Privacy Choices & Data Rights

Depending on where you live, you have some combination of the following rights with respect to the personal data MindWiki holds about you. The Regional Privacy Addendum describes which rights apply in which jurisdictions (GDPR, UK GDPR, CCPA/CPRA and other US state laws, LGPD, PIPEDA, Australian Privacy Principles, PIPA Korea, and more).

• Access — see what data we hold about you.
• Portability / export — receive a copy of your data in a structured, commonly used, machine-readable format.
• Correction / rectification — fix inaccurate or incomplete data.
• Deletion / erasure — have your account and data deleted, subject to legally-required retention.
• Restriction — pause our processing of your data in some categories.
• Objection — object to processing based on legitimate-interests grounds, including objection to direct marketing.
• Withdraw consent — turn off any feature you previously consented to (notifications, marketing email, optional AI features) at any time without affecting the lawfulness of prior processing.
• Non-discrimination— we won't degrade your service for exercising a right.
• Lodge a complaint — with your local data-protection authority. See the Regional Privacy Addendum for the relevant authority in your region.

Access — see what we hold

1. iOS— Settings → Privacy & Data → Export my data. We assemble a complete archive within 30 days.
2. macOS— Preferences → Account → Export data.
3. MindWiki Cloud— Account → Data → Export vault.
4. Email — dpo@mindwiki.io if you need an itemized summary that goes beyond the vault export (for example, an inventory of metadata, billing history, support correspondence).

Export / portability

Vault exports are delivered as a .zip of every markdown page (with frontmatter intact), attachments in their original formats, and anindex.json describing folder structure and timestamps. You can import the archive into any other tool that reads plain markdown.

Correction

Most personal data we hold is data you put in yourself — edit it directly in the app. For data we hold that you can't edit (account email, billing history, subscription state, support correspondence), email dpo@mindwiki.io with the field and the correct value.

Deletion

Delete your account from inside the app:

• iOS— Settings → Privacy & Data → Delete account.
• macOS— Preferences → Account → Delete account.
• MindWiki Cloud— Account → Danger Zone → Delete account.

Deletion removes the vault and account from live storage within 30 days. Backups age out on the schedule in the Privacy Policy. We may retain a minimal record of the account (account ID, deletion timestamp, reason) where required by law or to defend against fraud / abuse. Full detail in Account & Data Deletion.

Restriction

To restrict processing in a specific category, email dpo@mindwiki.io describing the category. Examples we can honor:

• Pause all AI processing of your vault content.
• Pause analytics and crash reporting from your apps (also available via the "Send anonymized diagnostics" switch in iOS Settings).
• Pause our use of your data for service improvement (where applicable).

Objection

You may object at any time to processing we conduct on the basis of legitimate interests. For direct marketing, the right to object is absolute — every marketing email contains an unsubscribe link, and Settings → Notifications → Marketing emails toggles the same channel off.

Withdraw consent

Anywhere we asked for consent, you can withdraw it:

• Notification permission— iOS Settings app → MindWiki → Notifications.
• Microphone permission— iOS Settings app → MindWiki → Microphone. Disabling this disables Voice Capture and Live Conversation.
• Photo / Camera permission— iOS Settings app → MindWiki.
• Marketing emails— Settings → Notifications → Marketing emails, or the unsubscribe link in any marketing email.
• Optional AI features— Settings → MindWiki AI on iOS / macOS, or the corresponding toggle on MindWiki Cloud.
• Apple Sign-in— manage in iOS Settings → Apple ID → Password & Security → Apps Using Apple ID.

Withdrawing consent does not affect the lawfulness of processing we performed before the withdrawal.

Non-discrimination

We will not deny service, change pricing, or degrade quality because you exercised a privacy right. The only exception is where exercising the right necessarily reduces the service we can provide (for example, fully deleting your account closes your access).

For requests submitted through the apps (export, delete, etc.) we rely on the in-app session, which is already authenticated. For requests sent via email, we verify by:

• Confirming the request comes from the email address associated with the account.
• For sensitive requests (full export, deletion of an account whose email has changed), asking you to log in via the apps and confirm the request in-session.
• For requests made by an authorized agent on someone else's behalf, requiring proof of authorization (a signed power of attorney or comparable documentation) plus verification of the underlying account holder's identity.

We don't require more information than necessary to verify. If we can't verify, we may have to deny the request — with an explanation and the ability to retry.

• Initial acknowledgement within 5 business days.
• Substantive responsewithin 30 days of a verified request, with one optional extension of up to 60 days for complex requests (you'll be told if we need it).
• Local law may set tighter or looser deadlines. We follow the most user-favorable applicable deadline.

If we deny a privacy request and you believe we got it wrong, you can appeal to appeals@mindwiki.io within 30 days. We respond within 10 business days. You retain the right to lodge a complaint with your local data-protection authority regardless of the outcome.

• Privacy Policy — full description of what we collect and why.
• Regional Privacy Addendum — rights by jurisdiction.
• Account & Data Deletion — what deletion actually does and the timeline.
• AI Processing Policy — what happens when AI features process your data.
• Subprocessors — every third party that processes data on our behalf.