Safety & Compliance

Built for trust.
Designed for transparency.

Mindflex is an AI wellness companion built by psychotherapy researchers. Here's how we protect you, your data, and your wellbeing.

3
Psychology researchers
6
DPAs with partners
24/7
Crisis protocol active
100%
Data deletable

On this page

📋

What Mindflex is — and what it is not

We believe everyone deserves someone who listens, reflects, and offers new perspectives. Mindflex is an AI-powered wellness companion that supports self-reflection and emotional wellbeing. It is not a substitute for professional mental health treatment.

What Mindflex IS

  • An AI wellness companion for self-reflection
  • A preventive tool for emotional wellbeing
  • Designed by psychotherapy researchers
  • A bridge between needing help and getting help
  • Available 24/7 without waiting lists
  • Self-help and personal growth support

What Mindflex is NOT

  • Not psychotherapy or clinical treatment
  • Not a licensed therapist or medical professional
  • Not a medical device or diagnostic tool
  • Not a replacement for professional care
  • Not capable of prescribing medication
  • Not making clinical or therapeutic decisions
👥

Clinical foundation & team

Every conversation in Mindflex is guided by prompts and safety protocols designed by trained psychotherapy researchers. Our team's clinical background informs every aspect of the product — from how the AI responds to how it handles crisis situations.

MT

Moritz Tiedemann

M.Sc. Psychotherapy
Co-Founder
FM

Felix Mai

M.Sc. Psychotherapy
Co-Founder
JH

Julian Hecht

B.Sc. Psychology
Co-Founder

Academic background

The founding team met during their psychology studies at Health and Medical University Potsdam, Germany. Two hold Master's degrees in Psychotherapy, providing the clinical expertise behind Mindflex's conversational design, safety protocols, and crisis response systems.

🤖

AI transparency

We believe you should know exactly how our AI works. There is no "black box" — here is what happens when you send a message.

How Mindflex works

Mindflex is powered by Anthropic's Claude, a large language model. When you send a message, it is processed alongside a system prompt written by our psychotherapy researchers. The AI does not make independent decisions — it follows the guidelines our clinical team has designed.

Yousend a message
Supabaseencrypted storage
Anthropic ClaudeAI processing
Responseguided by clinical prompts

AI model

Anthropic Claude (Sonnet 4.5 / 4.6) — a safety-focused AI model with built-in safeguards against harmful outputs.

No training on your data

Your conversations are never used to train AI models. Anthropic's API does not use customer data for training.

Permanent AI disclosure

Every screen in Mindflex displays: "AI, not a human therapist" — a permanent reminder that you are interacting with an AI system, not a licensed professional. This disclosure is always visible, not just shown once.

🔒

Data & privacy

Your conversations are deeply personal. We treat them with the highest level of care. All data processing is GDPR and CCPA compliant.

What we collect

DataPurposeStored where
Email addressAuthenticationSupabase (US-East-1)
Display namePersonalizationSupabase
Chat messagesConversation continuitySupabase (encrypted)
Conversation memoryLong-term contextZep (SOC 2 Type II)
Device tokenPush notificationsSupabase
Timezone / CityReminder schedulingSupabase

What we do NOT collect

Real name (optional, you choose)
Phone number
Location data / GPS
Biometric data
Health insurance information
Contacts, photos, or device data

Encryption

In transit: TLS 1.2+ for all API calls.
At rest: AES-256 encryption on all stored data via Supabase.

Pseudonymization

Chat data is stored with random user IDs. Your email is only linked to your auth account, not embedded in conversation data.

External Data Protection Officer

Our data protection is certified and monitored by heyData GmbH, a professional GDPR compliance partner based in Berlin, Germany. They serve as our external Data Protection Officer (Datenschutzbeauftragter) as required by EU law.

⚖️

Your rights & control

You are always in control of your data. These rights are available to every user, at any time, with no barriers.

🗑️ Delete your account

Settings → Delete Account. All personal data (email, name) is permanently deleted. All chat data is fully anonymized — no way to trace it back to you.

📦 Export your data

Settings → Export Data. Download a complete copy of all your data at any time, as required by GDPR Article 20 (right to data portability).

↩️ Withdraw consent

You can withdraw your health data consent at any time. Your previously given consent remains valid for data processed before withdrawal.

🧑 Talk to a human

At any point, you can choose to speak with a real person instead. Access via the menu → "Talk to a human" → findahelpline.com.

🛡️

Safety & crisis protocol

User safety is our highest priority. All three AI agents (onboarding, life history, therapy) have embedded crisis detection and response protocols designed by our clinical team.

What happens when a crisis is detected

When the AI detects signs of acute distress, suicidal ideation, or self-harm, it immediately:

1. Acknowledges the user's feelings with empathy and care.
2. Displays a crisis resource banner with direct links to helplines.
3. Refers the user to findahelpline.com for immediate human support.
4. Logs the event internally for safety monitoring.

Hard safety rules — built into every AI agent

The AI is explicitly instructed to never:

• Diagnose any condition or disorder
• Recommend or discuss medication
• Provide clinical treatment plans
• Encourage self-harm or dangerous behavior
• Claim to replace professional therapy
• Minimize crisis situations

If you or someone you know is in crisis

Please reach out to professional help immediately:

findahelpline.com
International helpline directory
988
Suicide & Crisis Lifeline (US)
0800 111 0 111
Telefonseelsorge (Germany, 24h)
112
Emergency (EU/International)
👤

Age policy

Mindflex is designed for adults. We take the protection of minors seriously.

Age requirements

Users must confirm they are at least 16 years old (EU/GDPR) or 13 years old (US/COPPA) before using the app. This confirmation is collected via an explicit checkbox on the consent screen and recorded with a timestamp in our database.

Mindflex is not designed for, marketed to, or intended for use by children. If we become aware that a user is under the minimum age, their account will be terminated and all associated data will be deleted.

🔗

Technical partners & data processing

We work with carefully selected partners. Each processes only the minimum data necessary for their function. Data Processing Agreements (DPAs) are in place as required by GDPR Article 28.

PartnerFunctionDPA Status
Anthropic AI model (Claude) — processes messages to generate responses ✓ Signed
OpenAI Auxiliary AI processing ✓ Signed
Supabase Database, authentication, encrypted storage ✓ Signed
Zep Long-term conversation memory (SOC 2 Type II) Requested
RevenueCat Subscription management ✓ Signed
Sentry Error monitoring (no personal data in reports) ✓ Signed
Expo Push notifications, app delivery GDPR compliant
heyData External Data Protection Officer ✓ Contracted

Regulatory compliance

We proactively monitor and address regulatory requirements across jurisdictions. Below is how we comply with key laws and frameworks.

Regulation How we comply Status
GDPR (EU)
Explicit health data consent, data export, account deletion with anonymization, external DPO (heyData), DPAs with all processors
✓ Compliant
CCPA (California)
Right to know, delete, and opt-out. No sale of personal data. Privacy policy accessible in-app and on web.
✓ Compliant
CA SB 243
Permanent AI disclosure in UI, crisis detection protocol, referral to human helplines
✓ Addressed
CA AB 489
No professional titles, no clinical terminology implying licensed care, no misleading design elements
✓ Addressed
CA AB 3030
AI-generated content disclosed, human contact instructions provided
✓ Addressed
TX TRAIGA
AI use disclosed before interaction via permanent disclaimer
✓ Addressed
NV AB 406
Positioned as self-help wellness tool, not professional mental health care. No clinical titles used.
✓ Addressed
IL WOPRA
Self-help/wellness exemption applies. No independent therapeutic decisions made by AI.
✓ Addressed
NY Companion Law
Permanent, continuous reminder that user is communicating with AI, not a human
✓ Addressed
HWG (Germany)
No healing claims, no diagnosis, no medication. Clear wellness/self-help framing.
✓ Compliant
PsychThG (Germany)
Not offering psychotherapy within the meaning of §1 PsychThG. Self-reflection companion only.
✓ Compliant
EU AI Act
AI transparency disclosures in place. Monitoring classification requirements as they take effect (Aug 2026).
Monitoring
COPPA (US)
Not designed for or marketed to children. Age consent required.
✓ Addressed

Our approach to regulation

We view regulation as a positive force for user protection. As psychotherapy researchers, we understand the responsibility that comes with building tools that people trust with their emotional wellbeing. We proactively engage with emerging legislation rather than reacting to it, and we welcome dialogue with regulators, clinicians, and advocacy groups.

✉️

Contact & complaints

General contact

Mindflex UG (haftungsbeschränkt)
Berlin, Germany
hello@mindflex.world

Data protection

External DPO: heyData GmbH
Berlin, Germany
For data protection inquiries, contact us at hello@mindflex.world

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. In Germany, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI).

We encourage you to contact us first so we can address your concern directly.