Privacy Policy

Last updated: April 1, 2026

Mindlume ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, and safeguard information when you use our web application at app.mindlume.app and our website at mindlume.app.

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and professional role through our authentication provider (Memberstack).

Payment Information: If you subscribe to a paid plan, payment is processed securely through Stripe. We do not store credit card numbers or banking details on our servers.

Usage Data: We collect basic usage data such as note counts for managing your subscription tier. We do not track or log individual clinical note content on our servers.

2. Clinical Data and HIPAA Awareness

Mindlume is designed with a privacy-first architecture:

• Clinical note content is processed in real-time and is not stored on Mindlume servers after generation.
• Note generation is handled via a secure API call. Once your note is delivered to your browser, the content is not retained server-side.
• We recommend using client initials rather than full names as an additional privacy measure.
• Generated notes are downloaded directly to your device as PDF or Word documents.

Mindlume is not a covered entity under HIPAA. However, our architecture is designed to minimize data exposure and support your compliance obligations as a covered provider.

3. How We Use Your Information

• To provide and maintain the Mindlume service
• To manage your account and subscription
• To send transactional emails (account confirmation, password resets)
• To send product updates and educational content via MailerLite (you may unsubscribe at any time)
• To improve the quality and features of our service

4. Third-Party Services

We use the following third-party services:

• Memberstack: Authentication and account management
• Stripe: Secure payment processing
• MailerLite: Email communications
• Anthropic: Intelligent note generation
• Vercel: Application hosting
• Netlify: Landing page hosting

Each of these providers maintains their own privacy policies and security standards.

5. Data Security

We implement industry-standard security measures including HTTPS encryption for all data in transit, secure API key management, and access controls on our infrastructure. No system can guarantee 100% security, but we take reasonable measures to protect your information.

6. Data Retention

Account information is retained for as long as your account is active. If you cancel your account, we will delete your account data within 30 days. Clinical note content is not stored on our servers and therefore is not subject to a retention policy.

7. Your Rights

You may:

• Request a copy of the personal data we hold about you
• Request correction or deletion of your personal data
• Unsubscribe from marketing emails at any time
• Cancel your account at any time

8. Children's Privacy

Mindlume is designed for licensed and credentialed behavioral health professionals. We do not knowingly collect information from individuals under the age of 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of any material changes via email. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at support@mindlume.app.