Privacy Policy for MindVault

Last updated: May 2026

1. Introduction

MindVault ("the App") is developed and published by Amir Twil-Cohen ("we", "us", or "our"). This Privacy Policy explains how the App collects, uses, and protects your information.

2. Data We Collect

MindVault collects the following information to provide its core functionality:

• Email address — used to create and authenticate your account.
• Encrypted note content — your notes and categories are encrypted on-device before being synced to our cloud database. We cannot read the contents of your notes.
• Encryption key material — a wrapped version of your encryption key is stored in the cloud so you can access your notes across sessions. Your master password is never stored or transmitted.
• Note embeddings for AI search — when you use the AI-powered search feature, encrypted vector embeddings of your note content are generated and stored to enable semantic search. These embeddings are processed by Google's Gemini API.

3. End-to-End Encryption

MindVault uses AES-256-GCM encryption with keys derived via PBKDF2 from your master password. Your notes are encrypted on your device before being uploaded. Neither we nor Supabase (our cloud provider) can read your note contents.

4. How We Use Your Data

• Your email address is used solely for account authentication.
• Encrypted note data is synced to the cloud so you can access it on your device and restore it if the app is reinstalled.
• AI search embeddings are used only to power the in-app semantic search feature.
• We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

5. Third-Party Services

MindVault relies on the following third-party services:

Supabase

Supabase provides our authentication and database infrastructure. Your email address and encrypted data are stored on Supabase servers. See Supabase's Privacy Policy for details.

Google Gemini API

When AI search is used, note text is sent to Google's Gemini API to generate semantic embeddings. This is done over an encrypted connection via a server-side function (Supabase Edge Function) — note content is not sent directly from your device to Google. See Google's Privacy Policy for details.

6. Permissions Used

Biometric Authentication

Used to unlock the App using your device's fingerprint or face recognition. Biometric data is processed entirely on-device by Android's biometric system and is never transmitted to us.

Internet Access

Required to sync notes with the cloud, authenticate your account, and use the AI search feature.

Microphone / Audio Recording

MindVault may request access to your device's microphone to convert speech to text when composing notes. Audio is processed on-device and is never recorded, stored, or transmitted to us or any third party.

Home Screen Widget

MindVault provides an optional Android home screen widget that displays a recent or pinned note. Note content shown in the widget is read from the local on-device cache and is not transmitted separately.

7. Local Data Storage

In addition to cloud sync, MindVault maintains a local encrypted cache of your notes using an on-device database. This allows the App to function offline. Local data is tied to your device and is removed when the App is uninstalled.

8. Data Retention and Deletion

Your cloud data (account, encrypted notes) is retained as long as your account exists. You may contact us at the email below to request deletion of your account and all associated data.

9. Children's Privacy

MindVault is not directed toward children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. Data Security

We take reasonable technical measures to protect your data, including end-to-end encryption of note content, HTTPS for all network communication, and row-level security policies on our database. Because your notes are encrypted before leaving your device, a breach of our cloud infrastructure would not expose your note contents.

11. Changes to This Policy

We may update this Privacy Policy if the App's functionality changes. Any updates will be reflected by modifying the "Last updated" date at the top of this document.

12. Contact Information

If you have any questions about this Privacy Policy, you may contact:

Email: amirtwilc@gmail.com