Mindflex is an AI wellness companion built by psychotherapy researchers. Here's how we protect you, your data, and your wellbeing.
We believe everyone deserves someone who listens, reflects, and offers new perspectives. Mindflex is an AI-powered wellness companion that supports self-reflection and emotional wellbeing. It is not a substitute for professional mental health treatment.
Every conversation in Mindflex is guided by prompts and safety protocols designed by trained psychotherapy researchers. Our team's clinical background informs every aspect of the product — from how the AI responds to how it handles crisis situations.
The founding team met during their psychology studies at Health and Medical University Potsdam, Germany. Two hold Master's degrees in Psychotherapy, providing the clinical expertise behind Mindflex's conversational design, safety protocols, and crisis response systems.
We believe you should know exactly how our AI works. There is no "black box" — here is what happens when you send a message.
Mindflex is powered by Anthropic's Claude, a large language model. When you send a message, it is processed alongside a system prompt written by our psychotherapy researchers. The AI does not make independent decisions — it follows the guidelines our clinical team has designed.
Anthropic Claude (Sonnet 4.5 / 4.6) — a safety-focused AI model with built-in safeguards against harmful outputs.
Your conversations are never used to train AI models. Anthropic's API does not use customer data for training.
Every screen in Mindflex displays: "AI, not a human therapist" — a permanent reminder that you are interacting with an AI system, not a licensed professional. This disclosure is always visible, not just shown once.
Your conversations are deeply personal. We treat them with the highest level of care. All data processing is GDPR and CCPA compliant.
| Data | Purpose | Stored where |
|---|---|---|
| Email address | Authentication | Supabase (US-East-1) |
| Display name | Personalization | Supabase |
| Chat messages | Conversation continuity | Supabase (encrypted) |
| Conversation memory | Long-term context | Zep (SOC 2 Type II) |
| Device token | Push notifications | Supabase |
| Timezone / City | Reminder scheduling | Supabase |
| Real name (optional, you choose) |
| Phone number |
| Location data / GPS |
| Biometric data |
| Health insurance information |
| Contacts, photos, or device data |
In transit: TLS 1.2+ for all API calls.
At rest: AES-256 encryption on all stored data via Supabase.
Chat data is stored with random user IDs. Your email is only linked to your auth account, not embedded in conversation data.
Our data protection is certified and monitored by heyData GmbH, a professional GDPR compliance partner based in Berlin, Germany. They serve as our external Data Protection Officer (Datenschutzbeauftragter) as required by EU law.
You are always in control of your data. These rights are available to every user, at any time, with no barriers.
Settings → Delete Account. All personal data (email, name) is permanently deleted. All chat data is fully anonymized — no way to trace it back to you.
Settings → Export Data. Download a complete copy of all your data at any time, as required by GDPR Article 20 (right to data portability).
You can withdraw your health data consent at any time. Your previously given consent remains valid for data processed before withdrawal.
At any point, you can choose to speak with a real person instead. Access via the menu → "Talk to a human" → findahelpline.com.
User safety is our highest priority. All three AI agents (onboarding, life history, therapy) have embedded crisis detection and response protocols designed by our clinical team.
When the AI detects signs of acute distress, suicidal ideation, or self-harm, it immediately:
1. Acknowledges the user's feelings with empathy and care.
2. Displays a crisis resource banner with direct links to helplines.
3. Refers the user to findahelpline.com for immediate human support.
4. Logs the event internally for safety monitoring.
The AI is explicitly instructed to never:
• Diagnose any condition or disorder
• Recommend or discuss medication
• Provide clinical treatment plans
• Encourage self-harm or dangerous behavior
• Claim to replace professional therapy
• Minimize crisis situations
Please reach out to professional help immediately:
Mindflex is designed for adults. We take the protection of minors seriously.
Users must confirm they are at least 16 years old (EU/GDPR) or 13 years old (US/COPPA) before using the app. This confirmation is collected via an explicit checkbox on the consent screen and recorded with a timestamp in our database.
Mindflex is not designed for, marketed to, or intended for use by children. If we become aware that a user is under the minimum age, their account will be terminated and all associated data will be deleted.
We work with carefully selected partners. Each processes only the minimum data necessary for their function. Data Processing Agreements (DPAs) are in place as required by GDPR Article 28.
| Partner | Function | DPA Status |
|---|---|---|
| Anthropic | AI model (Claude) — processes messages to generate responses | ✓ Signed |
| OpenAI | Auxiliary AI processing | ✓ Signed |
| Supabase | Database, authentication, encrypted storage | ✓ Signed |
| Zep | Long-term conversation memory (SOC 2 Type II) | Requested |
| RevenueCat | Subscription management | ✓ Signed |
| Sentry | Error monitoring (no personal data in reports) | ✓ Signed |
| Expo | Push notifications, app delivery | GDPR compliant |
| heyData | External Data Protection Officer | ✓ Contracted |
We proactively monitor and address regulatory requirements across jurisdictions. Below is how we comply with key laws and frameworks.
We view regulation as a positive force for user protection. As psychotherapy researchers, we understand the responsibility that comes with building tools that people trust with their emotional wellbeing. We proactively engage with emerging legislation rather than reacting to it, and we welcome dialogue with regulators, clinicians, and advocacy groups.
Mindflex UG (haftungsbeschränkt)
Berlin, Germany
hello@mindflex.world
External DPO: heyData GmbH
Berlin, Germany
For data protection inquiries, contact us at hello@mindflex.world
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. In Germany, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI).
We encourage you to contact us first so we can address your concern directly.