Effective June 30, 2026
MindVault never transmits, stores, or has access to unencrypted user content. Only the SHA-256 hash of your idea text is sent to OpenTimestamps calendar servers for Bitcoin anchoring. A SHA-256 hash is a one-way cryptographic fingerprint — MindVault cannot reverse it to recover your idea content. Your ideas remain private by design.
In demo mode, idea text is stored exclusively in your browser's localStorage and never leaves your device. No idea content reaches MindVault's servers at any point.
If you choose to join our waitlist, we collect your email address. This is stored in our waitlist_signups table along with the signup source (e.g. demo_seal, demo_prior_art) and a one-way hash of your IP address. We never store IP addresses in cleartext.
When you seal an idea, we store in our idea_timestamps table:
Idea text is never stored server-side. Demo mode uses your browser's localStorage only.
We record anonymized demo funnel events (event name and non-PII metadata) in our demo_events table to understand how users interact with the product. Event payloads contain no personally identifiable information. IP addresses, when present in any context, are stored as SHA-256 hashes — never in cleartext.
MindVault is compliant with GDPR and CCPA by design. Because idea content is never processed by MindVault's servers — only its irreversible SHA-256 hash crosses the network boundary — there is no personal data embedded in the core timestamping record.
Email addresses are the only directly identifiable data we hold. Email subscribers may request deletion at any time by contacting us at legal@mindvault.app.
You have the right to:
To exercise any of these rights, email legal@mindvault.app. We will respond within 30 days.
We may update this Privacy Policy from time to time. For material changes, we will notify you via email (if you have provided one) or via an in-app notice at least 14 days before the changes take effect.
Privacy questions or data requests: legal@mindvault.app.