← Back

Privacy Policy

Effective June 30, 2026

Privacy-First Architecture

MindVault never transmits, stores, or has access to unencrypted user content. Only the SHA-256 hash of your idea text is sent to OpenTimestamps calendar servers for Bitcoin anchoring. A SHA-256 hash is a one-way cryptographic fingerprint — MindVault cannot reverse it to recover your idea content. Your ideas remain private by design.

In demo mode, idea text is stored exclusively in your browser's localStorage and never leaves your device. No idea content reaches MindVault's servers at any point.

Data We Collect

Account / Waitlist Data

If you choose to join our waitlist, we collect your email address. This is stored in our waitlist_signups table along with the signup source (e.g. demo_seal, demo_prior_art) and a one-way hash of your IP address. We never store IP addresses in cleartext.

Idea Metadata

When you seal an idea, we store in our idea_timestamps table:

Idea text is never stored server-side. Demo mode uses your browser's localStorage only.

Analytics

We record anonymized demo funnel events (event name and non-PII metadata) in our demo_events table to understand how users interact with the product. Event payloads contain no personally identifiable information. IP addresses, when present in any context, are stored as SHA-256 hashes — never in cleartext.

Retention Periods

GDPR & CCPA Compliance

MindVault is compliant with GDPR and CCPA by design. Because idea content is never processed by MindVault's servers — only its irreversible SHA-256 hash crosses the network boundary — there is no personal data embedded in the core timestamping record.

Email addresses are the only directly identifiable data we hold. Email subscribers may request deletion at any time by contacting us at legal@mindvault.app.

Your Rights

You have the right to:

To exercise any of these rights, email legal@mindvault.app. We will respond within 30 days.

Third-Party Services

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email (if you have provided one) or via an in-app notice at least 14 days before the changes take effect.

Contact

Privacy questions or data requests: legal@mindvault.app.