Privacy Policy

MindWiki is operated by Keaton Williams, doing business as MindWiki — a United States-based sole proprietorship. For privacy purposes, MindWiki is the data controller of your personal information. "MindWiki", "we", "us", and "our" refer to this operator; "you" refers to the person using the iOS app, the macOS app, MindWiki Cloud, the MCP server, or the public API.

For the operator's formal identification and regional imprint details, see our Legal Notices & Imprint.

This Privacy Policy covers all MindWiki products and surfaces. It works alongside a set of more detailed documents, each of which is the authoritative source for its area:

• AI Processing Policy — exactly what is sent to which AI provider, and what is not.
• Subprocessors — the current, complete list of vendors that process data on our behalf.
• Cookie Policy — what we set and why (essential, no tracking).
• Privacy Choices & Data Rights — how to exercise every right described below.
• Regional Privacy Addendum — GDPR/UK, California and other US states, and other jurisdictions.
• Account & Data Deletion and Minor Safety & Age Eligibility.

Where a specialist page gives more specific detail, that detail governs. Where they are silent, this policy applies.

Account information

Your name, email address, username, account settings and preferences, and — if you sign in with Apple — the binding and attestation Apple returns. We store a hash of your password, never the password itself.

Your vault content

The content you create or capture: Markdown pages and their bodies, frontmatter, titles, and wikilinks; attachments you add — images, audio, video, PDFs, and documents — which are stored in our object storage; AI chat prompts and responses you save; voice transcripts; and material captured from your personal email-capture address. We also generate vector embeddings of your pages so semantic search and retrieval work.

Payment information

For web and macOS purchases, our payment processor handles your email, billing address, a tokenized payment method (we never see or store your raw card number), country, any tax IDs, and transaction history. For iOS purchases through Apple's In-App Purchase, we receive App Store transaction identifiers, a hashed user identifier, your entitlement state, and device platform — not your payment method.

Device, usage, and diagnostics

Your IP address and API request logs (used for security, abuse prevention, and aggregate analytics — analytics IPs are truncated). If you opt into "Send anonymized diagnostics", we also receive crash stack traces, app version, OS version, and device model, with personal data scrubbed and no vault content.

AI inputs

When you use an AI feature, the relevant prompt or voice utterance text, the vault snippets retrieved to answer it, and (for voice and vision) the audio chunk or image are processed as described in the AI section below.

We use your information to create and operate your account, sync your vault across your devices, run the AI features you enable, process payments, provide support, keep the service secure, and meet legal obligations. Where the GDPR or similar laws apply, our legal bases are:

• Performance of a contract — account creation, sync, billing, and support.
• Legitimate interests — security monitoring, fraud and abuse prevention, aggregated product analytics, defending legal claims, and service-update communications.
• Consent — marketing emails, optional AI features beyond the basics, and device permissions (microphone, camera, photos).
• Legal obligation — responding to lawful requests, tax and accounting retention, and mandatory child-safety reporting.

MindWiki's AI features — chat grounded in your vault, live voice conversations, voice capture transcription, vision, semantic search, and the autonomous agents (Auto-Linker, Weekly Classifier, Pattern Detection, Monthly Auto-Report, and the macOS Vault Master) — work by sending only the text of your request plus a few relevant vault snippets to a model provider. We never send your entire vault in bulk, and we never send another user's content.

We do not use your private vault content to train AI models — ours or any third party's. Our model providers operate under API terms that do not train on inputs by default. Autonomous agents only ever propose changes for your review; they never modify your vault without your approval.

For the full breakdown of what is sent to which provider, retention windows, and how to turn any of it off (including a hard, account-wide opt-out), see the AI Processing Policy and AI Use Policy.

MindWiki does not sell personal information for money and does not share personal information for cross-context behavioral advertising. We don't run third-party analytics or advertising trackers, and we don't use your vault content to train AI models. We honor Global Privacy Control and Do Not Track signals as opt-outs.

We rely on a small set of vendors ("subprocessors") to run the service. The core ones are:

• Cloudflare — application compute, database, object storage for attachments, caches, semantic-search index, and CDN.
• Vercel — marketing site, docs, and status pages (no vault content).
• Apple — App Store distribution, In-App Purchase billing, Sign in with Apple, and push notifications.
• AI & voice providers — including Anthropic, OpenAI, Google, and real-time voice infrastructure, used to power the AI features you enable.
• Stripe and RevenueCat — web/macOS billing and App Store entitlement management.
• Resend — transactional email, and Sentry — opt-in crash reporting.

The authoritative, always-current list — with each vendor's exact purpose, the data they receive, their region, and a link to their privacy policy — lives on our Subprocessors page. We give at least 30 days' notice before adding a new one, and you may object.

On the web we use essential, HTTP-only cookies for authentication and a CSRF token, plus your theme preference in local storage. Our only analytics are first-party server request logs (country-level location, URL path, status, latency) — no advertising cookies, no cross-site tracking, no Google Analytics or Meta Pixel. The native apps use no web cookies; sign-in tokens live in the system keychain.

Full detail is on the Cookie Policy.

We keep your data for as long as your account is active. When you delete content or your account, we remove it on the timeline described in Account & Data Deletion. After deletion, limited records persist only where necessary: encrypted point-in-time backups age out (currently within about 35 days), billing records are kept for tax and accounting (typically up to 7 years in the United States), and enforcement records are kept where we terminated an account for cause.

You can export your entire vault — every Markdown page with frontmatter intact, all attachments in their original formats, plus an index of your folder structure — at any time, and you can delete your account and its data, all from inside the app:

• iOS — Settings → Privacy & Data → Export my data, or Delete account.
• macOS — Preferences → Account → Export data, or Delete account.
• MindWiki Cloud — Account → Data → Export, or Account → Danger Zone → Delete account.

Deletion is permanent, but not instantaneous: your account is flagged immediately and sign-in is blocked, live content is removed within 24 hours, attachments and your account record within 30 days, and backups expire within about 35 days. If you delete by mistake, email dpo@mindwiki.io within 7 days and we can often roll it back.

The exact timeline and what is retained are documented on the Account & Data Deletion page.

Depending on where you live, you have rights to access, correct, delete, port, and restrict the use of your personal information, to object to certain processing, and to withdraw consent. Many of these are self-serve in the app (export, delete, AI toggles, sign out of all devices). For anything that isn't, email dpo@mindwiki.io.

We acknowledge requests within 5 business days and respond substantively within 30 days (extendable to 60 for complex requests). You can appeal a decision at appeals@mindwiki.io, and you always retain the right to complain to your data protection authority.

Step-by-step instructions are on Privacy Choices & Data Rights.

If you're in the European Economic Area, the United Kingdom, or Switzerland, or in California or another US state with a privacy law, you have additional rights and we make additional disclosures — including our "we don't sell or share for advertising" position, sensitive-data handling, and the supervisory authority you can contact.

These are detailed in the Regional Privacy Addendum.

MindWiki is operated from the United States, and our subprocessors are primarily US-based, so your data may be transferred to and processed in the US and other countries. Where required, we rely on the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms recognized in other jurisdictions. We can provide a Data Processing Addendum incorporating these — email dpo@mindwiki.io.

MindWiki is not directed to children. You must be at least 16 years old to use it (18 in some countries, including Brazil and India). We do not knowingly collect personal information from anyone under the applicable minimum age. A parent or guardian can request deletion of a minor's account at dpo@mindwiki.io.

See Minor Safety & Age Eligibility for the full policy and child-safety reporting channels.

We protect your data with encryption in transit (HTTPS/TLS), per-user isolation so no account can reach another's content through any endpoint, hashed passwords, hashed API keys (a leaked key can be revoked but never recovered), revocable per-device sync tokens, scoped OAuth for MCP, and server-side enforcement of paid features. Backups are encrypted.

More detail, and our coordinated vulnerability-disclosure commitment, is on the Security page. Report a vulnerability to security@mindwiki.io.

We'll give at least 30 days' notice by email before any material change takes effect. Minor changes — typo fixes, clarifications, new contact addresses — take effect when posted. The "Updated" date at the top always reflects the current version, and continued use after a change means you accept it.

Privacy questions and data-rights requests: dpo@mindwiki.io. General support: support@mindwiki.io. Security: security@mindwiki.io. Abuse: abuse@mindwiki.io. A postal address for formal legal correspondence is available on request.

See also our Terms of Service and the full Legal & Trust Center.