Privacy Policy

Last update: November 10, 2025

This Privacy Policy explains how Gasim Gasimzada ("we", "us", or "our") collects, uses, and processes your personal data when you use our mobile application ("our App") or our website at https://mindbrew.app ("our Website"), collectively referred to as "our Services".

By using our Services, you agree to the terms of this Policy.

Where certain processing activities apply only to one platform (either our App or our Website), this will be clearly indicated in the relevant section.

Table of Contents

Data Controller and Contact Information

Data Controller: Gasim Gasimzada
Email: dev@gasimzada.net
Address:
Box C5585
Keurenplein 41
1069CD Amsterdam
Netherlands

Types of Data Collected

We collect different types of personal data depending on how you interact with our Services.

Full details about each category of personal data are provided in the section "Third-Party Services and Data Processing Details" or in notices displayed before data collection. Personal data may be provided directly by you or collected automatically when you use our Services.

Unless stated otherwise, the data we request is necessary to provide the relevant functionality. If you choose not to provide certain information, some features may not work as intended.
When specific data is optional, you can choose not to share it without affecting core functionality.

Our Services and third-party providers may use cookies or similar tracking technologies to operate essential features:

  • our Website: We use only essential cookies by default. If we enable web analytics in the future, they will run with your consent via our cookie banner, which you can withdraw at any time.
  • our App: We do not use cookies or third-party analytics. If we enable analytics in the future, we will update this Privacy Policy to describe the provider, data collected, and purpose before data collection begins.

You are responsible for any personal data of third parties that you share through our Services.

Where and How We Process Personal Data

Methods of processing

We take appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. Our measures include encryption in transit and at rest, role-based access controls, least-privilege permissions, audit logging, and periodic security reviews.

Access to personal data is restricted to those who need it to operate or maintain our Services.

We may engage third-party service providers (data processors) under written contracts that require them to handle data securely and only according to our instructions.

Place

Personal data is primarily processed within the European Union (EU) and European Economic Area (EEA). Limited service metadata (such as request IDs, timestamps, or logs) may be processed outside the EEA for reliability, support, or global delivery. When processing takes place outside the EU/EEA, we apply appropriate safeguards — including the European Commission's Standard Contractual Clauses or reliance on an adequacy decision — to protect your information.

Retention time

We retain personal data only for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on the type of data and purpose of processing. Once data is no longer needed, it is securely deleted or anonymized.

Some of our service providers may retain certain data in accordance with their own legal or operational requirements. Details about their data retention practices can be found in their respective privacy policies linked in the "Third-Party Services and Data Processing Details" section.

Third-Party Services and Data Processing Details

The services listed below may process personal data for the purposes described. The exact data collected and configuration depend on how each service is integrated into our App or our Website.

We process personal data to operate and improve our Services, meet legal obligations, protect our rights, prevent misuse or fraud, and fulfill the purposes set out below.

The following third-party services process personal data for the purposes described above:

Vercel Hosting Platform

  • Legal entity: Vercel Inc.
  • Category: Hosting and Infrastructure
  • Purpose: Host and serve the Website, manage deployment, and ensure operational performance and availability.
  • Processed data: IP addresses, browser and device information, request metadata, usage logs
  • Legal basis: contract performance
  • Role: processor
  • Place of processing: EU and United States (global CDN and edge servers depending on user location)
  • Safeguards: Standard Contractual Clauses (SCCs) or other lawful international transfer mechanisms ensuring adequate protection of personal data.
  • Privacy policy: https://vercel.com/legal/privacy-policy

Google Firebase Authentication

  • Legal entity: Google Ireland Limited
  • Category: Authentication
  • Purpose: Enable user authentication and session management (including anonymous sign-in).
  • Processed data: anonymous identifiers, device identifiers, IP address, usage data
  • Legal basis: contract performance
  • Role: processor
  • Place of processing: United States
  • Safeguards: Standard Contractual Clauses (SCCs) or other lawful international transfer mechanisms ensuring adequate protection of personal data.
  • Privacy policy: https://firebase.google.com/support/privacy

Google Firebase Cloud Functions

  • Legal entity: Google Ireland Limited
  • Category: Infrastructure
  • Purpose: Execute backend logic and provide core app functionality in the EU region.
  • Processed data: request payload data, user identifiers (if applicable), usage metadata
  • Legal basis: contract performance
  • Role: processor
  • Place of processing: EU
  • Safeguards: Standard Contractual Clauses (SCCs) or other lawful international transfer mechanisms ensuring adequate protection of personal data.
  • Privacy policy: https://firebase.google.com/support/privacy

Google Firebase Firestore

  • Legal entity: Google Ireland Limited
  • Category: Database
  • Purpose: Store and retrieve app data in real time using EU servers.
  • Processed data: app data submitted by users, usage metadata, timestamps, device identifiers
  • Legal basis: contract performance
  • Role: processor
  • Place of processing: EU
  • Safeguards: Standard Contractual Clauses (SCCs) or other lawful international transfer mechanisms ensuring adequate protection of personal data.
  • Privacy policy: https://firebase.google.com/support/privacy

Google Cloud AI (Gemini)

  • Legal entity: Google Ireland Limited
  • Category: AI Processing
  • Purpose: Generate AI-powered responses and features. Prompts and outputs are not used to train models unless explicitly opted in; processing is limited to delivering requested features.
  • Processed data: text or content submitted by users for AI processing, metadata (request IDs, timestamps)
  • Legal basis: contract performance
  • Role: processor
  • Place of processing: EU
  • Safeguards: Standard Contractual Clauses (SCCs) or other lawful international transfer mechanisms ensuring adequate protection of personal data.
  • Privacy policy: https://policies.google.com/privacy

Sentry Error Monitoring

  • Legal entity: Functional Software, Inc.
  • Category: Error Monitoring
  • Purpose: Monitor app errors, crashes, and performance issues. Data processed exclusively in the EU (Frankfurt) for diagnostics, not for marketing or advertising.
  • Processed data: device identifiers, crash logs, stack traces, IP address (masked), error metadata
  • Legal basis: legitimate interest
  • Role: processor
  • Place of processing: EU
  • Safeguards: Standard Contractual Clauses (SCCs) or other lawful international transfer mechanisms ensuring adequate protection of personal data.
  • Privacy policy: https://sentry.io/privacy/

RevenueCat In-App Payments

  • Legal entity: RevenueCat, Inc.
  • Category: Payments
  • Purpose: Manage in-app purchases and subscriptions.
  • Processed data: purchase history, product identifiers, transaction receipts, subscription metadata
  • Legal basis: contract performance
  • Role: processor
  • Place of processing: United States
  • Safeguards: Standard Contractual Clauses (SCCs) or other lawful international transfer mechanisms ensuring adequate protection of personal data.
  • Privacy policy: https://www.revenuecat.com/privacy

Apple App Store and Payments

  • Legal entity: Apple Distribution International Ltd.
  • Category: App Distribution and Payments
  • Purpose: Process payments, manage subscriptions, and distribute the app through the App Store.
  • Processed data: purchase history, Apple ID, transaction identifiers, device identifiers
  • Legal basis: contract performance, legal obligation
  • Role: independent controller
  • Place of processing: EU (for EU users) and United States (for global processing)
  • Safeguards: Standard Contractual Clauses (SCCs) or other lawful international transfer mechanisms ensuring adequate protection of personal data.
  • Privacy policy: https://www.apple.com/legal/privacy/

We process personal data only when we have a valid legal basis to do so under applicable law. Depending on the context, this may include:

  • Consent – when you have given us clear permission to process your data (for example, optional analytics).
  • Contract performance – when processing is necessary to provide our Services or fulfill our agreement with you.
  • Legal obligation – when we must process data to comply with applicable laws or regulatory requirements.
  • Legitimate interests – when processing is necessary for our legitimate business purposes (such as ensuring security, preventing misuse, or improving our Services), provided these interests do not override your rights.

You can contact us if you'd like clarification about which legal basis applies to a particular processing activity.

Children's Privacy

Our Services are intended for use only by individuals aged 16 and older. By using our Services, you confirm that you meet this age requirement.

If you are under 16, you must have the consent and supervision of a parent or legal guardian before our Services or providing any personal information.

We do not knowingly collect personal data from anyone under 13 years of age.

Privacy Rights for Residents of EU and Switzerland

If you are located in the European Union (EU), the European Economic Area (EEA), or Switzerland, you have specific rights under applicable data-protection laws, including the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP).

You may exercise the following rights with respect to your personal data, to the extent permitted by law:

  • Withdraw your consent at any time where processing is based on consent.
  • Access your personal data and obtain a copy of it.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your personal data ("right to be forgotten").
  • Restrict processing of your data under certain circumstances.
  • Object to processing of your personal data, particularly where processing is based on legitimate interests.
  • Data portability — receive your data in a structured, commonly used, and machine-readable format and request its transfer to another controller.
  • Lodge a complaint with your competent data-protection authority.

If you are in Switzerland, we apply equivalent protections under the Swiss Federal Act on Data Protection (nFADP). We do not process sensitive personal data as defined under the nFADP (including data relating to criminal or administrative proceedings, sanctions, or social-security measures).

You can exercise these rights at any time by contacting us using the details provided in this document.

Privacy Rights for Residents of United States

Residents of California

Under California Civil Code Sections 1798.83 – 1798.84 and the California Consumer Privacy Act (CCPA/CPRA), California residents may contact us to request information about the disclosure of personal data to third parties for their direct marketing purposes.

We do not sell or share personal data as those terms are defined under the CCPA/CPRA. To submit a request, please contact us using the details in the Contact section of this Privacy Policy.

Residents of other U.S. states

Several U.S. states — including Virginia, Colorado, Connecticut, Utah, and others — have enacted consumer privacy laws that provide similar rights to their residents.
If you live in one of these states, you may have rights to access, correct, delete, or obtain a copy of your personal data, and to opt out of its sale or use for targeted advertising.

We do not sell personal data and we do not process personal data for targeted advertising (cross-context behavioral advertising).
If this changes, we will provide the required opt-out mechanisms.

We will verify and respond to your request in accordance with the applicable law of your state of residence. If we deny your request, you may appeal by contacting us again with "Appeal" in the subject. We will provide a written decision explaining our reasons and how to contact your state attorney general if you disagree.

Additional Information

Your personal data may be used for legal purposes by us in Court or in the stages leading to possible legal action arising from improper use of our Services or the related services. You declare to be aware that we may be required to reveal personal data upon request of public authorities.

System logs and maintenance

For operational and security purposes, we and our service providers may collect technical logs and diagnostic data (such as IP addresses, request metadata, and error reports). This information is used only to maintain and secure our Services.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we do, we will update the "Last updated" date at the top of this page.

Significant changes may also be communicated within our App or by email, where required by law.

Your continued use of our Services after the effective date of the revised Policy constitutes acceptance of the changes.

Personal data (or data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person (in other words, you).

Usage data

Usage data is information automatically collected through our Services or third-party services, including your IP address, browser type, operating system, time and method of requests, response status, visit duration, page sequence, and device-specific details.

Service

The services we provide through our App and our Website.

Use of our App is governed by Apple's Licensed Application End User License Agreement, available at https://www.apple.com/legal/internet-services/itunes/dev/stdeula/.

Controller

The person or organization that determines the purposes and means of processing personal data.

Processor

A third party that processes personal data on behalf of the controller.

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookies are trackers consisting of small sets of data stored in your browser.

Tracker

Tracker indicates any technology - e.g. cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of you, for example by accessing or storing information on your device.

This privacy statement has been prepared based on provisions of multiple legislations. This privacy policy relates solely to our Services, if not stated otherwise within this document.