MindNavigate

Privacy Policy

Last updated: 15 February 2026

1. Who we are

MindNavigate ("we", "us", "our") is the data controller responsible for your personal data. If you have questions about this policy or your data, contact us at privacy@mindnavigate.com.

2. What data we collect

Account data

When you create an account, we collect your name, email address, date of birth, gender, and location.

Special category health data

With your explicit consent, we collect information about diagnosed mental health conditions, mental health frequency, and your selected wellness goals. This is classified as special category data under Article 9 of the UK GDPR and is processed only with your explicit consent (Article 9(2)(a)).

Usage data

Journal entries, resource interactions (likes, favourites), assessment results, goal progress, and achievement history.

Technical data

IP address, browser type, device information, and anonymised analytics data collected through Google Analytics (when you consent to analytics cookies).

3. Lawful basis for processing

  • Explicit consent — for special category health data (diagnosed conditions, mental health frequency)
  • Contract performance — to provide your account and the features you use
  • Legitimate interest — for basic anonymised analytics and site security

4. How we use your data

  • Providing personalised resource recommendations based on your goals and conditions
  • Tracking your wellness goals and journal entries
  • Delivering assessment tools and storing your results
  • Improving the site through anonymised usage analytics
  • Protecting the security and integrity of the platform

5. Data storage and security

Your data is stored in Supabase-hosted infrastructure with encryption in transit (TLS) and at rest. We implement Row Level Security (RLS) policies ensuring you can only access your own data. Security audit logs track access to sensitive operations.

6. Data retention

We retain your data for as long as your account is active. When you delete your account, all personal data including journal entries, goals, and health information is permanently removed. Anonymised analytics data may be retained.

7. Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data via your profile settings
  • Erasure — delete your account and all associated data
  • Restriction — limit how we process your data
  • Portability — receive your data in a structured format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, email privacy@mindnavigate.com.

8. Cookies

We use cookies and similar technologies as described in our Cookie Policy. You can manage your preferences at any time via the "Manage cookies" link in our footer.

9. Third-party services

  • Supabase — database hosting, authentication, and storage
  • Google Analytics — anonymised usage analytics (when you consent)
  • hCaptcha — bot protection during sign-up

We do not sell or share your health data with any third party.

10. Children and young people

MindNavigate is designed to support young people's mental health. Users under 16 should have parental or guardian consent before creating an account. We do not knowingly collect data from children under 13.

11. Special category data safeguards

Health-related data is subject to additional safeguards: it is encrypted, protected by Row Level Security, never shared with third parties, and only processed with your explicit consent. You can withdraw this consent at any time through your profile settings, and we will delete the relevant data.

12. Data sharing

We do not sell, rent, or trade your personal data. Health data is never shared with third parties. We may share anonymised, aggregated data for research purposes.

13. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the site. The "Last updated" date at the top reflects the most recent revision.

14. Contact and complaints

Data controller: MindNavigate
Email: privacy@mindnavigate.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.