MindMePlay is provided by MINDMEPLAY LTD, a company registered in England and Wales, registered office 51 King's Square, Taunton TA1 3FN, United Kingdom ("we", "us", "our"). For UK data protection law, we are the data controller, and for India's Digital Personal Data Protection Act we are the Data Fiduciary, for the personal data described in this policy.
ICO registration number: ZC187700
For any privacy question, request, or complaint, contact us at [email protected].
How an account is created depends on age:
We do not allow under-18s to register their own accounts. If we learn that a young person has created an account without a parent or guardian, we will remove it.
MindMePlay is built local-first. Your journal entries, ratings, game plans, progress, streaks and practice history are stored on your device only, they are not sent to us, and we cannot see them. There is one exception: an adult member may choose to switch on cloud backup (a membership benefit from August/September 2026), which backs up that adult's own profile to our servers. Children's and teenagers' activity data is never backed up to our servers, even within a family membership.
When an adult account is created, we ask for a date of birth only to confirm the person is 18 or over. We use it for that check and then discard it; we store only the result of the check (adult confirmed) and a timestamp.
This data stays on the device, except for an adult's own profile if they switch on cloud backup (see section 7).
Guest mode: anyone can open MindMePlay and try structured session tools, mood and focus ratings, session type selectors, breathing exercises, and audio sessions, without creating an account. The free text journal field is not available in guest mode; it requires a signed-in account. No account is created and no journaling or profile data is collected in guest mode. When the app starts, our subscription and analytics providers receive only limited technical data (an anonymous identifier and IP address) that is not linked to any person or profile.
We use Google Analytics 4 (GA4) on this website (mindmeplay.com) to understand how visitors use the site, for example, which pages are most visited. GA4 is configured in basic measurement mode only. Analytics cookies are not set until you give consent via the banner shown on your first visit to the site. If you decline, no analytics cookies are set and GA4 does not load. Website analytics are never linked to your app account and never include any journal content. For full details of the cookies we use, see our Cookie Policy.
If you sign up to our waitlist or marketing list, we collect your email address. We use it to send you launch notifications and product updates. The lawful basis is your explicit consent, given via an un-pre-ticked opt-in at signup confirmed by a double opt-in email. You can unsubscribe at any time using the link in any email we send. We use MailerLite to manage our mailing list.
If you buy a Founding Membership, the payment is processed by Apple (App Store) or Google (Google Play), depending on your device. They hold your payment details; we never see your card details. We use RevenueCat to manage subscriptions and confirm membership status: RevenueCat receives a purchase identifier and subscriber identifier linked to your account, the status of your subscription (for example, active or expired), and standard device and platform metadata. RevenueCat does not receive your card details and is never given any journal content. We receive a confirmation of the purchase so we can activate membership on your account.
We do not collect precise location. We never see your card details. We do not use crash-reporting SDKs that share data with third parties, and we do not use advertising trackers. We do not access contacts, photos, or the microphone for journaling. Audio guidance is pre-recorded and bundled with the app — using it does not send any data to a voice provider.
| Purpose | Examples |
|---|---|
| Provide the app | Create and manage accounts and profiles; save journal entries and progress (on your device). |
| Provide membership you bought | Activate and manage your Founding Membership. |
| Optional cloud backup (adults, from August/September 2026) | Back up an adult member's own profile data, with their explicit consent (section 7). |
| Personalise the experience | Show age-appropriate content and adjust guidance to the player's profile. |
| Improve the app | Understand which features help players, using aggregated product analytics. |
| Keep accounts secure | Authenticate sign-in and protect parental settings. |
| Communicate with you | Respond to support and privacy requests. |
| Website analytics | Understand how visitors use mindmeplay.com, using GA4 in basic mode with your consent. |
| Marketing communications | Send launch notifications and product updates to mailing list subscribers, with their consent. |
We take the privacy of young athletes seriously and aim to follow the UK Age-Appropriate Design Code (Children's Code), India's Digital Personal Data Protection Act, the EU GDPR, and the US Children's Online Privacy Protection Act (COPPA).
If you are a parent or guardian with any concern about your child's data, contact us at [email protected].
Adult members can choose to back up their own profile's activity data, journal entries (including free text), ratings, streaks and practice history, to our servers, so it survives a change of device. Because a personal journal can reveal information about your wellbeing, we treat this as sensitive and switch it on only with your explicit consent, asked separately when you turn backup on, naming exactly what will be stored. You can withdraw at any time in settings: backup stops, and you can ask us to delete the server copy. Backed-up data is encrypted in transit and at rest. Children's and teenagers' profiles are excluded from cloud backup.
We do not sell personal data. We share data only with service providers that help us run the app, under agreements that require them to protect it:
We may disclose data if required by law, or to protect users' safety.
Personal data in our own database is stored in the United Kingdom (Supabase, AWS London eu-west-2 region); analytics and mailing list data are hosted in the European Union (PostHog and MailerLite). Some service providers that support payments, subscriptions, and website analytics (Apple, Google, RevenueCat, and Google Analytics) may process limited account, subscription, or analytics data outside the European Union, under appropriate contractual safeguards including Standard Contractual Clauses and the UK International Data Transfer Addendum. If you use MindMePlay from India or elsewhere, your account data in our database is stored in the UK under appropriate safeguards. We do not transfer personal data to any country restricted under applicable law. On-device data stays on your device.
We keep personal data while an account is active. If an account or profile is deleted, we delete the associated personal data (residual copies in our database provider's routine backups expire within 7 days), except where we must keep limited information to meet legal obligations — for example, consent records are retained for six years after account closure as evidence of lawful processing. You can ask us to delete data at any time.
Depending on where you live, you may have the right to: access the data we hold about you or your child; correct it; delete it; object to or restrict certain processing; withdraw consent at any time (as easily as you gave it); request a portable copy; and, in India, nominate someone to exercise your rights if you are unable to.
To exercise any right, email [email protected]. For children's data, requests can be made by the managing parent or guardian. We aim to respond within one month (UK) and to resolve grievances within 90 days (India). UK users may also complain to the Information Commissioner's Office (ico.org.uk); India users may complain to the Data Protection Board of India (section 14).
We use appropriate technical and organisational measures to protect personal data, including encrypted connections (TLS in transit, AES-256 at rest), secure authentication with multi-factor authentication on all service accounts, and access controls. No system can be guaranteed completely secure, but if a breach affects your personal data we will inform you, and the relevant authority, as the law requires.
We may update this policy as the app develops. When we make a significant change, we will update the date at the top and, where appropriate, notify users in the app; material changes affecting a child's data will be notified to the consenting parent.
For users in India, MINDMEPLAY LTD is the Data Fiduciary under the Digital Personal Data Protection Act 2023 and the DPDP Rules. The data and purposes are itemised in sections 3 to 4; your rights are in section 11. Grievance contact: [email protected] (Grievance Officer: the Founder, MINDMEPLAY LTD) we resolve grievances within 90 days. You may also complain to the Data Protection Board of India, whose complaint channel we will publish as it is operationalised. You can withdraw consent at any time via the app or by email. We obtain verifiable parental consent before processing any child's data, and we do not undertake behavioural monitoring of, or targeted advertising to, children. This notice is provided in English; contact us if you need help accessing it in another language.
MINDMEPLAY LTD · 51 King's Square, Taunton TA1 3FN, United Kingdom · [email protected]
Cookie Policy: mindmeplay.com/cookies