Privacy Policy
Last updated: June 30, 2026
1. Overview
MindSpace ("we", "our", "us") is an AI-assisted wellness screening and support platform. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act 2023) and the Information Technology (Reasonable Security Practices and Procedures) Rules, 2011.
Important: MindSpace is a digital well-being support platform. It is not a replacement for emergency care or professional medical treatment.
2. Data We Collect
2.1 Personal Information
- Name, email address, phone number
- Date of birth, gender, state/district, address
- Profile avatar preference
2.2 Sensitive Personal Data
- Mental health screening scores and prediction labels
- Voice recordings (deleted within 24 hours of processing)
- Facial expression video (deleted immediately after feature extraction)
- Text responses to wellness scenarios
- Chat messages with counselors and AI chatbot
- Breathing and movement activity session data
3. Legal Basis for Processing
We process your personal data based on your explicit consent, which you provide through our granular consent form covering text, voice, and facial expression processing separately. You may withdraw consent at any time.
4. Your Rights Under DPDP Act 2023
- Right to Access: Request a copy of your personal data
- Right to Correction: Update inaccurate or incomplete data
- Right to Erasure: Request deletion of your data (within 30 days)
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Grievance Redressal: File a complaint with our Data Protection Officer
- Right to Breach Notification: Be informed of any data breach affecting your data
5. Data Retention
- Raw audio recordings: Deleted within 24 hours of processing
- Raw video footage: Discarded immediately after numerical feature extraction
- Text responses: 6 months, then anonymized
- Anonymized feature vectors: Up to 5 years for research purposes
- Account data: Retained until account deletion request
6. Data Security
We implement the following security measures:
- Encrypted data transmission via HTTPS/TLS
- PBKDF2 password hashing
- Rate limiting on authentication endpoints
- Input sanitization and XSS protection
- Role-based access control
- Audit logging of all data access events
- Content Security Policy (CSP) headers
7. Data Sharing & Cross-Border Transfer
Your data may be processed by our third-party AI analysis providers for the purpose of generating wellness predictions. These providers are contractually bound to comply with DPDP Act 2023 data protection requirements. All data transfers outside India are governed by Section 16 of the DPDP Act 2023 with appropriate safeguards.
8. Children's Data
MindSpace is intended for users aged 18 and above. We do not knowingly collect data from children under 18 without verifiable parental consent. If you believe a child has provided us with personal data, please contact our Data Protection Officer immediately.
9. Contact & Grievance Redressal
Data Protection Officer (DPO):
Email: dpo@mindspace.local
Phone: +91-XXX-XXXXXXX
Response time: Within 30 days
Escalation: If your grievance is not resolved to your satisfaction, you may escalate to the Data Protection Board of India.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform.
MindSpace