Privacy Policy
Last updated: April 19, 2026
This Privacy Policy explains how Rightmynd ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our website and services (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this Policy.
1. Information We Collect
Information you provide
- Account information: name, email address, password hash, and any profile details you choose to provide when you sign up.
- Payment information: if you subscribe to a paid plan, our payment processor (Stripe) collects your payment card details. We do not store full payment card numbers on our servers; we store only a reference ID provided by Stripe and metadata such as billing period, plan, and status.
- Communications: any messages or feedback you send us (e.g., support emails).
Information collected automatically
- Usage data: pages viewed, features used, tickers searched, timestamps, referring URLs, and similar metadata.
- Device and technical data: IP address, browser type and version, operating system, device identifiers, and approximate location (derived from IP).
- Cookies and similar technologies: we use cookies and similar storage technologies for authentication (keeping you signed in), functional preferences, and analytics. You can control cookies via your browser settings, but disabling them may break core functionality (e.g., sign-in).
2. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Service;
- Authenticate users and maintain account security;
- Process subscription payments and send billing receipts;
- Respond to your support requests and communicate service-related updates;
- Analyze usage patterns to improve the Service;
- Detect, investigate, and prevent fraud, abuse, or violations of our Terms of Service;
- Comply with legal obligations and respond to lawful requests.
3. How We Share Information
We do not sell your personal information. We share information only in the limited circumstances below:
- Service providers: we use trusted third-party vendors to operate the Service, including hosting (Railway, Vercel), authentication (Clerk), payment processing (Stripe), analytics, and error monitoring. These providers only receive information necessary to perform their function and are contractually obligated to protect it.
- Legal compliance: we may disclose information if required by law, subpoena, court order, or to protect the rights, property, or safety of us, our users, or the public.
- Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email and/or a prominent notice on the Service.
4. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where retention is required by law (e.g., tax records, fraud prevention).
5. Data Security
We implement reasonable technical and organizational measures to protect your information against loss, theft, misuse, and unauthorized access, including encryption in transit (HTTPS/TLS), encryption at rest, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: request a copy of the personal information we hold about you;
- Correction: request that we correct inaccurate or incomplete information;
- Deletion: request that we delete your personal information, subject to legal exceptions;
- Portability: request your information in a structured, machine-readable format;
- Objection or restriction: object to or restrict certain types of processing;
- Withdraw consent: where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, contact us at support@rightmynd.com. We will respond within the timeframe required by applicable law (typically 30 days).
7. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, to delete it, to correct it, and to opt out of its "sale" or "sharing." We do not sell personal information.
8. European Users (GDPR/UK GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing your personal information are: (i) performance of a contract (providing the Service you signed up for); (ii) our legitimate interests (improving and securing the Service); (iii) your consent (where applicable); and (iv) legal obligations. You have the right to lodge a complaint with your local data protection authority.
9. Children's Privacy
The Service is not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us and we will delete it.
10. International Data Transfers
Our servers and service providers may be located in the United States and other countries. By using the Service, you consent to the transfer of your information to countries that may have data protection laws different from those in your jurisdiction.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 14 days before taking effect. The "Last updated" date at the top of this page indicates when the Policy was last revised.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at support@rightmynd.com.