The Flint App is committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy explains in detail what data we collect, how we use it, how we protect it, and your rights regarding your personal information. By using The Flint App, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy.

1. Introduction and Scope

The Flint App ("we," "us," or "our") operates a mental strength and journaling application designed to help users reflect on their thoughts, track their emotional well-being, and receive personalized AI-generated insights. This Privacy Policy applies to all users of The Flint App, regardless of how you access or use our services, whether through mobile applications, web interfaces, or any other means.

We recognize that mental health and personal reflection data is among the most sensitive information you can share. Therefore, we have implemented comprehensive privacy protections and security measures to ensure your data remains private, secure, and under your control at all times.

This Privacy Policy is designed to be transparent and comprehensive, providing you with a clear understanding of our data practices. We encourage you to read this policy carefully and contact us if you have any questions or concerns about how we handle your personal information.

2. Information We Collect

2.1 Account Information

When you create an account with The Flint App, we collect your email address, which serves as your unique identifier and primary means of communication. Your email address is used for account authentication, password recovery, important service notifications, and customer support communications. We also collect your name (optional) and a securely hashed version of your password for account security.

2.2 Profile Information

You may choose to provide additional personal context to enhance your experience with The Flint App. This optional information may include your age, occupation, relationship status, faith or spiritual beliefs, and other demographic information that helps our AI provide more relevant and personalized responses. You may also set goals, identify challenges you're working on, specify your preferred AI tone, and provide information about your physical activities. All profile information is entirely optional, and you can modify or remove this information at any time through your account settings.

2.3 Journal Entries and Content

The core functionality of The Flint App revolves around your journal entries, which may include written text, voice recordings that are transcribed to text, mood selections, emotional state indicators, and timestamps. We collect and store this information to provide you with personalized AI responses, track your emotional patterns over time, and help you reflect on your mental and emotional journey.

All journal entries are encrypted end-to-end using AES-256-GCM encryption. This means that your journal content is encrypted before being stored in our database, and only you have access to read your personal content. The encryption ensures that not even our team members or system administrators can view your journal entries.

2.4 Voice Data and Transcription

When you choose to use voice input for your journal entries, we temporarily process your voice recordings through OpenAI's Whisper API to convert speech to text. The original voice recordings are never stored on our servers or retained after transcription. Only the resulting text transcript is saved as part of your journal entry, subject to the same end-to-end encryption as written entries.

2.5 Usage Data and Analytics

We collect basic usage data to improve our service and understand how users interact with The Flint App. This includes information such as when you submit journal entries, which features you use most frequently, session duration, and general app performance metrics. This data is collected in an anonymized format and cannot be linked back to your specific journal content or personal identity.

2.6 Device and Technical Information

To ensure optimal performance and security, we may collect technical information about your device, including device type, operating system version, app version, and basic technical identifiers necessary for app functionality. This information is used solely for technical support, security monitoring, and service improvement purposes.

3. How We Use Your Data

3.1 Primary Service Delivery

Your personal information is used primarily to deliver the core functionality of The Flint App. This includes processing your journal entries to generate personalized AI responses, providing insights based on your emotional patterns and personal context, helping you track your mindset and emotional well-being over time, and customizing the app experience to match your preferences and needs.

We use your profile information to contextualize AI responses, making them more relevant to your specific life circumstances, challenges, and goals. For example, if you indicate that you are a student, our AI may provide responses that acknowledge academic pressures and offer relevant coping strategies.

3.2 Service Improvement and Development

We use aggregated, anonymized usage data to improve The Flint App's functionality, develop new features, identify and fix technical issues, and understand user needs and preferences. This data is processed in a way that cannot be traced back to individual users or their specific journal content.

3.3 Communication and Support

We use your email address to send important service notifications, respond to your support requests, provide updates about significant changes to our service or policies, and send welcome emails when you create an account. We may also send password reset emails when requested.

Marketing Communications: With your consent, we may also use your email address to send you marketing communications about new features, mental health tips, motivational content, and other relevant information that may interest you. You can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by updating your preferences in your account settings.

3.4 Legal and Safety Obligations

In rare circumstances, we may use or disclose your information to comply with legal obligations, protect the safety and security of our users, prevent fraud or abuse of our service, or respond to valid legal requests from law enforcement or government agencies. Any such disclosure would be limited to the minimum information necessary and would be conducted in accordance with applicable privacy laws.

4. AI Processing and Third-Party Services

4.1 AI Response Generation

The Flint App uses Claude, an AI model developed by Anthropic, to generate personalized responses to your journal entries. When you submit a journal entry, your content is temporarily decrypted and sent to Anthropic's secure servers for processing. The AI analyzes your entry along with relevant context from your profile to generate a thoughtful, personalized response.

Importantly, Anthropic does not store, retain, or use your personal data for any purpose beyond generating your specific response. Your journal content is processed temporarily and securely, then immediately discarded from Anthropic's systems once your response is delivered. Anthropic does not use your data to train their AI models or for any other commercial purposes.

4.2 Voice Transcription

When you use voice input, your speech is processed through OpenAI's Whisper API to convert audio to text. This processing happens in real-time, and the original audio recording is never stored or retained by either The Flint App or OpenAI. Only the resulting text transcript is saved as part of your journal entry.

OpenAI's Whisper API is designed with privacy in mind and does not retain audio data after transcription is complete. The transcription process is conducted over secure, encrypted connections to protect your voice data during processing.

4.3 Email Communications

We use Resend as our email service provider to send important communications such as welcome emails, password reset emails, and service notifications. Resend processes your email address and name solely for the purpose of delivering these communications. We maintain data processing agreements with Resend that strictly limit how your data can be used and require compliance with applicable privacy laws.

4.4 Data Security in Third-Party Processing

All data transmitted to third-party services is encrypted in transit using industry-standard TLS encryption. We have carefully selected our service partners based on their commitment to privacy and security, and we maintain data processing agreements that strictly limit how your data can be used and require immediate deletion after processing.

We regularly review and audit our third-party relationships to ensure they continue to meet our high standards for privacy and security. If we ever change service providers or add new third-party services, we will update this Privacy Policy and notify users of any significant changes.

5. Data Storage and Compliance

5.1 Database Infrastructure

Your data is stored using Neon, a fully managed PostgreSQL database provider that maintains comprehensive security features. Neon provides enterprise-grade security including encryption at rest, encrypted backups, network isolation, and comprehensive access controls. All data is stored in secure data centers with physical security measures, redundant systems, and regular security audits.

5.2 Encryption and Security Measures

All personal data is encrypted both in transit and at rest. Your journal entries receive additional end-to-end encryption using AES-256-GCM, ensuring that only you can decrypt and read your personal content. We implement multiple layers of security including secure authentication protocols, row-level security policies, regular security assessments, and strict access controls that limit data access to authorized personnel only.

5.3 Data Retention

We retain your personal data only as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Journal entries and profile information are retained until you choose to delete them or close your account. When you delete specific journal entries or your entire account, the data is immediately removed from our active systems and marked for permanent deletion from our backups within 30 days.

6. Your Rights and Control Over Your Data

6.1 Access and Portability Rights

You have the right to access all personal data we hold about you. You can request a complete copy of your data, including all journal entries, profile information, and usage history, in a commonly used format. You can access most of your data directly through The Flint App interface, including viewing, editing, and deleting individual journal entries, updating your profile information, and reviewing your account settings and preferences.

6.2 Correction and Update Rights

You have the right to correct or update any inaccurate or incomplete personal information. You can modify your profile information, email address, and preferences at any time through your account settings. If you believe any of your data is inaccurate or incomplete, you can contact us for assistance in making corrections.

6.3 Deletion Rights

You have comprehensive deletion rights over your personal data. You can delete individual journal entries at any time through the app interface, remove specific profile information while keeping your account active, delete your entire account and all associated data, or request removal of specific records or data categories.

When you delete data, it is immediately removed from our active systems and marked for permanent deletion from all backups and archives within 30 days. We may retain minimal, anonymized usage statistics for service improvement, but this data cannot be linked back to your identity or personal content.

6.4 Data Processing Control

You have the right to object to certain types of data processing, including marketing communications (which you can opt out of at any time using the unsubscribe link in emails or through your account settings), non-essential analytics and usage tracking, and automated decision-making processes. You can also request that we restrict processing of your data in certain circumstances.

6.5 Exercising Your Rights

To exercise any of these rights, contact us at theflintmind@mentalbillionaire.com. We will respond to your request within 30 days and may ask for verification of your identity to protect your privacy. There is no charge for most requests, though we may charge a reasonable fee for excessive or repetitive requests.

7. Third-Party Services and Integrations

7.1 AI Processing Partners

Anthropic (Claude): We use Anthropic's Claude AI model to generate personalized responses to your journal entries. Anthropic processes your journal content temporarily and securely to provide AI-generated insights and responses. Your data is not stored, retained, or used by Anthropic for any purpose beyond generating your specific response. Anthropic maintains strict data protection standards and does not use customer data to train their models.

OpenAI (Whisper API): For voice transcription functionality, we use OpenAI's Whisper API to convert speech to text. Voice recordings are processed in real-time and are not stored or retained by either The Flint App or OpenAI. Only the resulting text transcript is saved as part of your journal entry, subject to our standard encryption and privacy protections.

7.2 Infrastructure and Database Services

Neon Database: Your data is stored using Neon's fully managed PostgreSQL database service, which provides comprehensive security features and compliance standards. Neon maintains comprehensive security certifications and implements row-level security policies to ensure your data is protected and isolated from other users.

Resend: We use Resend for email communications including welcome emails, password reset emails, and service notifications. Resend processes your email address and name solely for the purpose of delivering these communications and does not use your data for any other purposes.

7.3 Third-Party Service Commitments

All third-party services we use are carefully selected based on their commitment to privacy and security. We maintain data processing agreements with each service provider that strictly limit how your data can be used, require immediate deletion of data after processing, prohibit use of your data for training or commercial purposes, and mandate compliance with applicable privacy laws.

We regularly audit our third-party relationships and will notify users of any significant changes to our service providers or their privacy practices.

8. International Data Transfers and Regional Compliance

8.1 Data Transfer Safeguards

When your data is processed by our third-party service providers, it may be transferred internationally. All such transfers are protected by appropriate safeguards, including standard contractual clauses approved by relevant data protection authorities, adequacy decisions where applicable, and additional technical and organizational measures to ensure data protection.

8.2 Regional Privacy Law Compliance

European Union (GDPR): We comply with the General Data Protection Regulation for all EU users, including providing clear legal bases for data processing, implementing privacy by design principles, enabling comprehensive user rights, and maintaining detailed processing records.

California (CCPA/CPRA): We comply with the California Consumer Privacy Act and California Privacy Rights Act, including providing transparency about data collection and use, enabling consumer rights to know, delete, and opt-out, and implementing non-discrimination policies for privacy rights exercise.

Other Jurisdictions: We monitor and comply with privacy laws in all jurisdictions where we operate, adapting our practices as necessary to meet local requirements while maintaining consistent global privacy standards.

9. Data Security and Incident Response

9.1 Security Measures

We implement comprehensive security measures to protect your personal data, including end-to-end encryption for journal entries, AES-256-GCM encryption for data at rest and in transit, secure authentication protocols, row-level security policies in our database, regular security audits and assessments, and strict access controls limiting data access to authorized personnel only.

9.2 Incident Response

In the unlikely event of a data security incident, we have established procedures to quickly identify and contain the incident, assess the scope and impact on user data, notify affected users within 72 hours when required by law, provide clear information about what happened and what we're doing about it, and implement additional safeguards to prevent similar incidents.

9.3 Employee Access and Training

Access to user data is strictly limited to authorized personnel who require access to perform their job functions. All employees with data access undergo comprehensive privacy and security training, sign confidentiality agreements, and are subject to background checks. We maintain detailed logs of all data access and regularly review access permissions.

10. Children's Privacy

The Flint App is designed for users aged 16 and older (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under this age. If we become aware that we have collected personal information from a child under the applicable age, we will take immediate steps to delete that information and terminate the account.

Parents or guardians who believe their child has provided personal information to The Flint App should contact us immediately at theflintmind@mentalbillionaire.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify users through the app, via email, or by posting a prominent notice on our website. The "Last updated" date at the top of this policy indicates when the most recent changes were made.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your privacy. Your continued use of The Flint App after any changes indicates your acceptance of the updated policy.

12. Contact Information and Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:

Email: theflintmind@mentalbillionaire.com

Response Time: We aim to respond to all privacy-related inquiries within 48 hours and will provide a complete response within 30 days.

Data Protection Officer: For users in jurisdictions that require a Data Protection Officer, privacy inquiries will be handled by our designated privacy team with appropriate expertise in data protection law.

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority. We are committed to working with regulators to resolve any privacy concerns in accordance with applicable law.

This Privacy Policy represents our commitment to protecting your privacy and maintaining the confidentiality of your personal information. We recognize that trust is earned through consistent action, and we are dedicated to maintaining the highest standards of privacy protection for all users of The Flint App.