Privacy Policy

Effective date: February 2026 | Last updated: February 2026

1. Introduction and Scope

Digital Solutions Ltd ("we," "us," "our") operates MindClone, a voice-first AI platform that uses natural conversation to understand and learn about you. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our MindClone mobile application ("App"), our website at mindcl.one ("Website"), and related services (collectively, the "Services").

By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.

2. Definitions

Biometric Data — Physical characteristics used to identify a person, including voice recordings and voice characteristics derived from your speech.
Personal Information — Information that identifies, relates to, or could reasonably be linked with you.
AI-Generated Content — Outputs produced by artificial intelligence systems, including personality analyses, transcriptions, and responses.
Voiceprint — A derived representation of your voice characteristics used for speaker verification.
Mind Clone — Your personalized digital profile built from your conversations.
Conversation Data — Voice recordings, transcripts, and content of your conversations with the AI.
Psychological Profile — Personality traits, values, and insights derived from your conversations.

3. Information We Collect

(a) Information You Provide

Account data: email address, display name, password (hashed)
Demographics: birth date, gender, education level, occupation, relationship status, country of origin, region, timezone
Conversation content: everything you say during voice sessions
Autobiography content: life stories, timeline events, people, chapters
Email signups (Website): email address when you sign up for updates

(b) Information Collected Automatically

Voice recordings: full audio of your conversations (encrypted at rest)
Transcripts: text versions of your speech
Personality signals: traits and insights extracted from conversations using scientifically validated assessment methodologies
Voice characteristics: features derived from your speech patterns (biometric data)
Voiceprint: a derived representation of your voice for speaker verification
Device information: device model, OS version, app version
Usage analytics: session counts, feature usage, engagement metrics
Session data: mode, duration, summaries

(c) Information from Third Parties

Google OAuth: if you sign in with Google, we receive your email, name, profile picture, locale, and optionally gender and birthday

4. How We Use Your Information

To provide, operate, and improve the Services
To conduct personality analysis and build your Mind Clone
To understand and remember what matters to you across conversations
To personalize AI conversations and responses
To improve our AI models and algorithms (with your consent where required)
To ensure security, prevent fraud, and comply with legal obligations
To communicate with you about the Services
To send marketing or product updates (only if you opted in, e.g., via Website signup)

5. AI and Voice Data Processing

Voice Recordings. Your voice is recorded during conversations. Recordings are encrypted at rest using industry-standard encryption. We retain them to provide transcriptions, personality analysis, and to personalize your experience.

Transcription. Audio is transcribed using third-party speech-to-text services. Transcripts are stored and used for personality analysis and to personalize your experience.

Biometric Data. We derive voice characteristics and a voiceprint from your speech. This is biometric data under applicable laws. We use it for speaker verification and to enhance personality analysis. We obtain your explicit consent before collecting biometric data.

AI Personality Analysis. Transcripts and voice data are processed by AI systems to extract personality signals and insights. This processing occurs both on our infrastructure and via third-party service providers.

Model Training. We do not use your conversation content to train third-party AI models without your separate, explicit consent. Our own models may be improved using anonymized or aggregated data. We will disclose any material change to this practice.

Synthetic Data. We may use synthetic or anonymized data derived from our services for model improvement, testing, or research. Such data does not identify you.

6. Data Sharing and Third Parties

We share data with the following categories of third parties:

Provider	Data Shared	Purpose
Voice processing providers	Audio, prompts	Voice conversation handling, transcription, speech synthesis
AI analysis providers	Transcripts, prompts	Personality analysis and content understanding
Data infrastructure providers	Conversation data	Data storage and retrieval
Google	OAuth tokens	Authentication

We enter into contracts with these providers requiring them to protect your data and use it only for the specified purposes.

Our Data Access Commitment

We will NEVER sell, lease, rent, trade, or otherwise monetize your personal data to any third party. This is a core principle of MindClone, not a negotiable policy.

Access to your data is strictly limited to:

You — You always have full access to your own data.
Authorized MindClone employees — Only employees of Digital Solutions Ltd who need access to provide, maintain, or support the Services may access your data, under strict confidentiality obligations.
People you choose — If you explicitly grant access to another person through a feature we provide, that person may view the information you choose to share. No one else can access your data through any other means.

Third-party service providers (voice processing, AI analysis, data infrastructure) process your data only as necessary to deliver the Services, under binding contracts that prohibit them from retaining, using, or disclosing your data for any other purpose.

We may disclose data to law enforcement or regulators only when required by valid legal process (e.g., court order, subpoena). We will notify you of such requests where legally permitted.

7. Data Retention and Deletion

Data Type	Retention
Voice recordings	While account active; deletable on request
Transcripts	While account active
Personality profiles	While account active
Biometric data	While account active; deleted upon account deletion
Usage analytics	Up to 24 months
Account data post-deletion	Up to 90 days (backup purge)
Audit logs	12 months (anonymized where possible)

You may request deletion of your account and associated data at any time. We will process deletion within 30 days, subject to legal retention requirements.

8. Your Rights and Choices

Access: Request a copy of your personal data
Correction: Update or correct inaccurate data
Deletion: Request deletion of your account and data
Data portability: Export your data in a machine-readable format (e.g., JSON)
Opt-out of AI training: Withdraw consent for use of your data in model improvement
Object to profiling: Object to automated personality profiling (may limit service functionality)
Withdraw consent: Withdraw consent for biometric or other processing where consent is the legal basis

To exercise these rights, contact us at the address below. We will respond within 30 days where required by law.

9. Security

We implement technical and organizational measures to protect your data, including:

Industry-standard encryption for data at rest and in transit
Secure password hashing using modern, proven algorithms
Secure session management with token rotation
Access controls and audit logging

No system is completely secure. We cannot guarantee absolute security.

10. Children's Privacy

The Services are not intended for users under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us and we will delete it.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. For users in the European Economic Area and United Kingdom, we use Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection.

12. Cookies and Tracking Technologies

The Website does not use cookies, tracking pixels, or similar technologies. The App does not use third-party analytics SDKs at this time. If we introduce tracking technologies in the future, we will update this Policy and obtain consent where required by law.

13. Disclaimers

The Services are provided "AS IS" and "AS AVAILABLE" without warranties of any kind, whether express, implied, or statutory, including but not limited to warranties of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, and NON-INFRINGEMENT.

AI outputs, including personality analyses and conversation responses, are not professional advice. They are not a substitute for medical, psychological, legal, or financial advice. MindClone is not a mental health service and is not designed for crisis or emergency situations. We do not guarantee the accuracy, completeness, or appropriateness of AI-generated content. Personality analyses are experimental and have not been clinically validated.

14. Assumption of Risk

You acknowledge that the Services involve sharing sensitive personal information — including voice recordings, life stories, and psychological data — with AI systems. You assume all risks associated with this disclosure, including the risk that AI-generated insights may be inaccurate, incomplete, or inappropriate. You are solely responsible for how you interpret and act upon any information provided by the Services.

15. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

Our total aggregate liability for any and all claims arising from or related to the Services shall not exceed the greater of (a) the total fees you paid us in the 12 months preceding the claim, or (b) one hundred US dollars ($100).
We are not liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, lost data, loss of goodwill, emotional distress, or cost of procurement of substitute services, regardless of the cause of action or theory of liability.
These limitations apply even if we have been advised of the possibility of such damages and even if a limited remedy fails of its essential purpose.

Some jurisdictions do not allow the exclusion or limitation of liability for certain damages. In those jurisdictions, our liability is limited to the fullest extent permitted by law. Nothing in this Policy limits liability for gross negligence, willful misconduct, fraud, death, or personal injury caused by our negligence.

16. Dispute Resolution and Arbitration

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT.

Any dispute, claim, or controversy arising from or relating to this Policy, the Services, or your relationship with Digital Solutions Ltd shall be resolved by final and binding arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules, as modified by this provision. The Federal Arbitration Act (9 U.S.C. § 1 et seq.) governs the interpretation and enforcement of this arbitration agreement.

Class action waiver: You and we each agree that disputes will be resolved on an individual basis only. You waive the right to participate in any class action, collective action, or representative proceeding. The arbitrator may not consolidate claims or preside over any form of class or representative proceeding.

Jury trial waiver: You and we each waive the right to a jury trial for any dispute subject to this arbitration agreement.

Arbitration fees: For claims of $10,000 or less, Digital Solutions Ltd will pay all arbitration filing, administration, and arbitrator fees. For claims above $10,000, fees will be allocated according to AAA rules.

Opt-out: You may opt out of this arbitration agreement by sending written notice to us within 30 days of first using the Services. Your notice must include your full name, mailing address, email address associated with your account, and a clear statement that you opt out of the arbitration agreement. Send to the contact address below.

Small claims exception: Either party may bring an individual action in small claims court for disputes within that court's jurisdictional limits.

Governing law: This Policy and any dispute arising from the Services are governed by the laws of the State of Delaware, without regard to conflict of law principles.

17. Indemnification

You agree to indemnify, defend, and hold harmless Digital Solutions Ltd, its parent companies, subsidiaries, affiliates, officers, directors, employees, agents, contractors, and licensors (collectively, the "Indemnified Parties") from and against any and all claims, demands, actions, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the Services; (b) your violation of this Policy or any applicable law; (c) your violation of any third-party rights; or (d) any content you submit through the Services.

18. Regional Privacy Notices

GDPR (European Union / United Kingdom)

Data controller: Digital Solutions Ltd.

Lawful bases: We process your data under the following legal bases: (i) your explicit consent for biometric data collection and psychological profiling (Article 6(1)(a) and Article 9(2)(a)); (ii) performance of our contract with you to provide the Services (Article 6(1)(b)); (iii) our legitimate interests in security, fraud prevention, and service improvement (Article 6(1)(f)).

Your rights under GDPR: access (Art. 15), rectification (Art. 16), erasure / right to be forgotten (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection to processing (Art. 21), withdrawal of consent at any time (Art. 7(3)), and the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects (Art. 22).

Supervisory authority: You may lodge a complaint with your local data protection authority.

DPIA: We conduct Data Protection Impact Assessments for high-risk processing activities, including biometric data collection and psychological profiling, as required by Article 35.

CCPA / CPRA (California)

Categories collected: identifiers, biometric, internet activity, inferences. Purposes: service delivery, personalization, improvement, security. We do not sell, share for cross-context behavioral advertising, or otherwise monetize your personal information. We have never sold personal information and have no plans to do so. Your rights: know, delete, correct, opt-out of sharing, non-discrimination. To exercise: contact us or use any in-app mechanism we provide.

BIPA (Illinois)

This section constitutes our publicly available written policy governing the retention and destruction of biometric data, as required by 740 ILCS 14/15(a).

Biometric data collected: voiceprints and voice characteristics derived from your speech.

Purpose: to provide voice-based services, speaker verification, and personality analysis.

Consent: We obtain your informed, written consent before collecting biometric data. You may refuse to provide biometric data, though this may limit functionality.

Retention schedule: Biometric data is retained while your account is active. Upon account deletion, or within 3 years of your last interaction with the Services, whichever is sooner, biometric data will be permanently destroyed.

Destruction method: Biometric data is destroyed by secure deletion from our databases and storage systems, including overwriting of encrypted data and deletion of associated encryption keys, rendering the data unrecoverable.

No sale or profit: We do not sell, lease, trade, or otherwise profit from your biometric data. We do not disclose biometric data to third parties except as described in this Policy and with your consent.

Other US States (Virginia, Colorado, Connecticut)

Residents of these states have rights similar to CCPA, including access, correction, deletion, and opt-out of targeted advertising. We do not engage in targeted advertising based on your psychological profile. Contact us to exercise your rights.

19. General Provisions

Severability. If any provision of this Policy is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permissible and the remaining provisions shall remain in full force and effect.

Entire agreement. This Policy, together with any applicable Terms of Service and Beta Tester Consent Agreement, constitutes the entire agreement between you and Digital Solutions Ltd regarding the subject matter herein.

No waiver. Our failure to enforce any provision of this Policy shall not constitute a waiver of that provision or any other provision. No waiver shall be effective unless made in writing and signed by an authorized representative of Digital Solutions Ltd.

Assignment. We may assign our rights and obligations under this Policy in connection with a merger, acquisition, reorganization, or sale of assets, or by operation of law. You may not assign your rights or obligations without our prior written consent.

Force majeure. We shall not be liable for any failure or delay in performing our obligations due to causes beyond our reasonable control, including natural disasters, war, terrorism, government actions, power failures, internet disruptions, or pandemics.

20. Changes to This Policy

We may update this Policy. We will notify you of material changes by posting the updated Policy and updating the "Last updated" date. For significant changes, we may provide additional notice (e.g., email or in-app notification) at least 30 days before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

21. Contact Us

Digital Solutions Ltd
MindClone Privacy
loading...

For GDPR-related inquiries, you may contact our data protection representative at the same address.