Myndora

Privacy

This page explains, in plain English, what data Myndora collects and why. It is intended to match actual system behavior. If anything here conflicts with how the product works, the product behavior takes precedence and we will update this page.

Who is responsible for your data

Myndora is the data controller for the personal data described on this page. Myndora is operated from the Netherlands (EU).

What we store

We store only what we need to operate the product: your account, your saved results, and minimal operational data for subscriptions, support, analytics, and Ask Your Profile.

In our Myndora database

  • Account record: your user id, email, created date, and premium flag (users table).
  • Saved test results: your Big Five / 16 Types / Enneagram results linked to your user id (test_results table). For Big Five and 16 Types, we also store raw test answers inside the stored result payload so we can recompute scores consistently over time. Enneagram currently stores computed results only.
  • Subscription state: records that link your subscription to your user id (subscriptions table).
  • Support messages: messages you submit via the Help form (support_messages table).
  • Ask Your Profile operational logs: metadata for reliability and cost control (ask_your_profile_logs table). This stores only metadata such as user id, timestamps, model, latency, and error status — not your prompts, the AI’s responses, or conversation history.
  • Ask Your Profile daily usage: per-day usage count to enforce daily limits (ask_your_profile_daily_usage table).

Authentication (Supabase)

Authentication is handled by Supabase. Supabase stores your login identity (email) in its authentication system. Myndora stores a matching user record in the users table.

Payments (Stripe)

If you start a subscription, payments are processed by Stripe. Myndora stores a Stripe customer identifier in your user record to associate your subscription with your account and mirrors your premium state based on Stripe subscription events.

You can cancel anytime from Settings → Manage subscription.

Product analytics (PostHog)

Myndora uses PostHog to understand product usage and funnels (for example: page views, test start/finish, signup, upgrade, and feature usage). Analytics data is stored in PostHog, not in the Myndora database tables listed above. After you log in or sign up, analytics may be linked to your Myndora user id to connect anonymous usage with your account.

  • Typical analytics data: events you trigger in the app, timestamps, page URLs, referrer/UTM parameters, and basic device/browser information.

How we use data

  • To create and operate your account.
  • To compute and display your profile, history, and stability over time from saved results.
  • To enforce Premium access based on subscription state.
  • To respond to support requests you submit.
  • To run Ask Your Profile safely (rate limits and operational reliability) without storing your prompts or responses in logs.
  • To measure product funnels and improve the product using analytics (PostHog).

Sharing and processors

We use a small set of third-party processors to run the service:

  • Supabase for authentication and database infrastructure.
  • Stripe for subscription payments.
  • PostHog for product analytics.

We do not sell your personal data. We do not run ads based on your personality results. We do not share your personality results with third parties outside of these processors, and only to the extent needed to operate the service.

Cookies

  • Auth cookies: required to keep you logged in (Supabase session cookies).
  • Orientation cookie: short-lived cookie to allow access to the first test after completing the Start flow.
  • Analytics cookies: used by PostHog to measure usage and funnels.

Legal bases (EU / GDPR)

Myndora processes personal data under the following legal bases:

  • Contract performance: to provide the service you request (accounts, tests, saved results, subscriptions, and related features).
  • Legitimate interest: to operate, secure, debug, and improve the product (for example reliability logging, abuse prevention, and analytics).
  • Legal obligation: where required (for example certain payment or accounting records handled by our payment processor).

Data retention

We keep personal data only as long as needed for the purposes described above:

  • Account and saved results: kept until you delete your account. You can also delete individual saved measurements from your history page.
  • Support messages: kept as long as needed to resolve your request and maintain a support record.
  • Ask Your Profile operational logs and daily usage: kept only as long as needed for reliability and cost control.
  • Analytics (PostHog): retained according to our analytics configuration and only used for product measurement.

In some cases, we may retain limited records longer if required to comply with legal obligations or to resolve disputes.

Data storage and security

User data is stored in secure, managed cloud infrastructure (Supabase). Access to production data is restricted to authenticated users and the founder through strict access controls. All data is encrypted in transit (HTTPS/TLS) and encrypted at rest by the database provider.

What we do not do

  • We do not sell your personal data.
  • We do not run ads based on your personality results.
  • We do not share your test results publicly by default.
  • Ask Your Profile operational logs do not store your prompts, AI responses, or conversation history.

Your rights (EU / GDPR)

You have the right to request access to your data, deletion, and a copy/export of your data (data portability). You may also object to certain processing in some cases.

Some controls may be manual during the MVP phase. If you want to exercise any of these rights and the self-service controls are not available yet, contact us via the Help page and we will handle the request manually.

Your controls

You can access account controls in Settings. You can delete individual saved measurements from your history page. If a control is not available yet, you can request export or deletion via the Help page.

Contact

If you have questions or requests about privacy, use the Help page to contact support.

Plain-English disclaimer

This page is a plain-English product summary, not a legal contract.