EaseMind Privacy Policy

Last Updated: January 2025

1. Introduction

Welcome to EaseMind. Your privacy and security are fundamental to us. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application and related services.

EaseMind is an emotional support and mental wellness app that uses artificial intelligence (AI) to provide empathetic support, guided breathing exercises, emotional journaling, and educational content. Important: EaseMind is not a mental health service, does not provide medical diagnoses, and does not replace professional treatment.

2. Data We Collect

2.1. Data You Provide

• Account Information: Name, email, encrypted password
• Conversations with Luna: Chat messages you send to our empathetic AI
• Emotional Journal: Diary entries, recorded moods, and personal reflections
• Guided Sessions: History of completed breathing, meditation, and relaxation sessions
• Audio (Optional): If you enable voice features, temporary audio recordings for speech transcription (discarded after processing)

2.2. Automatically Collected Data

• Usage Data: App usage frequency, sessions started, features used
• Device Data: Device model, operating system, app version
• Analytics Data: Technical logs for debugging and service improvement (no personal content)

2.3. Data We DO NOT Collect

• We do not collect sensitive medical health data (diagnoses, prescriptions, medical history)
• We do not access contacts, photos, precise location, or other apps on your device
• We do not sell or share your data with third parties for advertising

3. How We Use Your Data

3.1. Primary Purposes

• Provide the Service: Process your conversations with Luna, generate empathetic responses via AI (OpenAI GPT-4o-mini)
• App Functionality: Store your journal, track session progress, sync data across devices
• Personalization: Adapt session recommendations and content to your usage and preferences
• Technical Support: Resolve issues, answer questions, and improve experience

3.2. AI Processing

• Your messages are sent to the AI provider (OpenAI) via encrypted API to generate responses
• OpenAI processes data according to its own privacy policy (https://openai.com/privacy)
• We do not share identifiable data beyond what is necessary for conversation processing

3.3. Improvements and Analytics

• Aggregated and anonymized data for statistical analysis (e.g., "30% of users complete breathing sessions")
• Optional feedback to train and improve AI models (always de-identified)

4. Legal Basis (GDPR/LGPD)

We process your data based on:

• Contract Performance: Necessary to provide the service you requested
• Consent: For optional features (voice, advanced analytics)
• Legitimate Interests: Technical improvements, security, and fraud prevention

5. Data Sharing

5.1. We Share Data With:

• AI Provider (OpenAI): To process conversations and generate empathetic responses
• Cloud Infrastructure (MongoDB Atlas, Google Cloud): To securely store data
• Payment Processors (Apple, Google): To manage subscriptions (via App Store/Google Play)
• Anonymous Analytics Tools: To monitor performance and app usage

5.2. We DO NOT Share Data With:

• Third-party advertising or marketing companies
• Social networks (no Facebook, Google login, etc.)
• Governments or authorities, except under lawful court order

6. Data Retention

• Account Data: Retained while your account is active
• Conversations and Journal: Stored indefinitely until you request deletion
• Technical Logs: Retained for up to 90 days for debugging
• Account Deletion: When you delete your account, all personal data is permanently removed within 30 days

7. Your Rights (GDPR/LGPD)

You have the right to:

• Access: Request a copy of all your data
• Correct: Update incorrect or outdated information
• Delete: Permanently delete your account and all associated data
• Portability: Export your data in readable format (JSON)
• Revoke Consent: Disable optional features at any time
• Object: Contest data processing for specific purposes

How to exercise your rights: Email privacy@easemind.io or use the "Delete Account" option in the app.

8. Security

We implement rigorous technical and organizational measures:

• Encryption: Data in transit (HTTPS/TLS) and at rest (AES-256)
• Restricted Access: Only authorized personnel can access data (with audit logs)
• Security Testing: Regular audits and vulnerability monitoring
• Secure Backup: Encrypted backups with 30-day retention

Note: No system is 100% secure. In case of data breach, we will notify you as required by law (LGPD Art. 48, GDPR Art. 33).

9. International Transfers

Your data may be processed on servers located in the USA (OpenAI, Google Cloud). We ensure adequate protection via:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• GDPR/LGPD Compliance of service providers

10. Minors

EaseMind is not intended for minors under 18. If you are 13-17, you need parental/guardian consent. We do not intentionally collect data from minors under 13. If we identify such situation, we will delete data immediately.

11. Cookies and Tracking

The mobile app does not use cookies. The web version (if available) may use:

• Essential Cookies: To maintain login session
• Analytics Cookies: To measure site usage (Google Analytics)

You can disable cookies in browser settings.

12. Changes to This Policy

We may update this policy periodically. We will notify significant changes via:

• Email (for material changes)
• In-app notification
• Notice on easemind.io website

Last updated: January 2025

13. Contact

Data Controller: EaseMind, Inc. Email: privacy@easemind.io General Support: support@easemind.io Address: [To be defined]

Data Protection Officer (DPO): dpo@easemind.io

---

Supervisory Authority (Europe): See https://edpb.europa.eu/about-edpb/board/members_en Supervisory Authority (Brazil): ANPD - https://www.gov.br/anpd