Privacy Policy

1. Introduction

Mind2Way Ltd., Centris Business Gateway, Level 4/W, TRIQ IS-SALIB TAL-IMRIEHEL ZONE 3, CBD 3020 Birkirkara, Malta (“Mind2Way”, “we”, “us”) takes the protection of your personal data very seriously. This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data by us as well as about your rights as a data subject.

This Privacy Policy applies to:

  • The use of our mobile application “Mind2Way” (iOS and Android)
  • The use of our website www.mind2way.com
  • All related services

2. Data Controller

Data Controller:

Mind2Way Ltd.
Centris Business Gateway, Level 4/W
TRIQ IS-SALIB TAL-IMRIEHEL ZONE 3
CBD 3020 Birkirkara
Malta

Contact:
Email: contact@mind2way.com
Website: www.mind2way.com

3. Data Protection Officer

If you have any questions about data protection, you can contact us at any time. Please use the contact details provided above.

4. Data Collected

4.1. Registration and Account Data

When registering and using our services, we collect the following data:

  • First and last name
  • Email address
  • Username
  • Password (stored encrypted)
  • Phone number (optional)
  • Date of birth
  • Gender
  • Language settings

4.2. Health and Fitness Data

To provide you with personalized recommendations, we collect:

  • Weight
  • Height
  • Activity level
  • Health goals
  • Program selection
  • Meal tracking data
  • Habit tracking data
  • Mood tracking data
  • Hunger analytics

4.3. Payment and Billing Data

For processing payments, we collect:

  • Billing address (street, city, postal code, country)
  • Payment information (processed by Stripe, not stored by us)
  • Subscription information
  • Payment history

4.4. Usage Data

We automatically collect certain information when you use our app and website:

  • Device information (device type, operating system, unique device ID)
  • IP address
  • Browser type and version
  • Access times and dates
  • App features used
  • Error logs
  • App version

4.5. Third-Party Authentication Data

If you sign in via Google or Facebook, we receive:

  • Google ID or Facebook ID
  • Email address (from Google/Facebook)
  • Profile picture (optional)

4.6. Content You Create

We store content you create in the app:

  • Meal entries
  • Notes
  • Habits
  • Profile pictures
  • Other user-generated content

5. Purpose of Data Processing

5.1. Provision of Services

  • Creating and managing your user account
  • Providing personalized programs and recommendations
  • Tracking your progress
  • Processing payments and subscriptions
  • Communicating with you regarding our services

5.2. Improvement of Our Services

  • Analyzing the use of our app
  • Identifying errors and performance issues
  • Developing new features
  • Personalizing the user experience

5.3. Legal Obligations

  • Fulfilling legal retention obligations
  • Responding to legal requests
  • Compliance with tax and accounting regulations

5.4. Marketing (only with your consent)

  • Sending newsletters and marketing emails
  • Personalized advertising (if applicable)

6. Legal Basis for Data Processing

We process your personal data based on the following legal bases under GDPR:

  • Art. 6 para. 1 lit. a GDPR (Consent): For marketing communications, non-essential cookies, and voluntary data
  • Art. 6 para. 1 lit. b GDPR (Contract Performance): For providing our services, processing payments, and fulfilling our contractual obligations
  • Art. 6 para. 1 lit. c GDPR (Legal Obligation): For fulfilling legal retention obligations
  • Art. 6 para. 1 lit. f GDPR (Legitimate Interest): For improving our services, security, fraud prevention, and technical functionality

Special Categories of Personal Data (Health Data):

Health and fitness data are processed based on your explicit consent (Art. 9 para. 2 lit. a GDPR), as this data is necessary for providing our personalized health and fitness services.

7. Data Sharing with Third Parties

7.1. Payment Service Provider

Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA)
We use Stripe for processing payments. Stripe receives your payment information directly and processes it according to its own privacy policy. We do not store credit card information.

Privacy Policy: https://stripe.com/privacy

7.2. Authentication Service Providers

Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
If you sign in via Google, Google processes your authentication data according to its privacy policy.

Privacy Policy: https://policies.google.com/privacy

Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
If you sign in via Facebook, Facebook processes your authentication data according to its privacy policy.

Privacy Policy: https://www.facebook.com/privacy/explanation

7.3. Hosting and Cloud Service Providers

We use cloud service providers for storing and processing your data. These providers act as data processors under Art. 28 GDPR and are contractually obligated to process your data according to our instructions and implement appropriate security measures.

7.4. Analytics Service Providers

We may use analytics service providers such as Google Analytics to analyze the use of our website. These providers may set cookies and collect data about your usage. For more information, please see our Cookie Policy.

7.5. Disclosure for Legal Reasons

We may disclose your data if required by law or if we believe in good faith that such disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights or property
  • Prevent or investigate fraud or security issues
  • Protect the safety of our users

8. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), particularly in the USA. When we transfer data to such providers, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses of the European Commission
  • Adequate data protection guarantees
  • Certifications such as the EU-US Privacy Shield (where applicable)

9. Data Security

We implement technical and organizational measures to protect your data against unauthorized access, loss, destruction, or alteration:

  • Encryption: Data transmission occurs over encrypted connections (HTTPS/TLS)
  • Password Security: Passwords are stored encrypted using BCrypt
  • Access Controls: Access to data is restricted to authorized personnel
  • Regular Security Audits: We conduct regular security audits
  • Backup Systems: Regular backups of your data
  • Firewall and Security Software: Protection against cyber attacks

Please note, however, that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

10. Data Retention Periods

We store your personal data only for as long as necessary for the purposes stated in this Privacy Policy:

  • Account Data: As long as your account is active, plus 3 years after cancellation (for legal retention obligations)
  • Payment Data: 7 years after the last transaction (for tax and accounting purposes)
  • Health Data: As long as your account is active, plus 1 year after cancellation
  • Usage Data: 2 years
  • Marketing Data: Until you withdraw your consent

After the retention period expires, your data will be deleted or anonymized, unless a longer retention period is required by law.

11. Your Rights as a Data Subject

You have the following rights regarding your personal data:

11.1. Right of Access (Art. 15 GDPR)

You have the right to obtain information about the personal data we store about you.

11.2. Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate or the completion of incomplete data.

11.3. Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data if the legal requirements are met.

11.4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data.

11.5. Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

11.6. Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data if the processing is based on legitimate interest.

11.7. Withdrawal of Consent

If processing is based on your consent, you have the right to withdraw it at any time. The lawfulness of processing carried out until the withdrawal remains unaffected.

11.8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

Contact for Exercising Your Rights:
Email: contact@mind2way.com

12. Cookies and Similar Technologies

We use cookies and similar technologies on our website. For detailed information, please see our Cookie Policy.

13. Privacy of Minors

Our services are not directed to persons under 18 years of age. We do not knowingly collect personal data from minors. If you are a parent or guardian and discover that your child has provided us with personal data, please contact us so we can delete this data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of significant changes by posting an updated version on this page or by email.

We recommend that you review this page regularly to stay informed about our privacy practices.

15. Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, you can contact us:

Mind2Way Ltd.
Centris Business Gateway, Level 4/W
TRIQ IS-SALIB TAL-IMRIEHEL ZONE 3
CBD 3020 Birkirkara
Malta

Email: contact@mind2way.com
Website: www.mind2way.com

Last Updated: January 2025