Last updated: 1 May 2026
MindRep ("we", "us", "our") is a mental wellness app designed to help you build mental resilience. This policy explains what data we collect, how it is stored, who processes it on our behalf, and your rights under UK GDPR and the Data Protection Act 2018.
MindRep is operated as a sole-trader product by Arjun Myanger, United Kingdom. Contact: admyanger@outlook.com.
Account information (from Sign in with Apple):
Mental wellness content you create in the app:
Apple HealthKit data (only if you grant permission):
HealthKit data is read on-device. Derived signals (e.g. "user worked out today", "sleep score 72") are written to your account in our cloud database alongside your other entries to enable correlation insights across devices.
Subscription state:
Apple processes the actual purchase and payment. We never see your card details.
Data we do NOT collect:
Your account data is stored on Google Firebase (Cloud Firestore + Firebase Authentication), hosted in Google Cloud's europe-west2 (London) region. Each Firestore document is keyed by your Apple-issued user ID, so all data is linked to your identity.
The app keeps a local Firestore cache so it works offline. HealthKit raw data remains in Apple's HealthKit store on your device; only the derived signals listed above are written to our cloud database.
We rely on the following third parties to operate the service:
We do not sell or share your data with any other third party.
Mental health data is a "special category" of personal data under UK GDPR Article 9. We process it on the basis of your explicit consent, given when you sign up and accept this policy. You can withdraw that consent at any time by deleting your account in Settings, which permanently erases your data (see "Data Export and Deletion" below).
For contractual data — your account record and subscription state — the legal basis is performance of contract (UK GDPR Article 6(1)(b)).
We retain your data for as long as your account exists. When you delete your account, your Firestore data is removed via Firebase's automated delete-user-data extension, typically within minutes. Apple authentication records and StoreKit subscription history are retained by Apple under their own terms.
If you grant HealthKit permissions, MindRep reads workout, sleep, and activity data to compute correlations and insights (e.g. "you sleep better on workout days"). We never write to HealthKit without your knowledge, and we never share HealthKit-derived data with advertisers, data brokers, or analytics providers.
Subscription purchases are processed entirely by Apple through the App Store. Apple's privacy policy governs payment processing. We store only the resulting entitlement state (Pro or Free) and a one-way "trial used" flag in your account record so we don't repeatedly offer trials.
MindRep uses no third-party analytics SDK, no crash-reporting SDK, and serves no advertising. We do not track you across apps or websites. The Apple App Tracking Transparency framework therefore returns no tracking permission requests.
You can export your data from Settings → Export Data at any time. To delete your account and all associated data, go to Settings → Delete Account and reauthenticate with Apple. Within minutes your Firestore record tree is automatically deleted by the Firebase delete-user-data extension. Local device caches are wiped at sign-out, and uninstalling the app removes any remaining on-device cache.
Data in transit between the app and Firebase is encrypted with TLS. Data at rest in Cloud Firestore is encrypted by Google. Firestore security rules restrict every document so that only the authenticated owner can read or write it.
MindRep is not directed at children under 13. We do not knowingly collect data from children.
Your data is processed in the United Kingdom and the European Economic Area (Google Cloud europe-west2). Apple may process authentication and StoreKit data in the United States under standard contractual clauses; this is governed by Apple's privacy policy.
We may update this policy as the product evolves. Material changes will be surfaced inside the app. The "Last updated" date at the top reflects the most recent revision.
If you have questions about this privacy policy or want to exercise any of your rights, contact us at admyanger@outlook.com.