Mindful Brian

BeWell IT Limited ("we", "our", "us", or "BeWell IT"), company number 16095961, registered in England and Wales, is committed to protecting your privacy. This Privacy Policy explains our practices regarding the handling of information when you use our Mindful Brian mobile application ("App").

1. Information We Collect

Our App collects:

• Account Information: Email address and display name when you create an account
• Mindfulness Data: Meditation sessions, mindfulness practices, and personal reflections you choose to record
• Usage Information: How you interact with the App to improve user experience
• Device Information: Device type, operating system version, and app version for technical support
• Progress Data: Your meditation streaks, practice history, and personal goals

Our App does NOT collect:

• Location data
• Contacts
• Camera/photo access
• Microphone access (except during guided meditations if you choose to enable it)
• Financial information
• Government identifiers

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App's core mindfulness features
• Enable secure authentication and account management
• Store and synchronize your mindfulness data across devices
• Personalize your meditation and mindfulness experience
• Track your progress and provide meaningful insights
• Send mindfulness reminders and motivational content (if you opt in)
• Improve our services and user experience
• Comply with legal obligations

3. Artificial Intelligence Features

AI-Enhanced Personalization

Mindful Brian uses AI to enhance your mindfulness experience through:

• Personalized recommendations: AI suggests meditations and practices based on your progress and preferences
• Progress insights: AI analyzes your practice patterns to provide meaningful feedback
• Content adaptation: AI helps adapt content difficulty and focus areas to your needs
• Smart reminders: AI optimizes reminder timing based on your usage patterns

AI Data Handling:

• AI processing uses aggregated, anonymized data patterns
• Individual meditation sessions are not analyzed by AI
• You can opt out of AI-powered features in your account settings
• AI insights are generated to improve your personal experience only
• No personal data is shared with third parties for AI training

4. Legal Basis for Processing (UK GDPR)

We process your personal data based on:

• Consent: For creating an account and storing mindfulness data
• Legitimate interests: For app functionality, security, and service improvement
• Legal obligations: For compliance with applicable laws
• Vital interests: In emergency situations as permitted by law

5. Data Storage and Security

Firebase Implementation:

• All data is encrypted in transit and at rest
• Stored securely on Google Firebase servers
• Real-time synchronization with offline capability
• Regular security audits and updates
• Access controls and authentication measures

Security Measures:

• Industry-standard encryption protocols
• Secure authentication through Firebase Auth
• Regular security assessments
• Incident response procedures
• Limited access to personal data (need-to-know basis)

6. Teacher and Administrator Features

Enhanced Features for Teachers

For teachers and mindfulness instructors using Mindful Brian:

• Student Management: Track progress of students enrolled in your courses
• Content Creation: Create and manage custom meditation sessions and programmes
• Progress Analytics: View aggregated, anonymized insights about class engagement and progress
• Teaching Tools: Access specialized features for group sessions and course management

Teacher Data Handling:

• Teacher accounts have additional permissions for course management
• Student data is only accessible to authorized teachers for their specific courses
• All teacher-student data sharing is consent-based and course-specific
• Teachers can export course completion reports for their students

7. Third-Party Services and Data Processors

We work with the following service providers:

• Google Firebase: Authentication, data storage, and real-time synchronization
• Google Cloud Platform: AI services for personalization and insights
• Apple HealthKit/Google Fit: With your explicit permission, to integrate mindfulness sessions with your health data

All third-party processors are bound by data processing agreements ensuring GDPR compliance.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, including the United States where our service providers' servers are located. We ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs) with all processors
• Technical and organizational security measures
• Data Processing Agreements requiring GDPR-equivalent protection

9. Data Retention

We retain your data for the following periods:

• Account information: Duration of your account plus 30 days after deletion
• Mindfulness data: As long as you maintain an account, or until you delete specific entries
• Usage analytics: Aggregated, anonymized data may be retained indefinitely for service improvement

10. Age Restrictions

• Our App is intended for users aged 13 and above
• Users under 18 should have parental consent before creating an account
• If we learn that we have inadvertently collected information from anyone under 13, we will promptly delete such information

11. Your Rights

Under UK GDPR and applicable US state privacy laws, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Object to certain processing activities
• Data portability - receive your data in a portable format
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner's Office (ICO)

12. Managing Your Information

Access and Modification:

• Access and modify your personal information through the Account screen
• Update meditation preferences and personal goals directly in the App
• Export your mindfulness data through the Account settings

Account Deletion:

• Navigate to "Account > Delete Account" to permanently delete your account
• This action immediately removes all your personal information from our systems
• Anonymized, aggregated data may be retained for analytics

13. Updates to This Policy

We may update this Privacy Policy as our App evolves. When we make changes:

• The "Last Updated" date will be revised
• For material changes, we will notify you via email or in-app notification
• Your continued use of the App after changes constitutes acceptance

14. California Privacy Rights

California Consumer Privacy Act (CCPA)

While we limit data collection, California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising privacy rights

Do Not Track

Our App does not track users across third-party websites and does not respond to Do Not Track (DNT) signals.

15. Emergency Situations

In situations involving imminent risk of serious harm, we may share limited information with appropriate authorities or designated emergency contacts in accordance with applicable laws and only to the extent necessary to address the emergency.

16. Links to External Services

Our App may contain links to external websites or services. We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies.

17. Children's Privacy

We take children's privacy seriously. For users aged 13-17:

• Parental consent is recommended before account creation
• We collect only essential information necessary for app functionality
• Parents can request access to or deletion of their child's data
• We comply with applicable children's privacy laws including COPPA

18. Contact Information

For questions or concerns about this Privacy Policy or our privacy practices:

19. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with:

20. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales, without limiting any rights or protections provided under applicable privacy laws in your jurisdiction.