Privacy Policy

Last updated: 15 April 2026

1. Who we are

This Privacy Policy explains how MindFuddle (“we”, “us”, “our”) collects, uses, stores, and shares personal data when you use our website and platform.

If you have any questions about this Privacy Policy or how we handle your data, you can contact us at:

Email: koley.ops@gmail.com

2. What this policy covers

This Privacy Policy applies to personal data we collect when you:

  • visit our website
  • create an account
  • use the platform
  • take part in practice sessions
  • purchase a paid plan, if available
  • contact us

3. The personal data we collect

Depending on how you use the service, we may collect the following types of personal data.

Account information

  • name
  • email address
  • login and authentication details
  • account preferences
  • subscription or plan status

Practice session data

  • messages sent during practice sessions
  • uploads or other materials you choose to submit
  • AI-generated responses, scoring, summaries, and feedback
  • saved practice session history for signed-in users

Payment and billing information

If you purchase a paid plan, payments are processed by Stripe or another payment provider. We do not store full card details ourselves.

We may receive limited billing information such as:

  • payment status
  • subscription status
  • billing customer ID
  • invoice or transaction metadata
  • country or region

Technical and usage data

  • IP address
  • browser type and version
  • device and operating system information
  • date and time of access
  • security, error, and diagnostic logs

4. How we collect your data

We collect personal data:

  • directly from you when you create an account, contact us, or use the platform
  • when you send messages or submit content during practice sessions
  • automatically when you use the website or app
  • from service providers that help us run the service, such as hosting, authentication, database, payment, and artificial intelligence providers

5. How we use your personal data

We use personal data to:

  • create and manage your account
  • provide the platform and its features
  • save practice session history for signed-in users
  • generate AI chat responses, scoring, summaries, and feedback
  • process payments and manage subscriptions
  • respond to support requests
  • monitor security, diagnose issues, and maintain the service
  • prevent fraud, abuse, or misuse
  • comply with legal and regulatory obligations
  • send important service-related updates

6. Our lawful bases for processing

Where the UK GDPR (United Kingdom General Data Protection Regulation) applies, we rely on one or more of the following lawful bases:

Contract

We process your personal data where necessary to provide the service you signed up for, such as creating your account, letting you log in, saving your practice sessions, and providing paid features.

Legitimate interests

We may process your data where it is reasonably necessary for our legitimate interests, including securing the platform, preventing fraud or abuse, diagnosing issues, improving reliability, and defending legal claims, provided those interests are not overridden by your rights and freedoms.

Legal obligation

We may process your data where necessary to comply with legal obligations, including tax, accounting, and law enforcement requirements.

Consent

If we rely on consent for any specific activity, such as non-essential cookies or similar technologies, we will ask for it where required.

7. Artificial intelligence and practice session processing

The service uses artificial intelligence tools to generate chat responses, feedback, scoring, summaries, or related outputs based on the content you submit during practice sessions.

This means your submitted messages and related content may be processed by third-party artificial intelligence service providers acting on our behalf in order to deliver the service.

AI-generated output may be imperfect, subjective, or inaccurate and should be reviewed critically.

8. Cookies and similar technologies

We use strictly necessary cookies or similar technologies for authentication, security, session management, and essential payment or billing flows.

We do not currently rely on non-essential advertising or marketing cookies.

For more detail, please see our Cookie Policy.

9. Sharing your personal data

We do not sell your personal data.

We may share personal data with trusted service providers who help us operate the service, such as providers for:

  • hosting and infrastructure
  • authentication
  • database and storage
  • payment processing
  • artificial intelligence services
  • email delivery or support tools, if used

These providers may include services such as Supabase, Vercel, Stripe, and third-party artificial intelligence providers used to run the platform.

We may also share data where required by law, to enforce our terms, to protect our rights or users, or in connection with a business sale, merger, or reorganisation.

10. International transfers

Some of our service providers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we take steps intended to ensure appropriate safeguards are in place where required by applicable law.

11. How long we keep your data

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and maintain appropriate business and security records.

Retention periods may vary depending on the type of data and why we need it. For example, we may keep account data while your account remains active, keep billing records for longer where required for legal, tax, or accounting purposes, and retain technical or security logs for a shorter period unless we need them for investigating abuse, fraud, or incidents.

12. Your rights

Depending on where you are located, you may have rights in relation to your personal data, including the right to:

  • request access to your data
  • request correction of inaccurate data
  • request deletion of your data
  • request restriction of processing
  • object to certain processing
  • request transfer of your data
  • withdraw consent where processing is based on consent
  • complain to a data protection authority

If you are in the United Kingdom, you can complain to the Information Commissioner’s Office if you believe your data has been handled unlawfully.

13. Security

We use reasonable technical and organisational measures intended to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Children

The service is not intended for children under 18, and we do not knowingly collect personal data from children below that age.

If you believe a child has provided us with personal data, contact us and we will investigate.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the “Last updated” date above.

16. Contact us

If you have questions, requests, or concerns about this Privacy Policy or your personal data, contact us at:

Email: koley.ops@gmail.com