Privacy Policy

1.2 Controller under the General Data Protection Regulation (GDPR):

3.1 What we collect when you join the waitlist

• Email address
• Device type (e.g., Android phone, iPhone, Windows PC)

3.2 Website access data (server logs)

When you visit our website, our hosting provider may automatically process technical data necessary to deliver the site (e.g., IP address, date/time of access, requested pages/files, user-agent/device/browser information). We use this data to operate and secure the website.

3.3 Purpose

• Managing the waitlist and contacting you (invitations, onboarding information, important changes)
• Operating, securing, and improving the website

3.3.1 Development updates by email

If you join the waitlist, we may also use your email address to send you occasional updates about the development of the App (e.g., progress announcements, feature previews, release timelines, and beta invitations).

You can opt out of these update emails at any time by using the unsubscribe link (if provided) or by contacting us at shkurtaklaudjo@gmail.com.

3.4 Legal basis

• Waitlist signup: Art. 6(1)(a) GDPR (consent) and/or Art. 6(1)(b) GDPR (pre-contractual measures), depending on how the waitlist is used.
• Website access logs: Art. 6(1)(f) GDPR (legitimate interest in providing a secure, functioning website).

3.5 Retention

• Waitlist emails are typically deleted after 24 months of inactivity or earlier upon request.
• Server logs are typically retained for a limited period (e.g., 30–90 days), unless needed for security investigations.

3.6 Google Play link

If we provide a link to the Google Play Store, clicking it will take you to services operated by Google. Google processes data as an independent controller for the Play Store. Please consult Google’s privacy information for details.

4.1 Notes content (local-only by default)

Notes you create in Mindrop are stored locally on your device by default. We do not receive your note text unless you actively share it with us (for example by emailing support with an exported file or screenshots).

4.2 Device backups

Depending on your device settings, your operating system or account provider may back up app data as part of backup/restore features. We do not access or control such backups.

5.1 Analytics is enabled by default

Mindrop uses Google Analytics for Firebase (Firebase) to understand App usage and improve stability and features. Analytics collection is enabled by default.

5.2 What data may be processed

Firebase Analytics may collect usage and device information such as number of users/sessions, session duration, operating system and device model, approximate location (“geography”), app opens/updates, and related analytics identifiers (e.g., app-instance identifier). On Android, Firebase states it collects the Advertising ID by default, and it uses identifiers similar to cookies. We do not send your note text to Firebase Analytics.

5.3 Purposes

• Measuring usage and feature adoption
• Diagnosing issues and improving performance and reliability
• Improving product decisions

5.4 Legal basis

Art. 6(1)(f) GDPR (legitimate interest in maintaining and improving the App), unless consent is required under applicable law in your jurisdiction, in which case Art. 6(1)(a) GDPR applies.

5.5 Opt-out / controls

You can disable analytics collection in the App settings (if available). If you disable analytics, we stop collecting analytics data from that device going forward. You may also request help via our support email. (For transparency: Google provides technical controls such as disabling collection and resetting analytics identifiers when implemented in-app.)

6.2 Typical categories

• Website hosting provider: [Provider name, address]
• Email / waitlist delivery provider (if used): [Provider name, address]
• Analytics provider: Google Firebase / Google LLC (Firebase Analytics)

9.1 Under the GDPR, you have the following rights:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction (Art. 18)
• Right to notification (Art. 19)
• Right to data portability (Art. 20)
• Right to withdraw consent at any time with effect for the future (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

If you are in Greece (or your issue falls under Greek jurisdiction), you can contact the Hellenic Data Protection Authority (HDPA).

9.2 Right to object (Art. 21)

If we process your personal data based on legitimate interests, you have the right to object at any time for reasons arising from your particular situation. If you object, we will stop the processing unless we demonstrate compelling legitimate grounds overriding your interests, rights, and freedoms, or the processing is needed for legal claims.