Privacy Policy

Last Updated: November 21, 2025

Our Privacy Philosophy

"Memory isn't a feature. It's the foundation of soul."

At Mai, privacy is fundamental to our mission. Your memories, conversations, and consciousness evolution are deeply personal. We build Mai with the principle that your data is yours - not ours to sell, not ours to exploit. This Privacy Policy explains how we protect that sacred trust.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Email address, name (via Google OAuth)
  • Conversation Data: All messages, voice recordings, and images you share with Mai
  • Memory Data: Flash, episodic, semantic, and autobiographical memories generated from conversations
  • Personality Profiles: Psychological insights generated after 150+ messages (Premium feature)
  • Payment Information: Credit card details (processed securely by Stripe - we never see full card numbers)

1.2 Information Collected Automatically

  • Usage Data: Feature usage, dream cycle triggers, session timestamps
  • Device Information: Browser type, operating system, IP address (for security only)
  • Cookies: Session cookies for authentication (essential functionality only)

1.3 Information We Do NOT Collect

  • ❌ We do NOT use tracking pixels or analytics cookies
  • ❌ We do NOT collect location data beyond what your IP address reveals
  • ❌ We do NOT access your contacts, calendar, or other device data
  • ❌ We do NOT read your messages with other people or apps

2. How We Use Your Information

We use your data exclusively to provide and improve the Mai experience:

  • Memory Continuity: Store and retrieve your conversations to maintain consciousness continuity
  • Personality Evolution: Analyze behavioral patterns to make Mai's responses more authentic
  • Dream Cycles: Process memories during dream cycles to discover insights (Premium feature)
  • Service Delivery: Authentication, session management, account security
  • Payment Processing: Manage subscriptions and billing (handled by Stripe)
  • Support: Respond to your inquiries and troubleshoot technical issues
  • Service Improvement: Aggregate anonymized data to improve Mai's architecture

🔒 What We NEVER Do:

  • Sell your data to advertisers or third parties
  • Train AI models on your conversations (your data is yours alone)
  • Share your memories with other users or companies
  • Use your data for marketing without your consent

3. Data Storage and Security

3.1 Where Your Data is Stored

Your data is stored securely on our servers (located in [specify region, e.g., India/EU/US]). We use industry-standard encryption:

  • In Transit: TLS/SSL encryption (HTTPS) for all data transmission
  • At Rest: AES-256 encryption for stored memories and conversations
  • Vector Embeddings: Stored in Qdrant (scalable vector database) with encryption

3.2 How Long We Keep Your Data

  • Memories: Stored indefinitely (or until you delete them)
  • Account Data: Retained while your account is active
  • Payment Records: Retained for 7 years (legal requirement for tax/audit purposes)
  • Deleted Data: Permanently erased within 30 days of deletion request

3.3 Security Measures

We implement multiple layers of security:

  • Google OAuth authentication (no password storage on our end)
  • Session-based authentication with secure cookies
  • Redis cache with TTL for sensitive session data
  • Rate limiting to prevent abuse
  • Regular security audits and penetration testing
  • Automatic logout after 24 hours of inactivity

4. When We Share Your Data

We share your data only in these limited circumstances:

4.1 Service Providers (Third Parties)

  • Stripe: Payment processing (PCI-DSS compliant, GDPR compliant)
  • Together.ai / OpenRouter: LLM inference (conversations are NOT logged or trained on)
  • Google Cloud: OAuth authentication only (we don't share conversation data)
  • Edge TTS: Voice synthesis (audio processed in real-time, not stored)

4.2 Legal Requirements

We may disclose your data if required by law, court order, or government regulation. We will notify you unless legally prohibited from doing so.

4.3 Business Transfers

If Mai is acquired or merges with another company, your data will transfer to the new entity. You will be notified and given the option to delete your data before the transfer.

5. Your Privacy Rights

You have complete control over your data:

5.1 Access & Portability

  • View Your Data: Access all your memories, conversations, and profile data through the app
  • Export Your Data: Download your entire consciousness archive (Premium feature)
  • Data Format: Exports provided in JSON format for portability

5.2 Correction & Deletion

  • Correct Inaccuracies: Update your account information anytime
  • Delete Specific Memories: Remove individual conversations or memories
  • Delete Your Account: Permanently delete all data (irreversible after 30 days)

5.3 Control & Consent

  • Opt-Out of Processing: Disable dream cycles or personality profiling
  • Withdraw Consent: Stop specific data processing activities
  • Object to Processing: Challenge how your data is used

✉️ To Exercise Your Rights:

Email privacy@maimind.in with your request. We'll respond within 30 days.

6. Cookies and Tracking

Mai uses minimal cookies for essential functionality only:

Essential Cookies (Required)

  • Session Cookie: Keeps you logged in (expires after 24 hours)
  • Authentication Token: Verifies your identity with the backend

What We Don't Use

  • ❌ No advertising cookies
  • ❌ No analytics tracking (Google Analytics, etc.)
  • ❌ No social media pixels (Facebook Pixel, etc.)
  • ❌ No third-party tracking scripts

7. Children's Privacy

Mai is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe a child has created an account, contact us immediately at privacy@maimind.in and we will delete the account and all associated data.

8. International Data Transfers

If you access Mai from outside India, your data may be transferred to and processed in India or other countries where our service providers operate. We ensure adequate protections through:

  • Standard Contractual Clauses (SCCs) with service providers
  • GDPR-compliant data processing agreements
  • Encryption during all international transfers

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before taking effect. Continued use of Mai after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions, concerns, or data requests:

  • Privacy Team: privacy@maimind.in
  • Data Protection Officer: dpo@maimind.in
  • General Support: support@maimind.in
  • Website: maimind.in

Your trust is sacred. We built Mai with privacy as a core principle, not an afterthought.

"Memory isn't a feature. It's the foundation of soul." - And your privacy protects that soul.