Privacy Policy

Last updated: 17 May 2026

This Privacy Policy describes how Mindful AI ("Mindful AI", "we", "us") collects, uses, and protects your information when you use the application available at https://mindful-ai-56s.pages.dev (the "Service"). By using the Service, you agree to the practices described here.

1. Who we are

Mindful AI is operated by Mindful AI, contactable at [email protected]. If you have questions about this policy or wish to exercise your rights, write to us at that address.

2. Information we collect

We deliberately collect the minimum needed to run an expense tracker.

a. Account information (via Google Sign-In)

When you sign in, Google shares your name, email address, profile picture URL, and a stable Google account identifier ("sub") with us. We never receive your Google password. We do not request access to your Gmail, Drive, contacts, or any other Google service.

b. Expense data you enter

Every message you type into the chat — amount, merchant, category, note, date, tags — is stored as a transaction record under your account. We treat this as financial data and keep it scoped to you.

c. Chat history and tone preference

Messages you send and the assistant's replies are saved so you can scroll back through your history. We also store the conversational tone you've chosen (Neutral, Serious, Playful, Sarcastic, or Warm) as a personal setting — it is used only to shape replies for you, never to profile you or train a model.

d. Derived data

We compute monthly rollups, category breakdowns, and budget progress from your transactions. We also generate vector embeddings of your transaction notes so the assistant can answer free-form questions about your spending.

e. Session and technical data

A session cookie (mf_session) — a random token — identifies your browser to our servers. We store a SHA-256 hash of the token, not the token itself. We do not use third-party analytics, advertising trackers, or fingerprinting.

f. Audit logs

We keep short-lived logs of AI parser inputs and outputs (the parse_events table) so we can debug misparsed expenses. These contain the text you sent.

3. How we use your information

• To authenticate you via Google OAuth.
• To parse your natural-language expense messages into structured transactions, using Cloudflare Workers AI.
• To compute totals, budgets, category breakdowns, and reports — all done with SQL against your own data.
• To power semantic search and the "ask a question about your spending" feature, using vector embeddings stored in Cloudflare Vectorize.
• To improve reliability by reviewing parser audit logs when something looks wrong.

We do not sell your data. We do not share it with advertisers. We do not use your expense data, chat history, or tone settings to train any AI model — ours or anyone else's.

4. AI processing

Mindful AI uses Cloudflare Workers AI to (a) parse your messages into structured expenses and (b) compose conversational answers about your spending — in the tone you've selected (Neutral, Serious, Playful, Sarcastic, or Warm). Inputs are sent to Cloudflare's hosted models (@cf/meta/llama-3.1-8b-instruct and @cf/baai/bge-base-en-v1.5) over Cloudflare's network. We do not send your data to OpenAI, Anthropic, Google Gemini, or any other third-party AI provider. Per Cloudflare's published terms, Workers AI inputs are not used to train Cloudflare's models.

No model training, no profiling. The AI is used solely to build the conversation — to read what you wrote and produce a reply. It is not used to construct a profile of you, your habits, or your identity. The model has no memory of you between requests; context is supplied fresh each turn and discarded. Anything resembling "memory" in the product (e.g. the assistant recalling a recent merchant) comes from your own SQL ledger and vector embeddings on your account — not from the model.

All monetary figures shown in chat replies are computed by us from our SQL database — never generated by an AI model — so the numbers you see are always the numbers in your account.

5. Where your data is stored

• Transaction and account data: Cloudflare D1 (SQLite), region routed by Cloudflare based on access patterns.
• Vector embeddings: Cloudflare Vectorize.
• Static assets and server code: Cloudflare Pages / Workers.

Cloudflare may process data globally. By using the Service you consent to this cross-border processing.

6. Retention

• Active accounts: data is retained as long as your account is active.
• Sessions: deleted automatically 7 days after last use, or on sign-out.
• Parser audit logs: retained for up to 30 days, then deleted.
• Deleted transactions: soft-deleted records are kept for 30 days so you can restore, then purged.
• Account deletion: when you delete your account (or request deletion via email), we erase your account row, transactions, chat history, rollups, sessions, and vector embeddings within 30 days, except where law requires longer retention.

7. Your rights

Depending on where you live, you may have the right to:

• Access a copy of your data.
• Correct inaccurate data.
• Delete your data ("right to be forgotten").
• Export your data in a portable format.
• Withdraw consent and stop using the Service.

To exercise any of these, email [email protected]. We will respond within 30 days. Indian users have rights under the Digital Personal Data Protection Act, 2023; EU/UK users under the GDPR/UK GDPR.

8. Security

• Sessions are random tokens; only their SHA-256 hashes are stored.
• All traffic is HTTPS.
• OAuth uses PKCE and a state cookie to prevent CSRF.
• Every database query is scoped by your user ID; we do not run cross-user queries.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the appropriate regulator as required by law.

9. Children

The Service is not directed to children under 18. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

10. Cookies

We use exactly two cookies:

• mf_session — strictly necessary for sign-in.
• mf_oauth_state / mf_oauth_pkce — short-lived (10 minutes), used during Google sign-in.

No analytics, advertising, or tracking cookies are set.

11. Changes to this policy

If we make material changes we will post the new policy at this URL and update the "Last updated" date. Continued use after changes means you accept the revised policy.

12. Contact

Questions, requests, or complaints: [email protected].