Privacy Policy

1. Introduction

Welcome to Mind Tiles, a product of Intellibricks Inc. ("we," "our," "us," or "the Company"). Intellibricks Inc. is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Mind Tiles and our related services.

Mind Tiles is an AI-powered learning platform developed and owned by Intellibricks Inc. When we refer to "Mind Tiles," "the Service," or "our services" in this policy, we are referring to the Mind Tiles application and platform operated by Intellibricks Inc.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, profile picture when you create an account
• Apple Sign-In Information: If you sign in with Apple, we collect the email address you choose to share. This may be your real email address or a private relay email address (ending in @privaterelay.appleid.com) if you choose "Hide My Email." We cannot control or disable the "Hide My Email" option, as this is a user-controlled privacy feature provided by Apple.
• Learning Data: Your learning progress, preferences, and interactions with our AI system
• Communication Data: Messages you send to our support team
• Payment Information: Billing details for premium subscriptions (processed securely through third-party providers)

2.2 Technical Information

• Usage Data: How you interact with our platform, features used, time spent
• Device Information: Browser type, operating system, device identifiers, device model, device fingerprint
• Log Data: IP address, access times, pages viewed, referring websites
• Analytics Data: Performance metrics and user behavior patterns
• Session Data: Active session information, login timestamps, device associations

2.3 Analytics and Tracking Information

We collect analytics data to improve our services and understand user behavior. This includes:

• Platform Usage: Which platform you use (web or mobile app platforms), app version, device type
• Subscription Analytics: Subscription status, payment platform used (Stripe for web, Apple App Store for iOS, Google Play Store for Android), subscription lifecycle events
• Feature Usage: Which features you use, how often, and interaction patterns
• Performance Metrics: App performance, loading times, error rates
• Cross-Platform Activity: Usage across different platforms for the same account

Privacy Protection: We anonymize personal information in analytics where possible. Email addresses are hashed (SHA-256) for analytics tracking. Device identifiers are used instead of user IDs where feasible.

3. How We Use Your Information

We use your information to:

• Provide and improve our AI-powered learning services
• Personalize your learning experience and content recommendations
• Process payments and manage your subscription
• Communicate with you about your account and our services
• Analyze usage patterns to enhance our platform
• Ensure platform security and prevent fraud
• Enforce device-based account security (one account per device)
• Manage active sessions and prevent unauthorized access
• Track subscription status across platforms (web and mobile app platforms)
• Comply with legal obligations

3.1 Analytics Usage

We use analytics data to:

• Understand how users interact with our platform
• Identify and fix technical issues
• Improve user experience and feature adoption
• Track subscription conversion and retention
• Monitor platform usage across web and mobile app platforms
• Detect and prevent abuse or fraudulent activity

Your Control: You can opt out of non-essential analytics by contacting us at support@mindtiles.ai. Essential analytics required for service functionality cannot be disabled.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With trusted third-party vendors who help operate our services (under strict confidentiality agreements)
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Consent: With your explicit permission for specific purposes

4.1 Third-Party Service Integrations

We use the following third-party services to provide our platform:

• Stripe: Payment processing for web subscriptions. Stripe collects billing information and processes payments securely. See Stripe's Privacy Policy.
• Apple App Store: Payment processing for iOS mobile app subscriptions. Apple collects billing information. See Apple's Privacy Policy.
• Google Play Store: Payment processing for Android mobile app subscriptions. Google collects billing information. See Google's Privacy Policy.
• Firebase: Backend infrastructure, authentication, and database services. See Firebase Privacy.
• OpenAI: AI content generation services. Your learning data may be processed by OpenAI to generate personalized content. See OpenAI's Privacy Policy.

Data Sharing: We share only the minimum necessary data with these providers to deliver our services. All third-party providers are bound by strict confidentiality agreements and comply with applicable data protection laws.

4.2 Cross-Platform Data Sharing

Mind Tiles operates across web and mobile app platforms. To provide seamless synchronization:

• Account Data Sync: Your account information, learning progress, and preferences are synchronized across all platforms you use
• Cloud Storage: Your data is stored in secure cloud infrastructure and accessible from any platform where you sign in
• Platform-Specific Data: Some data (like device identifiers) is platform-specific but linked to your account for security purposes
• Subscription Status: Your subscription status is synchronized across platforms to ensure consistent access, provided you use the same email address or sign-in method across all platforms

Security: All cross-platform data transfers are encrypted in transit and at rest. We use secure authentication to verify your identity across platforms.

4.2.1 Apple Sign-In and Private Relay Emails

Apple "Hide My Email" Feature: When you sign in with Apple, you may choose to use "Hide My Email," which creates a private relay email address (ending in @privaterelay.appleid.com). This is a privacy feature provided by Apple that we cannot control or disable. Apple generates a unique private relay email per Apple ID per app.

How We Handle Private Relay Emails:

• Collection: If you choose "Hide My Email," we collect and store the private relay email address provided by Apple
• Usage: We use this email address for account identification, subscription management, and cross-platform synchronization, just like any other email address
• Platform Availability: Sign in with Apple is only available on iOS devices. It is not available on web browsers or other mobile app platforms. If you use Apple Sign-In on iOS and wish to access your account on web or other mobile app platforms, you will need to use a different sign-in method (Google Sign-In or Email/Password), which may result in separate accounts unless account linking is performed manually through support.
• Email Delivery: All emails from Mind Tiles (including subscription confirmations, password resets, account notifications, and other communications) are sent to your private relay email address. Apple automatically forwards these emails to your Apple ID email address. Please check your Apple ID email inbox for all important notifications from Mind Tiles. We cannot send emails directly to your real email address when you use "Hide My Email" because Apple does not provide us with your real email address.
• Cross-Platform Access: For your subscription to work across all platforms, you must use the same email address (or the same Apple ID with "Hide My Email") across all platforms. If you use "Hide My Email" on one platform and a different sign-in method on another platform, your subscription may not be accessible across platforms
• Account Linking: We do not currently support automatic account linking between different sign-in methods. Using different sign-in methods (e.g., Apple Sign-In on iOS and Google Sign-In on web) will create separate accounts unless manually linked through support.
• No Linking to Real Email: We cannot link your private relay email to your real email address, as this is a privacy feature designed to protect your identity. Apple does not provide us with your real email address when you choose "Hide My Email"
• Consistency: Apple provides the same private relay email for the same Apple ID per app, so if you use the same Apple ID with "Hide My Email" on all platforms, you will have the same private relay email across all platforms

Your Choice: You can choose to use "Share My Email" when signing in with Apple if you prefer to use your real email address for easier cross-platform subscription access. However, we respect your privacy choice and will work with whichever email address you provide.

Limitation: We are not responsible for subscription access issues that arise from using different email addresses or sign-in methods across platforms. Cross-platform subscription access depends on using the same account credentials across all platforms.

4.3 AI Data Usage

Our AI system uses your learning data to generate personalized content:

• Content Generation: Your learning preferences, progress, and interactions are used to generate personalized learning paths
• AI Processing: Your data may be processed by third-party AI services (OpenAI) to generate educational content
• Learning Analytics: We analyze your learning patterns to improve content recommendations and platform features
• Data Minimization: We only share the minimum necessary data with AI services to generate personalized content

Your Control: You can delete your account at any time to stop all AI processing of your data. Deleted data is permanently removed from our systems and AI service providers.

5. Data Security

We implement enterprise-grade security measures to protect your information:

• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication systems
• Secure cloud infrastructure with leading providers
• Employee training on data protection practices

6. Cookies and Tracking Technologies

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and analyzing site usage.

6.2 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality and security
• Analytics Cookies: Help us understand how you use our site to improve performance
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used to deliver relevant advertisements (only with consent)

6.3 Managing Cookies

You can control cookies through your browser settings or our cookie banner. Note that disabling certain cookies may affect website functionality.

6A. Device Tracking and Session Management

6A.1 Device Registration

To ensure account security and prevent abuse, we register and track the device you use to access our services. This includes:

• Device Fingerprinting: We create a unique identifier for your device based on hardware and software characteristics (device model, operating system, browser type)
• Device Association: We link your account to a specific device to enforce our one-account-per-device policy
• Device Verification: We verify your device on login to prevent unauthorized access

Purpose: Device tracking is essential for account security and preventing trial abuse. This cannot be disabled as it is required for service functionality.

6A.2 Session Management

We track and manage your active sessions to ensure account security:

• Active Session Tracking: We track when you log in and log out
• Concurrent Session Prevention: We enforce a one-active-session policy to prevent unauthorized access
• Session Verification: We verify your session on critical operations
• Session Timeout: Sessions automatically expire after periods of inactivity

Purpose: Session management is essential for account security. This cannot be disabled as it is required for service functionality.

6B. Analytics and Data Collection Consent

6B.1 Consent by Account Creation

Automatic Consent: By creating an account and using our services, you automatically acknowledge and consent to our data collection and analytics practices as described in this Privacy Policy. The account creation screen provides clear links to this Privacy Policy and our Terms of Service. Proceeding with account creation constitutes your binding acceptance and consent.

6B.2 What You Consent To

By creating an account, you consent to:

• Collection of personal information (email, name, profile data)
• Collection of technical information (device data, usage data, analytics)
• Device tracking and fingerprinting for security purposes
• Session management and tracking
• Analytics data collection (platform usage, subscription events, feature usage)
• Cross-platform data synchronization
• Email communications (verification, trial reminders, subscription updates)

6B.3 Withdrawing Consent

You can withdraw your consent at any time by:

• Deleting Your Account: This will permanently delete all your data and stop all data collection
• Opting Out of Non-Essential Analytics: Contact us at support@mindtiles.ai to opt out of non-essential analytics
• Stopping Email Communications: Delete your account to stop receiving all emails (see Section 7.1 for account deletion instructions)

Note: Essential data collection required for service functionality (device tracking, session management, subscription management) cannot be disabled.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information and account
• Portability: Export your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Limit how we process your information
• Analytics Opt-Out: Opt out of non-essential analytics tracking

7.1 Account Deletion and Data Purge

Complete Data Deletion: When you delete your account, we will permanently delete all of your personal data from our systems, including:

• Your account information (email, name, profile picture)
• All learning data (topics, progress, preferences, content)
• All user-generated content (bookmarks, notes, interactions)
• Subscription records (from our database)
• Device registrations and session data
• All analytics data associated with your account
• All subcollections and related data

What is Preserved (Legally Required): We are required by law to preserve certain data:

• Billing Records: Payment and subscription records from Stripe, App Store, and Google Play are preserved for 7+ years as required by tax and financial regulations. These records are maintained by third-party payment processors and are not accessible through our platform after account deletion.
• Trial Email Tracking: A hashed (encrypted) version of your email address is preserved to prevent trial abuse. This hash cannot be used to identify you or contact you.
• Audit Logs: Compliance-related audit logs are preserved for legal and security purposes.
• Anonymized Analytics: Aggregated, anonymized analytics data that cannot identify you may be retained for business intelligence purposes.

How to Delete Your Data in the App

You have two options for deleting your data:

Option 1: Delete All Data (Keep Account)

If you want to delete all your data but keep your account active (you'll see the onboarding experience after your next login):

1. Open the Mind Tiles app and sign in to your account
2. Tap on your Profile icon (usually in the bottom navigation or top corner)
3. Navigate to Privacy & Security settings
4. Scroll down to find the "Delete All My Data (Keep Account)" section
5. Tap the "Delete All My Data (Keep Account)" button
6. Confirm your choice in the dialog that appears
7. Your data will be deleted, but your account will remain active. You'll see the onboarding screen after your next login.

Option 2: Delete Account Completely

If you want to permanently delete your account and all associated data:

1. Open the Mind Tiles app and sign in to your account
2. Tap on your Profile icon (usually in the bottom navigation or top corner)
3. Navigate to Privacy & Security settings
4. Scroll down to find the "Delete Account" section
5. Read the information about what will be deleted
6. Tap the "Delete Account" button
7. Confirm your choice in the confirmation dialog
8. Your account and all data will be permanently deleted. Any active subscriptions will be cancelled automatically.

Important Notes:

• Active Subscriptions: When you delete your account, we will attempt to cancel any active subscriptions automatically. If cancellation fails, you may need to cancel manually through your payment provider (Stripe, App Store, or Google Play).
• Permanent Action: Account deletion cannot be undone. All your data will be permanently removed from our systems.
• Processing Time: Data deletion occurs immediately upon confirmation. Your account will be removed and you will be signed out.
• Billing Records: Please note that billing records from payment processors (Stripe, App Store, Google Play) are preserved for 7+ years as required by tax and financial regulations, but these are not accessible through our platform.

Alternative Method: If you are unable to access the app or prefer to request deletion via email, you can contact us at support@mindtiles.ai with the subject line "Account Deletion Request". Please include your account email address in the request.

7.2 Analytics Consent and Opt-Out

Consent: By creating an account and using our services, you consent to our collection and use of analytics data as described in this Privacy Policy. You acknowledge that you have read and understood our Privacy Policy and Terms of Service when you create your account.

Opting Out: You can opt out of non-essential analytics by contacting us at support@mindtiles.ai with the subject line "Analytics Opt-Out Request". Essential analytics required for service functionality (such as subscription management, security, and error tracking) cannot be disabled.

Device Tracking: We use device identifiers and fingerprints to enforce our one-account-per-device policy and prevent abuse. This is essential for service security and cannot be disabled.

8. Children's Privacy (COPPA Compliance)

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA). We do not:

• Knowingly collect personal information from children under 13
• Market to children under 13
• Use personal information from children under 13 for any purpose

Parental Rights: If you are a parent or guardian and believe we have collected information from a child under 13, please contact us immediately at support@mindtiles.ai and we will promptly delete such information.

Age Verification: By creating an account, you represent that you are at least 13 years old. Users between 13 and 18 years old must have parental consent to use our services.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

10. Data Retention and Deletion

10.1 Active Account Data

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and resolve disputes. Account data is typically retained for the duration of your account plus a reasonable period thereafter.

10.2 Account Deletion

When you delete your account, we will permanently delete all of your personal data from our systems within 30 days, except for data we are legally required to retain (billing records, audit logs) or anonymized data that cannot identify you.

10.3 Analytics Data Retention

Analytics data is retained according to the following schedule:

• User-Specific Analytics: Deleted immediately upon account deletion
• Anonymized Analytics: Retained for up to 90 days for business intelligence purposes
• Audit Logs: Retained for 1 year for security and compliance purposes
• Session Data: Retained for 30 days, then automatically deleted

11. Email Communications

We send transactional and account-related emails to users for the following purposes:

• Account Management: Email verification, password resets, account security alerts
• Subscription Management: Trial start/end notifications, subscription confirmations, billing updates, cancellation notices
• Payment Processing: Payment confirmations, payment failure notifications, billing changes, plan change confirmations
• Account Activity: Platform migration notifications, duplicate subscription prevention alerts, subscription status updates

These emails are essential for the operation of your account and the delivery of our services. They are transactional/notification emails as defined by CAN-SPAM, GDPR, and CASL regulations and do not require unsubscribe options. You cannot opt out of these essential communications as they are necessary for account management, security, and service delivery.

Marketing Emails: We do not currently send marketing or promotional emails. If we begin sending marketing communications in the future, we will provide clear opt-out options and obtain your consent where required by law. Marketing emails will be separate from transactional emails, and you will be able to opt out of marketing emails while continuing to receive essential account notifications.

Stopping Email Communications: If you wish to stop receiving these essential account emails, you may delete your account. Please note that deleting your account will cancel your subscription and permanently delete all your data. For more information, see Section 7.1 (Account Deletion).

Apple Sign-In "Hide My Email" Users: If you signed in with Apple using "Hide My Email," all emails are sent to your private relay email address (ending in @privaterelay.appleid.com). Apple automatically forwards these emails to your Apple ID email address. Please check your Apple ID email inbox for all important notifications from Mind Tiles. We cannot send emails directly to your real email address because Apple does not provide us with your real email address when you use "Hide My Email."

All email communications comply with applicable data protection laws, including CAN-SPAM Act (United States), GDPR (European Union), and CASL (Canada) requirements for transactional messages.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

13. Contact Us

14. Compliance

This Privacy Policy is designed to comply with applicable data protection laws, including:

• General Data Protection Regulation (GDPR) - European Union
• California Consumer Privacy Act (CCPA) - California, USA
• Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
• Other applicable regional privacy laws

14.1 GDPR Compliance

As a GDPR-compliant service, we ensure:

• Lawful Basis: We process your data based on consent (account creation) and legitimate interest (service functionality, security)
• Data Minimization: We only collect data necessary for service provision
• Right to Erasure: You can delete your account at any time, which permanently deletes all your personal data
• Right to Access: You can request a copy of your personal data by contacting support
• Right to Rectification: You can update your information through your account settings
• Right to Data Portability: You can request your data in a machine-readable format
• Right to Object: You can object to certain processing activities (analytics opt-out)

14.2 CCPA Compliance

As a CCPA-compliant service, we ensure:

• Right to Know: You can request information about data collection and sharing
• Right to Delete: You can delete your account to permanently delete all personal data
• Right to Opt-Out: You can opt out of non-essential analytics and data sharing
• Non-Discrimination: We do not discriminate against users who exercise their privacy rights

14.3 Mobile App Store Compliance

Our privacy practices comply with mobile app store requirements (including Apple App Store and Google Play Store):

• Privacy policy is accessible and comprehensive
• Data collection practices are clearly disclosed
• Analytics and tracking are disclosed
• Account deletion and data purge are clearly explained
• User consent is obtained through account creation