Privacy Policy
Last updated: Aug 2025
Key Principles
- Your personal data is encrypted at rest and in transit.
- We do not sell your data.
- We do not train AI models on your private data.
- Access to your data is restricted even from cloud providers.
- You have full control to delete your data at any time.
Who We Are
This Privacy Policy applies to Alfred Mind (https://alfredmind.com/), operated by AlfredMind Inc. We are committed to protecting the privacy and data rights of our users.
What Information We Collect
| Data Type | Purpose |
|---|---|
| Email address | Used for login and user identification |
| Name (optional) | Used to personalize your experience |
| Google ID token | Used for Google OAuth login (JWT-secured) |
| Answers to test questions | Used to build psychological profiles |
| Browser/device data | Used to optimize performance and security |
We only request access to your basic Google profile information (email and profile) during OAuth login.
How We Use Your Data
- Authentication via Google OAuth.
- Personality profile generation via OpenAI GPT.
- Progress tracking and personalized recommendations.
- User support and feature usage analytics (anonymous).
- Your data is never shared or sold to third parties for advertising purposes.
Third-Party Services We Use
We may share limited data only with the services below for functionality:
| Service | Purpose | Data Shared |
|---|---|---|
| Google OAuth | Authentication | Email, profile |
| OpenAI API | Personality analysis | Anonymized answers |
| Google Cloud (GCS) | Data storage | Encrypted session data |
| PostgreSQL (Cloud SQL) | Internal data store | Encrypted user data |
All third-party services comply with their own privacy policies, which you can review below:
Google Privacy Policy
OpenAI Privacy Policy
Cookies & Local Storage
- Session cookies / HttpOnly cookies to keep you logged in securely.
- No marketing or third-party tracking cookies are used.
Data Retention & Deletion
You may delete your data at any time by contacting us or using the “Delete my data” button in your profile settings. This will:
- Permanently remove your user profile.
- Delete all associated test sessions and responses.
- Revoke access to the stored token.
Data Security
- Data is encrypted both in transit (HTTPS) and at rest (AES-256).
- User profile data is stored in secure PostgreSQL databases on Google Cloud SQL.
- Uploaded media (if any) is stored in Google Cloud Storage with restricted access.
- Access is logged and monitored for unauthorized access attempts.
User Rights
You have the right to:
- Access your data
- Correct inaccuracies
- Request deletion
- Withdraw consent for processing
- File a complaint with a data protection authority
Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available at: https://alfredmind.com/privacy
Contact Us
If you have questions, requests, or concerns about your data, please contact us at:
- 📧 [email protected]
- 📍 AlfredMind Inc., 8 The Green, STE B, Dover, DE, USA