MindWell · Legal
Privacy Policy
Effective date: April 22, 2026 | Version 1.0 | Applies to MindWell web and app
Contents
1. Who We Are
MindWell is a product of Provenance LLC, a consulting and product development practice based in the United States. References to “we,” “us,” or “MindWell” in this policy refer to Provenance LLC operating MindWell.
Contact: ryan@withprovenance.org
2. What We Collect
Account information
MindWell requires sign-in with Google. When you authenticate, we receive your name, email address, and Google profile photo from Google. We do not receive or store your Google password.
Reading data
Everything you add to MindWell, including books, articles, podcasts, reading progress, quotes, notes, tags, and folders, is stored in your account and associated with your email address.
Payment information
If you subscribe to a paid tier, payment is processed by Shopify. MindWell does not receive or store your credit card number, bank account details, or any other financial information. We receive confirmation that a payment was made and which tier you subscribed to.
Usage data
We collect basic usage data to understand how the app is being used: for example, which features are used most often. This data is aggregated and not tied to your individual identity where possible.
What we do not collect
- –The content of the books, articles, or podcasts you track (only the metadata you enter)
- –Your location
- –Device identifiers or advertising IDs
- –Any information beyond what you explicitly provide
3. How We Use Your Information
| Information | How we use it |
|---|---|
| Name and email | To identify your account, send transactional emails (e.g. subscription confirmations), and respond to support requests |
| Reading data | To provide the app — storing and displaying your library, notes, quotes, and search results |
| Payment confirmation | To activate and manage your subscription tier |
| Usage data | To improve the app and understand which features are working well |
We do not use your reading data for advertising, do not sell it to third parties, and do not use it to build profiles for purposes unrelated to running MindWell.
4. Third-Party Services
MindWell uses the following third-party services. Each has its own privacy policy governing how it handles data.
| Service | Purpose | Data involved |
|---|---|---|
| Google OAuth | Sign-in authentication | Name, email, profile photo |
| Supabase | Database and storage | All user-generated app data (reading lists, notes, quotes) |
| Shopify | Payment processing for paid tiers | Payment information (not shared with MindWell) |
A note on Supabase: Your reading data, including books, notes, and quotes, is stored in a Supabase-hosted database. Supabase is a US-based company and stores data in data centers that may be located in the United States or the European Union depending on configuration. Data stored in Supabase is encrypted at rest and in transit.
We do not use advertising networks, data brokers, analytics vendors that track users across the web, or any services not listed above.
5. Students and Minors
MindWell is designed in part for student use, including use in educational settings. We take our responsibilities around student and minor data seriously.
Users under 13 (COPPA)
MindWell is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has created a MindWell account, please contact us at ryan@withprovenance.org and we will delete the account and associated data promptly.
Schools deploying MindWell: If your institution is deploying MindWell to students under 13, please contact us before doing so. School-tier deployments for younger students require a separate data processing agreement to ensure compliance with COPPA and applicable state laws.
Users aged 13 to 17
Users between 13 and 17 may use MindWell. We apply the same data practices to all users regardless of age. We do not serve advertising to any users, including minors. We do not sell or share any user data with third parties for commercial purposes.
Educational institutions (FERPA)
Where MindWell is deployed by an educational institution in the United States, student education records are subject to the Family Educational Rights and Privacy Act (FERPA). In these contexts, MindWell acts as a school official under FERPA and handles student data only for the educational purpose for which it was shared. We do not use student data for any other purpose.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, we delete your personal information and reading data within 30 days, except where we are required to retain it for legal or compliance purposes (for example, records of payments for tax purposes, which are retained for 7 years).
You can delete individual items, including books, notes, and quotes, at any time from within the app. Deletion is permanent.
7. Security
We take reasonable technical and organizational measures to protect your data. These include:
- –Encryption of data in transit (HTTPS/TLS) and at rest (Supabase encryption)
- –Authentication via Google OAuth — MindWell does not store passwords
- –Access controls limiting who on the MindWell team can access user data
- –Regular review of third-party services for security compliance
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at ryan@withprovenance.org.
8. International Users
MindWell is operated from the United States. If you are accessing MindWell from outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate.
European users (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws. Our legal basis for processing your data is:
- –Contract: Processing necessary to provide the MindWell service you signed up for
- –Legitimate interests: Improving the app and ensuring security
- –Consent: Where you have explicitly provided consent
You may exercise your GDPR rights by contacting us at ryan@withprovenance.org. We will respond within 30 days.
California users (CCPA)
California residents have the right to know what personal information we collect, request deletion of their personal information, and opt out of the sale of their personal information. MindWell does not sell personal information. To exercise your rights, contact us at ryan@withprovenance.org.
9. Your Rights
Regardless of where you are located, you have the right to:
- –Access the personal information MindWell holds about you
- –Request correction of inaccurate information
- –Request deletion of your account and associated data
- –Export your data (available from within the app)
- –Withdraw consent where processing is based on consent
To exercise any of these rights, contact ryan@withprovenance.org. We will respond within 30 days. We will never charge a fee for exercising your rights.
10. Changes to This Policy
We may update this privacy policy as the app evolves or as legal requirements change. When we make material changes, we will notify you by email (to the address associated with your account) and update the effective date at the top of this page. Continued use of MindWell after a policy update constitutes acceptance of the updated policy.
Previous versions of this policy are available upon request.
11. Contact
Questions about this policy, requests to exercise your rights, or concerns about how MindWell handles your data can be directed to:
Ryan Vasquez
Provenance LLC
ryan@withprovenance.org
withprovenance.org
We will respond to all privacy-related inquiries within 30 days.