Privacy Policy
Last updated: July 8, 2026
This policy explains what information MindMatch LLC collects, how it is used, and what choices you have. We have tried to write it plainly.
1. Introduction
MindMatch LLC ("we," "our," or "us") is an educational psychology platform. We take your privacy seriously. This policy covers what information we collect when you use MindMatch, how we use it, who we share it with, and what rights you have over it.
If you do not agree with this policy, please do not use the Service. By continuing to use MindMatch, you acknowledge that you have read and understood how your information is handled.
2. Information We Collect
We collect different types of information depending on how you use the platform:
Account Information
If you create an account, we collect your email address and any name you provide. If you sign in via Google, we receive your name and email from Google. We do not store your password in plain text.
Assessment and Exercise Responses
When you complete the two-phase questionnaire, psychological exercises, journaling tools, or any other interactive feature, we collect the responses you submit. This includes your questionnaire answers, derived (x, y) coordinates, theorist and antitheorist match, and any written reflections you save.
Guide Access Information
When you request a magic link to access a 7-day guide, we collect and temporarily store your email address and a hashed access token. This is used solely to verify your access and is not associated with any other profile unless you create an account.
Financial Assistance Application
If you apply for financial assistance, we collect the information you voluntarily provide in your application. This is handled with strict confidentiality and is never shared with third parties or used for any purpose other than reviewing your application.
Journal and Exercise Data (Encrypted at Rest)
Personal journal entries, dream journal records, and inner-work exercise responses are encrypted at the application layer using AES-256-GCM before being stored in our database. This means the sensitive content of your entries — titles, written reflections, and dream descriptions — is stored in encrypted form. Metadata such as dates, mood tags, and streak counts remain unencrypted for functional purposes. The encryption is server-side: MindMatch LLC holds the decryption key and uses it solely to deliver features such as AI-generated weekly journal reviews.
Usage and Technical Data
We may automatically collect standard technical information when you visit the site, including your IP address, browser type, device, operating system, and the pages you visit. This helps us keep the platform running and identify issues.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Delivering personalized results, exercises, and course content
- Generating AI-powered readings and adaptive resources (Tier 2 and Tier 3 course purchasers)
- Managing your account and maintaining your access
- Sending magic links and transactional emails via Resend
- Reviewing and responding to financial assistance applications
- Improving the platform, fixing bugs, and developing new features
- Protecting against fraudulent or unauthorized use
4. Research Use of Aggregated Data
Some of the information collected through MindMatch may be used for research purposes. This section explains what that means and how your privacy is protected.
MindMatch gathers a meaningful volume of data about how people respond to psychological frameworks: which theorists they match with, how their answers cluster, what patterns emerge across different demographics, and how engagement with exercises changes over time. This data has genuine research value.
We may use this data for internal research into psychological typology, the effectiveness of interventions, and platform design. We may also publish or present findings derived from this data in academic or professional contexts.
When data is used for research, it is aggregated and de-identified before analysis. This means:
- Your name and email are never included in research data
- Individual responses are not published or shared in identifiable form
- Research findings describe patterns across groups, not individuals
- No third party receives your raw personal data for research purposes
If you prefer that your data not be included in aggregated research, you may contact us at hello@mindmatch.agency to request exclusion. This will not affect your access to the platform.
5. AI-Generated Content and Your Data
For Tier 2 and Tier 3 course purchasers, we use your questionnaire responses and theorist match to generate personalized readings and adaptive resources via a language model. Your data is passed to the model at the point of generation and is not stored by the AI provider for training purposes under our usage agreement.
We do not use your personal exercise responses, journal entries, or questionnaire answers to train any AI model, internal or external.
6. Third-Party Services
We use a small number of trusted third-party services to operate the platform:
Supabase
Authentication and database. Stores account information and exercise data.
Resend
Email delivery. Used to send magic links and transactional emails. Your email address is shared with Resend for this purpose only.
Google OAuth
If you choose to sign in with Google, Google shares your name and email with us. We do not receive your Google password or any other Google account data.
Google Gemini (AI)
We use Google's Gemini API to generate features such as your weekly journal review. When this feature is invoked, a summary of your recent journal entries is sent to the Gemini API for processing. This data is used only to generate your response and is not retained by Google for training under our API usage agreement.
We do not sell your personal information to any third party. We do not share your data with advertisers.
7. Data Security
We take reasonable technical and administrative measures to protect your information. Specific protections include:
AES-256-GCM Field-Level Encryption
Journal entry content, dream journal titles and descriptions, and inner-work exercise reflections are encrypted at the application layer before storage. Encrypted values use a format that includes an initialisation vector and authentication tag, ensuring both confidentiality and integrity. The encryption key is derived from a secret stored outside the database.
Hashed Access Tokens
Magic links for guide access use hashed tokens stored server-side. The raw token exists only in the email link and is never stored in plain text.
Secure Connections
All data transmitted between your browser and our servers uses TLS encryption. Database connections are made over encrypted channels.
No system is completely immune to breach, and we cannot guarantee absolute security. If a breach occurs that affects your personal data, we will notify affected users as promptly as circumstances allow.
8. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal information from our systems within 30 days, except where retention is required by law or legitimate business necessity (such as records of a completed transaction).
Magic link tokens expire after 7 days and are purged from the database on a rolling basis.
9. Cookies
We use cookies for the following limited purposes:
- Maintaining your login session if you have an account
- Storing guide access status after verifying a magic link (30-day cookie)
We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.
10. Your Rights
You have the following rights regarding your personal information:
- Access: request a copy of the data we hold about you
- Correction: request that inaccurate data be corrected
- Deletion: request that your data be deleted
- Opt out of research use: request that your data not be included in aggregated research
- Portability: request your data in a portable format
- Withdrawal of consent: stop using the Service at any time
To exercise any of these rights, contact us at hello@mindmatch.agency. We will respond within a reasonable timeframe.
11. Children's Privacy
MindMatch is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a child has submitted information through our platform, please contact us immediately and we will remove it.
12. Changes to This Policy
We may update this policy periodically. When we do, we will update the date at the top of the page. For changes that materially affect how we use your data, particularly around research use, we will make reasonable efforts to notify active users by email.
13. Contact
For any questions about this Privacy Policy, data requests, or concerns about how your information is handled:
Email: hello@mindmatch.agency