Privacy Policy

Effective Date: [SET ON PUBLISH]

MindLoop ("we", "us", "the App") is a mindfulness and affirmation application operated by CachePile. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information We Collect

A. Account & Authentication Data

  • Google Sign-In: If you sign in with Google, we receive your email address, display name, and profile photo URL through Firebase Authentication. This is used to create and personalize your account.
  • Email / Password Sign-In: If you register with email and password, your email address and a securely hashed password are stored by Firebase Authentication (a Google service). A secondary salted hash may also be kept on your device for offline sign-in convenience.

B. Data Sent to Our Backend (Speech Generation)

MindLoop generates spoken audio from your affirmations using a server-side backend (Google Cloud Run) and Google Cloud Text-to-Speech. When you generate audio, the App sends:

  • the affirmation text you wrote and the selected voice,
  • a Firebase authentication token and a Firebase App Check token (Google Play Integrity) used to verify the request is genuine.

The affirmation text is used transiently to synthesize audio and to update your usage balance; we do not store your affirmation text in readable form on our servers. Generated audio is cached in Google Cloud Storage, addressed by a one-way hash of the text + voice settings (the cache stores audio keyed by content, not by who created it).

C. Entitlements & Usage Ledger

We store your subscription/entitlement status and a character-credit ledger in Google Cloud Firestore, associated with your account identifier. This is how the App knows your plan and remaining balance across devices.

D. Billing Data

MindLoop offers auto-renewing subscriptions and a consumable top-up through Google Play Billing. Payment is processed by Google Play; we do not collect or store your payment card details. We receive purchase/subscription status from Google Play (including via real-time developer notifications) to grant entitlements.

E. Analytics & Diagnostics

  • Firebase Analytics: We log app-usage events (e.g. app opens, voice selected, affirmation generated, subscription/top-up purchased) to understand feature usage.
  • Firebase Crashlytics: We collect crash and ANR diagnostic reports to improve stability.

F. Server Logs

When the App contacts our backend, our servers record technical request logs for security, abuse-prevention, and rate-limiting. These logs contain request metadata (timestamp, endpoint, response status, latency) and one-way hashed values of your account identifier and IP address — we do not retain your raw IP address or any affirmation text in these logs.

G. Data Stored Only on Your Device

Your affirmations, playlists, generated audio files, app settings, and security passcode are stored locally on your device (Room database + private app storage).

2. How We Use Your Information

  • To authenticate you and maintain your account.
  • To generate affirmation audio and enforce your usage/credit balance.
  • To process and validate subscriptions and top-ups.
  • To diagnose crashes and understand aggregate feature usage.

We do not sell your personal information.

3. Third-Party Services

We rely on Google services to operate the App: Firebase Authentication, Firebase App Check, Cloud Run, Cloud Text-to-Speech, Cloud Firestore, Cloud Storage, Firebase Analytics, Firebase Crashlytics, and Google Play Billing. Your use of these is also subject to Google's Privacy Policy (https://policies.google.com/privacy).

4. Your Rights (GDPR / CCPA)

Depending on your jurisdiction you may have rights to access, correct, port, or delete your personal data, and to object to or restrict certain processing.

  • Access & Portability: Your affirmations and profile are visible in the App.
  • Rectification: You can edit your profile and affirmations in the App.
  • Erasure: See Section 5.

To exercise these rights, contact us at mindloop@cachepile.io.

5. Account & Data Deletion

  • In-app deletion: Open Profile → Delete Account. This permanently deletes your local data (affirmations, playlists, audio files, local credentials), your Firebase Authentication account, and your server-side entitlement and character-credit records.
  • By request: If you can't access the app, you can request deletion by email at mindloop@cachepile.io. A web request page is also available — see our Account Deletion page.
  • Uninstalling the App removes all locally stored data from your device.

6. Data Retention

We retain account, entitlement, and billing-related records for as long as your account is active or as needed to provide the service and meet legal/accounting obligations. Cached audio is content-addressed and not linked to your identity.

7. Data Location & International Transfers

Our backend and storage run on Google Cloud infrastructure located in the United States (region `us-central1`). Firebase services likewise process data on Google infrastructure. If you access the App from outside the United States — including the European Economic Area, the United Kingdom, or other regions — your information will be transferred to and processed in the United States. Google maintains data-transfer safeguards (including Standard Contractual Clauses) for such transfers; see Google's Privacy Policy for details.

8. Security

We protect your information with industry-standard measures:

  • Encryption in transit: all communication between the App and our backend uses HTTPS/TLS.
  • Encryption at rest: data stored in Google Cloud Firestore and Cloud Storage is encrypted at rest by Google Cloud by default.
  • Request integrity: backend requests are verified with Firebase Authentication and Firebase App Check (Google Play Integrity) to block unauthorized access.
  • On-device credentials: if you use offline email/password sign-in, your password is never stored in plain text — only a salted one-way hash is kept on your device.

No method of transmission or storage is 100% secure, but we work to protect your data using these safeguards.

9. Children's Privacy

MindLoop is not directed at children. We do not knowingly collect personal information from children under 13 (or under 16 in regions where that is the minimum age of consent). If you believe a child has provided us data, contact us and we will delete it.

10. Changes to This Policy

We may update this Policy. Material changes will be reflected by updating the Effective Date and, where appropriate, an in-app notice.

11. Contact Us

CachePilemindloop@cachepile.io