Application: Mind Echo: Self Discovery
Effective Date: March 12, 2026
Last Updated: April 12, 2026
1. Introduction
Mind Echo: Self Discovery ("app", "we", "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect when you use the app, how we use it, and how we protect it. This policy complies with the General Data Protection Regulation (GDPR) (EU/EEA users), Turkey's Personal Data Protection Law (KVKK), and applicable App Store requirements.
2. Data We Collect
2.1 Account and Identity Information
Depending on your chosen sign-in method, the following data is collected:
- Email address: User / Google / Apple (For authentication)
- Display name / username: User input (For personalization)
- Profile photo URL: Google / Apple (For profile display – optional)
- Unique user ID (UID): Firebase Auth (For data isolation)
Data belonging to guest (anonymous) usage is stored solely on the device and is never sent to the cloud.
2.2 App-Generated Data
Our app utilizes a local-first architecture to maximize your privacy. Your data is separated based on its storage location:
Analytical Data Stored in the Cloud Database (Firestore):
- Last login time
- Login platform (Google / Apple / Email)
- User name and email address (at login)
- Last seen time (when the app moves to the background)
- Premium status and subscription type
- The category and timestamp of the first answer of each session (the question and answer content are STRICTLY NOT sent to the cloud)
Sensitive Data Stored ONLY on Your Device (Locally):
- Psychological Assessment Data: 42 yes/no responses given across 5 categories (Career, Relationships, Vision, Mind, Wealth), response timestamps, cycle and session progress counters
- AI Analysis Results: AI-generated psychological analysis texts (700–900 words) based on your responses, shadow portrait, category score calculations, and weekly score history
- Coaching Session Data: Goal text entered by the user, AI-generated greeting, situation analysis, deep questions, weekly goals, and action steps, along with session timestamps
- Other App Data: Daily mood entries, intention / goal records, cosmic sleep session counters, and daily insight cache entries
2.3 Device and Preference Data
Stored locally on your device:
- Notification preferences (daily, session, explore reminders)
- App language preference (Turkish / English / German)
- Sound and haptics preferences
- Dark / light theme preference
- Onboarding completion flag
2.4 Notification and Calendar Data
- Firebase Cloud Messaging (FCM) token: Stored to send push notifications
- Apple Reminders integration (iOS only): Reminders created by the app are written directly to the native Apple Reminders app via EventKit. This data is not stored on Mind Echo's servers. EventKit permission is explicitly requested from the user.
2.5 Match (Pairing) Feature Data
The Match feature is fully optional and is reserved for users who are 18 years of age or older. It is not a dating, romance, or social networking service. It exists solely to enable personal-development conversations between users with similar psychological profiles. You may use the rest of the app without ever opting in.
If — and only if — you provide explicit consent on the Match onboarding screen, the following data is processed in Cloud Firestore:
- Display name (you may choose anonymous mode)
- Anonymity preference flag
- Avatar selection
- Gender (used for compatibility filtering only)
- Your five category analysis scores (Career, Relationships, Vision, Mind, Wealth) — used solely for compatibility calculation; raw answers and AI text are never shared
- Match request status (sent / received / accepted / rejected)
- Identifiers of users you have blocked or dismissed
- Number of reports received against your profile (for moderation)
- Timestamp of your Match consent (kept as an audit log so we can prove your consent if needed)
You can leave the Match feature at any time from Settings → Match → Leave Matching, which hides your profile and stops further matching.
2.6 Match Chat Messages
When you start a conversation with one of your matches, the following data is processed:
- Message text (stored as plain text in Cloud Firestore — end-to-end encryption is not applied)
- Sender user ID and server timestamp
- Conversation creation date
- Auto-deletion (TTL) timestamp — set to 24 hours after the message is sent
All chat messages are automatically and permanently deleted 24 hours after they are sent, using a Firestore TTL policy. Mind Echo does not back up, archive, or read chat content other than for moderation purposes when it is reported.
Important: Mind Echo is not responsible for the content of the messages exchanged between users. You should never share telephone numbers, home or work addresses, or financial details inside chat. If you encounter inappropriate behaviour, please use the Block and Report buttons inside the chat menu, and contact your local authorities in serious cases (threats, blackmail, harassment, etc.).
2.7 Report (Moderation) Data
When you report another user from inside a chat, the following data is processed for moderation purposes:
- Reporter and reported user IDs
- The reason you selected
- Up to the last 10 messages of the relevant conversation as evidence (so a moderator can see the context)
- Report timestamp and status (pending / reviewed / actioned)
Report evidence is kept until the moderation process is completed, and in any case no longer than 90 days, after which it is automatically deleted.
3. Third-Party Services and Data Sharing
3.1 Google Firebase (Authentication, Database, Functions, Messaging)
- Firebase Authentication: Used for email/password, Google, and Apple sign-in
- Cloud Firestore: Stores account analytics, login records, premium status, Match profile data, and Match chat messages
- Firebase Cloud Functions: Used to securely route AI requests, calculate matches, and send push notifications. Our primary functions run in the europe-west1 (Belgium) region. Some Cloud Messaging-related triggers may operate from Google's default infrastructure regions.
- Firebase Cloud Messaging: FCM tokens are transmitted for push notifications
Privacy Policy: https://policies.google.com/privacy
3.2 Google Sign-In
Data sent to Google during sign-in: OAuth authorization token, email address, full name.
Privacy Policy: https://policies.google.com/privacy
3.3 Apple Sign-In
Data sent to Apple during sign-in: identity token, email (subject to user's privacy settings), name.
Privacy Policy: https://www.apple.com/legal/privacy
3.4 RevenueCat (Subscription Management)
Mind Echo uses RevenueCat to manage in-app subscriptions. Data shared with RevenueCat:
- Firebase UID (user identifier)
- Display name and email address
- Purchase history and subscription status
RevenueCat is only activated for authenticated (non-anonymous) users. RevenueCat is operated by RevenueCat, Inc. (United States).
Privacy Policy: https://www.revenuecat.com/privacy
3.5 Google Gemini AI (Artificial Intelligence Analysis)
The app uses the Google Gemini API to generate psychological analyses and coaching content. Due to our security standards:
- No Direct Connection: The app does not connect directly to Gemini. All calls are routed through a Firebase Cloud Function.
- Authorization: Firebase Auth token validation is performed on the server side for every request. Unauthenticated users cannot use the system.
- Data Privacy: API keys are not included in the app code and are securely stored in Google Cloud Secret Manager.
- Sent Data: Structured prompts include sub-category trend scores, previous analysis summaries, test responses (in yes/no format), and the user's display name. Server-side prompt length validation is enforced to prevent misuse.
Important: Data sent to the Gemini API is subject to Google's AI safety and usage policies. Data is not permanently retained by Google; the API returns a response and the interaction is complete.
Privacy Policy: https://policies.google.com/privacy
3.6 Google Fonts
The app uses open-source typefaces (Montserrat and Outfit) which may be loaded from Google's font CDN at runtime. When this happens, your IP address is transmitted to Google. No additional personal data is sent.
Privacy Policy: https://policies.google.com/privacy
4. How We Use Your Data
We use the collected data for the following purposes:
- Personalized experience: To provide content and recommendations based on your psychological profile (processed only on your device)
- AI analysis: To securely process your test responses to generate insight reports
- Progress tracking: To show streaks, scores, and category-level development
- Notifications: To send reminders for sessions and goals
- Subscription management: To verify payment status for premium features
- Match feature (only with explicit consent): To find users with similar psychological profiles, deliver match suggestions, run a 24-hour auto-deleting chat, and enforce community rules through blocking, reporting, and moderation
We do not sell your data to third parties, do not use it for advertising purposes, and do not share it in non-anonymized forms beyond what is described here.
5. Data Retention
Data Type | Retention Period and Location
-------------------------------------------------+----------------------------------------------------------
Account and analytical data | Until account deletion (Cloud)
Test responses | Until app or account deletion (Local Device Only)
Analysis results | Until app or account deletion (Local Device Only)
Coaching sessions | Until app or account deletion (Local Device Only)
Match profile (matchProfiles) | Until you opt out of Match or delete your account (Cloud)
Match requests (matchRequests) | Until account deletion (Cloud)
Chat messages | 24 hours after sending, then automatically deleted (Cloud)
Report evidence | Until moderation is complete, max 90 days (Cloud)
Notification tokens (FCM) | While device is active (Cloud)
Apple Reminders | Managed by the user (In Apple Reminders app)
Cache data | Until app cache is cleared (Local Device)
Data belonging to guest users exists only on the device and is completely deleted when the app is uninstalled. Since your sensitive data (responses and analyses) is stored locally on your device, uninstalling the app without backing up via the device's operating system will result in data loss.
6. Data Security
- Analytical data stored in Firestore is located in collections specific to your user UID; other users cannot access it
- Match profile and chat collections are protected by Firestore Security Rules so that only the participants of a conversation can read its messages
- Sensitive API keys have been removed from the app code and secured with Google Cloud Secret Manager. All AI processes are conducted through a secure server (Cloud Functions) bridge
- Firebase Auth uses industry-standard encryption protocols. Passwords are never stored in plaintext
- The app uses secure connections over SSL/TLS for all communications
- Chat messages are subject to a 24-hour Firestore TTL policy that permanently deletes them after expiry
7. International Data Transfers
Mind Echo is operated from Turkey but uses globally distributed services. Your data may be processed in the United States, the European Union, and other countries where our service providers operate (Google LLC, Apple Inc., RevenueCat Inc.).
These transfers are carried out under the safeguards offered by these providers, including the European Commission's Standard Contractual Clauses (SCCs) and equivalent legal mechanisms. By using the app, and where applicable by giving explicit consent on the relevant screens, you acknowledge these international transfers.
8. Your Rights Under GDPR
Users in the EU/EEA have the following rights under GDPR:
- Right to be informed: Learn whether your personal data is being processed
- Right of access: Request a copy of the data processed about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): Request deletion of all your data (use the in-app "Delete Account" feature)
- Right to restriction: Request that processing be limited under certain conditions
- Right to data portability: Request your data in a portable format
- Right to object: Object to the processing of your personal data
- Right not to be subject to a decision based solely on automated processing (including profiling) — see Section 12 below
- Right to lodge a complaint: File a complaint with your EU member state's data protection supervisory authority
Legal bases for processing: performance of a contract (account and subscription services), legitimate interest (analysis and personalization), consent (Match feature, AI analysis, notifications, and other optional features).
9. Your Rights Under KVKK (Turkish Users)
Under Turkey's Personal Data Protection Law (KVKK No. 6698):
- Right to information: Learn whether your personal data is being processed
- Right of access: Request information about your processed data
- Right to rectification: Request correction of incomplete or inaccurate data
- Right to deletion: Request deletion of your personal data where applicable
- Right to object to automated decisions: Object to results based solely on automated processing
- Right to compensation: Demand compensation for damages caused by unlawful processing
To exercise these rights, please contact: berkayatik123@gmail.com
10. Children's Privacy and Age Limits
- Mind Echo is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13.
- The Match (pairing) feature is available exclusively to users who are 18 years of age or older. Before activating the feature you must affirm that you are over 18 on a dedicated consent screen. False declarations are the sole responsibility of the user.
If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11. Account and Data Deletion
When you initiate the process using the Settings → Delete Account option within the app:
- All your analytical data and records are deleted from the cloud database (Firestore), including users, matchProfiles, matchRequests, conversations, and chat messages where you are a participant
- All sensitive data stored locally on your device (test responses, analyses, coaching sessions) is permanently cleared
- Your Firebase Auth account is closed
- Your RevenueCat subscription session is terminated
The deletion process is permanent and cannot be reversed.
12. Automated Decision-Making and Profiling
Match suggestions and AI analyses are generated by automated processes. They are intended as informational and self-development content only and are not binding decisions. You can ignore, refuse, or block any suggestion at any time.
If you would like a Match suggestion or an AI analysis to be reviewed manually, you can contact us at berkayatik123@gmail.com and we will respond within thirty (30) days.
13. Policy Updates
We may update this policy from time to time. When significant changes are made, you will be notified within the app. You can review the current policy at any time by contacting the developer or by visiting Settings → Legal → Privacy Policy inside the app.
14. Contact
For privacy-related questions or requests:
Developer: Berkay Atik
Email: mindecho@mindnullstudio.com
Application: Mind Echo: AI Analysis & Match