←
Back to Mindstage
1. Introduction
Mindstage ("we," "us," or "our") operates this service. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.
By using Mindstage, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, username, birthdate (for age verification), and password when you create an account
- User Content: Scenarios, characters, and media you create using the Service
- Messages & Conversations: Your prompts, messages, and interactions with AI characters
- Payment Information: Processed securely through third-party payment providers (we do not store credit card details)
- Communications: Information you provide when you contact us for support
2.2 Information Collected Automatically
- Usage Data: How you interact with the Service, including scenarios played and features used
- Device Information: Browser type, operating system, and device identifiers
- Log Data: IP address, access times, and pages viewed
- Cookies: Session cookies to maintain your login state
2.3 AI Interaction Data
- Conversations with AI characters (encrypted at rest)
- Prompts and responses generated during scenario interactions
- Character behavior patterns and preferences
- Usage patterns for service improvement (anonymized)
3. How We Use Your Information
We use the collected information to:
- Provide and maintain the Service
- Personalize your experience and improve AI interactions
- Process and store your created content
- Send service-related communications
- Monitor and analyze usage patterns
- Detect and prevent fraud or abuse
- Comply with legal obligations
- Improve our AI models and Service features
4. AI Model Training and Improvement
4.1 How We Use Data for AI
Privacy First: Your private messages and content are NEVER used for AI training without your explicit consent.
4.2 What We Use
To improve our AI services, we may use:
- Aggregated Usage Patterns: Anonymized data about how features are used
- Public Content: Scenarios and characters marked as public (with attribution removed)
- Quality Metrics: Response times, error rates, and satisfaction indicators
- Safety Signals: Patterns that help us identify and prevent harmful content
4.3 What We DON'T Use
- Your private messages and conversations
- Private scenarios and characters
- Personal identifying information
- Any content you've explicitly opted out of sharing
4.4 Opt-Out Options
You can opt-out of having even anonymized data used for improvement through your account settings. This will not affect your service quality.
5. Data Sharing and Disclosure
5.1 We Do Not Sell Your Data
We do not sell, trade, or rent your personal information to third parties.
5.2 Limited Sharing
We may share your information in the following circumstances:
- With Your Consent: When you explicitly agree to share information
- Service Providers: With trusted third parties who assist in operating our Service
- Legal Requirements: When required by law or to protect rights and safety
- Business Transfers: In connection with a merger, acquisition, or sale of assets
Public Content: Scenarios and characters you mark as public will be visible to other users of the Service.
6. Data Storage and Security
6.1 Encryption and Protection
Privacy-First Security: Your messages and private content are encrypted at rest using industry-standard encryption. Only you can access your private conversations.
- Messages: Encrypted at rest, viewable only by you
- Private Content: Encrypted and accessible only with your authentication, monitored only by automated safety systems
- Public Content: Stored securely but accessible to other users as intended
- Passwords: Hashed using industry-standard bcrypt algorithm
6.2 Security Measures
- SSL/TLS encryption for all data transmissions
- Encryption for messages and sensitive content at rest
- Regular security audits and penetration testing
- Multi-factor authentication available
- Access controls with principle of least privilege
- Regular backups with encrypted storage
- Incident response and breach notification procedures
6.3 Data Retention and Deletion
Retention Periods:
- Active Accounts: Data retained while account is active
- Inactive Accounts: Deleted after 2 years of inactivity
- Deleted Content: Permanently removed within 30 days
- Backups: Purged from backups within 90 days
Important: When you delete content, it is permanently and irreversibly removed. We cannot recover deleted messages or content.
6.4 Data Localization
Your data is stored on secure servers in the United States. We use content delivery networks (CDNs) for performance but sensitive data never leaves our primary servers.
7. Your Rights and Choices
7.1 Your Data Rights
Full Control: You have complete control over your data and content.
You have the right to:
- Access: View all personal information we have about you
- Rectification: Correct any inaccurate or incomplete data
- Erasure: Request permanent deletion of your account and data
- Restriction: Limit how we process your data
- Objection: Opt-out of certain data processing activities
7.2 Content Privacy and Control
Your Messages:
- Are private and encrypted at rest
- Can only be accessed by you
- Can be permanently deleted at any time
- Are never used for AI training without explicit consent
Private Scenarios/Characters:
- Remain your intellectual property
- Checked only by automated safety systems
- Never shared with third parties
- Can be deleted at any time
Public Content:
- You retain ownership but grant us license to use
- License is perpetual and irrevocable once published
- Can be removed from public view but license persists
7.3 Account Settings
You can manage your privacy preferences through your account settings, including:
- Profile visibility and information sharing
- Content sharing permissions and defaults
- Communication and notification preferences
- Data deletion options
- Two-factor authentication settings
8. Cookies and Tracking
8.1 Essential Cookies
We use essential cookies to:
- Maintain your login session
- Remember your preferences
- Ensure Service security
8.2 Analytics
We may use analytics tools to understand how users interact with the Service. This data is aggregated and anonymized.
8.3 Your Choices
You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.
9. Age Requirements and Children's Privacy
Age Restriction: Mindstage is strictly for users 18 years and older.
We do not knowingly collect personal information from anyone under 18 years of age. We require birthdate verification during registration to ensure compliance.
If we discover that a user is under 18:
- The account will be immediately suspended
- All associated data will be permanently deleted
- No refunds will be provided for any purchases
If you believe someone under 18 is using our Service, please contact us immediately at [email protected].
10. International Data Transfers
If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.
11. California Privacy Rights
California residents have additional rights under the California Consumer Privacy Act (CCPA):
Right |
Description |
Right to Know |
Request information about data collection and use |
Right to Delete |
Request deletion of personal information |
Right to Opt-Out |
Opt-out of the sale of personal information (we do not sell data) |
Right to Non-Discrimination |
Not be discriminated against for exercising privacy rights |
12. Data Breach Notification
In the unlikely event of a data breach that may compromise your personal information:
- We will notify affected users within 72 hours of discovery
- We will provide details about what information was affected
- We will offer guidance on protective measures you can take
- We will cooperate with relevant authorities as required
Due to our encryption practices, encrypted messages and content would remain protected even in a breach scenario.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy on this page
- Updating the "Last updated" date
- Sending an email notification for significant changes
- Requiring acknowledgment for material changes affecting your rights
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.