  • A username or your preferred name ("how the user wants to get called").

  • Your age.

  • Your gender.

  • Your password (stored securely using industry-standard hashing techniques; we never store your actual password).

  • Your preferred voice for LUMI.

  • Your language preference.

  • Any other information you voluntarily provide during the registration process or to complete your profile.

• Subscription and Payment Information (via RevenueCat): If you opt for a premium subscription, we use RevenueCat, Inc. ("RevenueCat") as our third-party subscription and payment management provider. RevenueCat collects and processes certain information related to your purchases and subscriptions on our behalf. This may include:

  • Purchase history (e.g., subscription type, start and end dates, renewal status, transaction IDs).

  • User identifiers (an anonymous App User ID automatically generated by RevenueCat, which may be linked to your email address if you configure your app to do so, for purposes like linking purchases across devices).

  • Device identifiers (if integrations utilize advertising identifiers like IDFA).

  • Usage data related to subscriptions (e.g., last seen time in the app, for their dashboard analytics).

  • RevenueCat doesn't directly collect your full payment card information. This sensitive data is handled by the respective app stores (Apple App Store, Google Play Store) or other payment gateways, which securely process your payment.

  • For more details on RevenueCat's data practices, please refer to their Privacy Policy at https://www.revenuecat.com/privacy/.

• Your Conversations with LUMI: You share your thoughts, feelings, and personal experiences in your chats with LUMI. As explicitly stated in our Terms and Conditions, we don't use your conversation data for training or improving LUMI's AI models unless you explicitly and separately opt-in or provide specific feedback for that purpose. Your conversations are processed in real-time to facilitate LUMI's responses and deliver the core service to you.

• Feedback and Support Communications: If you contact our support team (e.g., via support@mindmed.ai), provide feedback, or participate in surveys, we collect the content of your communications and any information you choose to provide (e.g., your name, email address) to address your inquiries and improve our customer service.

  
  

2.2. Information We Collect Automatically

When you use LUMI, certain technical and usage information is collected automatically to ensure the service functions correctly and to help us understand how LUMI is used (typically in an aggregated or pseudonymized form).

• Usage Data: We collect general information about your interactions with LUMI, such as:

  • Features you use (e.g., which conversational modes or tools you engage with).

  • The duration of your sessions.

  • The date and time of your interactions.

  • This data is primarily used for aggregated analytics to understand overall service usage patterns and improve service delivery, without identifying you personally.

• Technical Data: We collect information about the device and software you use to access LUMI:

  • IP address: Used for security, fraud prevention, and general geographic location (country/region, not precise address).

  • Device type: (e.g., mobile phone, tablet, desktop).

  • Operating system: (e.g., iOS, Android, Windows) and its version.

  • Browser type and version: (e.g., Chrome, Safari, Firefox).

  • Application version: The specific version of the LUMI app you are using.

  • This data helps us troubleshoot technical issues, ensure compatibility, and optimize LUMI's performance across various devices.

• Cookies and Similar Technologies: LUMI uses cookies and similar tracking technologies to enhance your user experience, authenticate you, remember your preferences, and for analytical purposes. For a detailed explanation of what cookies are, how we use them, and how you can manage your cookie preferences, please refer to our dedicated Cookie Policy.

3. Legal Basis for Processing Your Information

This section explains the legal grounds under which Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) processes your personal data, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. We only process your data when we have a valid legal basis to do so.

• Performance of a Contract: We process your personal data (such as account information, conversations with LUMI, and subscription details) when it's necessary for the performance of the contract between you and Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) to provide the LUMI service. This includes:

  • Creating and managing your account.

  • Delivering LUMI's conversational services to you.

  • Processing your subscriptions and payments via RevenueCat to grant you access to premium features.

  • Providing customer support related to your use of LUMI.

• Legitimate Interests: We may process certain data when it's necessary for our legitimate interests, provided these interests don't override your fundamental rights and freedoms. Our legitimate interests include:

  • Maintaining and improving LUMI's security: Protecting LUMI against fraud, abuse, and security threats.

  • Troubleshooting and technical support: Diagnosing and resolving technical issues to ensure LUMI functions smoothly.

  • Analyzing and optimizing service performance: Using aggregated and anonymized or pseudonymized usage data to understand how LUMI is used and to improve its overall performance and user experience (without using your direct conversation data for AI model training unless explicitly consented to for specific feedback).

  • Communicating with you: Sending important service announcements, updates to our Terms or Privacy Policy, and responding to your inquiries.

• Compliance with Legal Obligations: We may process your personal data when it's necessary to comply with a legal obligation to which Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) is subject. This includes, for example, maintaining records for tax or auditing purposes as required by German law.

• Consent: In specific, limited circumstances, we may rely on your explicit consent for certain processing activities. As stated in our Terms and Conditions, we only review and use your conversation data for improving LUMI's AI models if you've explicitly provided specific feedback for that purpose. Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

4. How We Use Your Information

Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) uses the information we collect for specific purposes, all aimed at providing you with a safe, effective, and supportive experience with LUMI. Our use of your data is always consistent with the legal bases outlined in Section 3.

We use your information for the following purposes:

• To Provide and Maintain LUMI: We use your account information, language preference, preferred voice, and conversation data to operate, deliver, and maintain the core functionalities of LUMI. This includes:

  • Enabling you to log in and access your account.

  • Facilitating real-time conversational interactions with LUMI.

  • Managing your subscription, including processing payments via RevenueCat and granting access to premium features.

  • Ensuring the basic functionality and availability of the service.

• To Improve and Personalize Your Experience (Limited Scope): While we don't use your general conversation data for training LUMI's AI models without your explicit consent, we may use other forms of data to enhance your experience:

  • User Preferences: Your language and preferred voice settings help us personalize LUMI's responses to your liking.

  • Explicit Feedback: If you choose to provide specific feedback on your conversations for service improvement, we will use that explicitly provided content solely for the purpose of improving LUMI's performance and capabilities, as consented by you.

  • Aggregated and Anonymized Data: We analyze aggregated and anonymized usage patterns (e.g., general feature usage, session duration, technical device data) to understand how LUMI is used overall. This helps us identify trends, optimize performance, fix bugs, and plan new features without identifying you personally.

• To Communicate with You: We use your contact information to send you important service-related communications, including:

  • Notifications about your account or subscription status.

  • Updates to our Terms and Conditions or Privacy Policy.

  • Responses to your customer support inquiries or feedback.

  • Security alerts or information about system outages.

• For Security and Fraud Prevention: We use collected data, including IP addresses and technical data, to:

  • Protect LUMI and our users from fraud, unauthorized access, and other security threats.

  • Detect and prevent malicious activities or violations of our Terms and Conditions.

  • Ensure the integrity and safety of our systems.

• For Legal Compliance: We may use and retain your information as necessary to comply with our legal obligations, including:

  • Responding to valid legal requests, such as court orders, subpoenas, or government investigations.

  • Maintaining records for tax, accounting, or auditing purposes as required by applicable laws.

5. How We Share Your Information

Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) is deeply committed to protecting your privacy. We share your personal information only in very limited circumstances and always with your privacy as our top priority.

• No Sale of Personal Data: We don't sell, rent, or lease your personal information to third parties for their marketing or advertising purposes.

• With Service Providers: We work with trusted third-party service providers who perform essential functions on our behalf. These providers are strictly bound by contractual obligations to keep your information confidential and to use it only for the purposes for which we disclose it to them. These may include:

  • Hosting Providers: For securely storing our data and running the LUMI application (e.g., cloud service providers).

  • Payment Processors: As mentioned, RevenueCat, Inc. processes your subscription and payment details. They operate under their own strict privacy policies.

  • Technical Support Providers: To help us troubleshoot and resolve technical issues with the application.

  • Analytics Providers (for aggregated/anonymized data): To help us understand general usage patterns of LUMI (excluding your individual conversations) for service improvement.

  • We only share the minimum personal data necessary for these service providers to perform their specific functions.

• For Legal Reasons and Protection of Rights: We may disclose your information if we believe it's necessary to:

  • Comply with a legal obligation (e.g., a court order, subpoena, or government request).

  • Enforce our Terms and Conditions, including investigating potential violations.

  • Detect, prevent, or address fraud, security, or technical issues.

  • Protect the rights, property, or safety of Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai), our users, or the public.

• Business Transfers: In the event that Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

• With Your Consent: Beyond the uses mentioned, we may share your information if you give us your explicit consent to do so for a specific purpose (e.g., providing specific conversation feedback for service improvement, as outlined in Section 4).

• Aggregated or Anonymized Data: We may share aggregated or anonymized data that doesn't identify you personally with third parties for research, analysis, or statistical purposes. This data cannot be used to identify you and isn't considered personal information.

6. Data Security

At Christian Gunzelmann & Dominik Grau GbR (operating as Mindmed.ai), we take the security of your personal information very seriously. We implement robust technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

• End-to-End Encryption for Conversations: Your conversations with LUMI are secured using a unique two-key encryption system.

  • One encryption key is securely managed by Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai).

  • The second encryption key is automatically generated based on your user ID and is never accessible to us.

  • Only with both keys combined can conversation data be decrypted. This design ensures that we cannot access your conversation data without your explicit action.

• User-Initiated Access for Troubleshooting: If you require troubleshooting that necessitates access to your conversation data, you can request your unique user-generated key from our server and provide it to us. Once provided, we can temporarily decrypt your data to assist you. Immediately after this process, your user-generated key is automatically re-generated and changed to ensure your continued privacy and security.

• Encryption at Rest and in Transit: Beyond the two-key system for conversations, all other data is encrypted using industry-standard protocols (like TLS/SSL) both in transit (when it's sent between your device and our servers) and at rest (when it's stored on our servers). This helps prevent unauthorized parties from reading your data.

• Strict Access Control: Access to your personal data is severely restricted to authorized personnel who genuinely need to know that information to perform their job functions (e.g., customer support for specific, user-authorized inquiries). All access is logged and regularly reviewed.

• Secure Infrastructure: Our services are hosted on secure, reputable cloud infrastructure providers that maintain high security standards and certifications (e.g., ISO 27001).

• Regular Security Audits and Updates: We regularly review and update our security practices and systems to adapt to new threats and technologies. This includes using firewalls, intrusion detection systems, and vulnerability assessments.

• Data Minimization: We only collect and retain the minimum amount of personal data necessary to provide the LUMI service and fulfill our legal obligations, reducing the potential impact of any security incident.

• Employee Training: Our staff receives regular training on data privacy and security best practices to ensure they understand their responsibilities in handling your information.

Despite our efforts, please understand that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements. The specific retention periods depend on the type of data and its purpose:

• Account Information: We retain your account information (email, real name, username, age, gender, password hash, voice preference, language) for as long as your account is active. If you delete your account, this data will be deleted as specified below, unless you choose to retain it for future re-access.

• Conversation Data: Your conversations with LUMI are stored securely using our two-key encryption system.

  • If you delete your account and choose to delete your data, your conversation data will be permanently deleted from our systems immediately.

  • If you delete your account but choose to retain your data (to allow for re-access with the same email), your encrypted conversation data will be retained for a period necessary to facilitate this re-access, consistent with our legal obligations. You can always request complete deletion of this retained data later by contacting support@mindmed.ai.

• Subscription and Payment Information: Data related to your subscriptions and payments processed by RevenueCat is retained for as long as your subscription is active and for a period thereafter as required by tax and accounting laws (e.g., typically 6 to 10 years in Germany for financial records), even if your account is deleted. RevenueCat's own retention policies also apply.

• Technical and Usage Data: IP addresses in server logs are typically retained for 90 days for security purposes. Aggregated or pseudonymized technical and usage data used for analytics and service improvement is retained for up to 24 months to allow for trend analysis and historical comparisons, after which it may be fully anonymized or securely deleted.

• Customer Support Communications: Records of your communications with our support team are retained for a period necessary to resolve your inquiry and for our legitimate interest in improving customer service, typically up to 24 months after the last interaction.

After the applicable retention period, or upon your request for deletion where applicable, your personal data will be securely deleted or anonymized.

8. Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have specific rights regarding your personal data. We're committed to helping you exercise these rights.

Your rights include:

• Right to Access (Art. 15 GDPR): You have the right to request a copy of the personal data we hold about you.

• Right to Rectification (Art. 16 GDPR): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can often update your profile information directly within the LUMI app.

• Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent and no other legal basis for processing exists). As detailed in our Termination section (Section 7), you can delete your account and associated data directly within the app, or request deletion of retained data via support@mindmed.ai.

• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data, or if the processing is unlawful).

• Right to Data Portability (Art. 20 GDPR): You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.

• Right to Object (Art. 21 GDPR): You have the right to object to our processing of your personal data based on legitimate interests, under certain conditions.

• Right to Withdraw Consent (Art. 7(3) GDPR): Where we process your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

• Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that our processing of your personal data infringes data protection laws. The relevant supervisory authority for Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) in Germany is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.

How to Exercise Your Rights:

To exercise any of these rights, please contact us at support@mindmed.ai. We may need to verify your identity before fulfilling your request to ensure the security of your data. We will respond to your request within one month of receipt.

9. International Data Transfers

Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai) is based in Germany. We assure you that all your personal data collected and processed by LUMI remains within the European Union (EU) or European Economic Area (EEA). We don't transfer your personal data to countries outside the EU/EEA.

10. Children's Privacy

LUMI is not intended for use by individuals under the age of 18. We don't knowingly collect personal information from children under 18. If we become aware that we've collected personal data from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers immediately.

If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us at support@mindmed.ai.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make significant changes, we'll notify you.

• How We'll Notify You: We'll inform you about changes via email and/or through a pop-up notification within the LUMI app or other in-app notifications, depending on the nature and extent of the changes. We'll also update the "Effective Date" at the top of this policy.

• When Changes Take Effect: Any changes to this Privacy Policy will be effective immediately upon their posting.

• Your Acceptance: Your continued use of LUMI after any revisions become effective means you agree to be bound by the updated Privacy Policy. If you don't agree to the new terms, you should stop using LUMI.

12. Severability

If any provision of this Privacy Policy is held to be invalid or unenforceable by a court, the remaining provisions of this Privacy Policy will remain in effect. The invalid or unenforceable provision will be modified to the minimum extent necessary to make it valid and enforceable.

13. Contact Information

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise your data protection rights, please don't hesitate to contact us:

Christian Gunzelmann & Dominik Grau GbR (Mindmed.ai)

Email: support@mindmed.ai