Last updated: April 2026
The controller of your personal data is Michał Chochół, Poland. Contact: info@mindhush.app.
We store your username, a bcrypt-hashed password, the messages you write during reflection sessions, mood ratings, and your language and privacy preferences. That is everything.
MindHush does not require an email address, real name, or any identifying information. We do not retain IP address logs.
Session messages are sent to the OpenAI API solely to generate reflective questions. We use the API with training-data opt-out enabled — your content is never used to train AI models. We do not sell, share, or monetise your data in any way.
In Settings → Privacy you can set automatic deletion of your session history after 30, 60, or 90 days. You can also delete all sessions or your entire account at any time from the Settings page.
Passwords are hashed with bcrypt. Sessions use PHP native session handling with secure, HTTP-only cookies. Data is stored on servers within the EU.
We use a single session cookie to keep you logged in. We do not use tracking, analytics, or advertising cookies.
OpenAI (api.openai.com) processes your session messages to generate responses. No other third party has access to your session content.
We process your data on the basis of your consent (Article 6(1)(a) GDPR). Session content and mood ratings may constitute health-related data under Article 9 GDPR — we process it solely on the basis of your explicit consent given at registration. You may withdraw consent at any time by deleting your account in Settings.
Under GDPR you have the right to access, correct, delete, restrict processing of, and port your data, as well as to object to processing and withdraw consent at any time. You may also lodge a complaint with a supervisory authority. To exercise any right, contact us at info@mindhush.app.
Material changes will be noted here with an updated date.