Effective: April 17, 2026 · Last updated: April 17, 2026
The short version: We only collect what we need to run the service (your email, the content you put into the app, and payment info via Stripe). We don't sell your data. We don't share it with advertisers. We don't train AI models on your content. You can export or delete your data anytime.
1. Who we are
Mind Like Water ("we", "us", "our") is a software service operated by Titus Digital LLC, a company based in Washington State, United States. If you have questions about this policy, reach out at [email protected].
2. What we collect
Information you give us directly
Account info: your email address, display name, and password (stored as a one-way hash — we never see your plaintext password).
Your content: tasks, projects, notes, daily pages, areas of focus, tags, contacts, and anything else you create inside the app.
Billing info: when you subscribe, your card details are sent directly to Stripe and never touch our servers. We store your Stripe customer ID, subscription status, and billing history reference so we can show your current plan and link you to invoices.
Communications: if you email us for support, we keep the correspondence so we can follow up.
Information we collect automatically
Session data: standard authentication cookies and session tokens so you stay signed in.
Technical logs: IP address, user agent, and request timestamps from our hosting providers for security monitoring and debugging. These logs are retained for a short period (typically 30 days) and are not used to profile you.
3. How we use your information
To run the service — store your tasks and notes, sync across devices, keep you signed in.
To process subscription payments (via Stripe).
To send you transactional emails — password reset, trial-ending reminders, billing receipts, important account notices.
To respond to support requests you send us.
To prevent abuse and keep the service running reliably.
What we don't do with your information:
We don't sell it to anyone. Ever.
We don't share it with advertisers or use it for ad targeting.
We don't use your content — your tasks, notes, or anything you create in the app — to train AI models.
We don't send you marketing emails unless you opt in explicitly.
4. Who we share it with
We use a small number of trusted infrastructure providers to actually run the service. Each one handles a specific job and is bound by their own privacy practices:
Supabase — database, authentication, and real-time sync. Your content is stored on Supabase's infrastructure (US West region).
Stripe — payment processing. Stripe receives your card details directly from our checkout page; we never see or store them.
Vercel — application hosting and static content delivery.
Email provider — when we enable transactional emails, we'll use a reputable email service (such as Resend or Postmark). We'll update this policy with the provider name when that's live.
We don't share your data with any third party beyond these infrastructure providers, except if required by law (for example, responding to a valid subpoena).
5. Your rights over your data
Your content belongs to you. You can:
Export everything you've put into Mind Like Water as a single JSON file, anytime, from your account settings.
Delete your account — this removes your profile, content, and associated data from our live systems immediately. Backups are purged within 30 days.
Correct information you've given us by editing it in the app or contacting us.
Ask us what we have about you — email [email protected] and we'll respond within a reasonable window (typically within a week).
If you're in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA respectively, including the right to object to processing and the right to data portability. The rights listed above cover the practical versions of these — the same email address handles formal requests.
6. Data retention
Active accounts: we keep your data as long as your account is active.
Deleted accounts: your content is removed from live systems immediately and purged from backups within 30 days.
Billing records: Stripe retains transaction records for up to 7 years for tax and regulatory compliance — this is industry standard and outside our control.
Support emails: retained for up to 2 years unless you ask us to delete them sooner.
7. Security
We use industry-standard security practices: data is encrypted in transit (TLS) and at rest, passwords are one-way hashed, authentication is handled by Supabase Auth, and payments are processed by Stripe (PCI-DSS compliant). No system is perfectly secure, so if you discover a vulnerability, please email [email protected] — we'll respond promptly.
8. Children
Mind Like Water is not intended for users under 13. We don't knowingly collect information from children. If you're a parent or guardian and believe we have, contact us and we'll remove it.
9. International users
Mind Like Water is operated from the United States. If you use the service from outside the US, your data will be transferred to and stored in the US. By using the service, you consent to this transfer.
10. Changes to this policy
If we make a material change to this policy, we'll email registered users and update the "Last updated" date above. Non-material clarifications will just appear in the updated version. We'll preserve prior versions on request.