Privacy Policy

Effective: April 4, 2026 · Last updated: May 30, 2026

1. Who we are

tellmint is operated by:

Klarfels
Inhaber: Dusko Susa
Amselweg 11, 37441 Bad Sachsa, Germany
Email: ...

We are the data controller for all personal data processed through the tellmint Android app and the tellmint.com website.

2. What we store

tellmint stores the data needed to make the product work. Depending on which features you use, this can include:

• Account data: your account identifier, email address if you link or sign in to an account, and a nickname/display name if you provide one or we use your sign-in name to fill it in
• Journal content: voice note transcripts, titles, summaries, tags, domains, importance ratings, due dates, reminder settings, and recurrence rules
• AI-generated data: emotion labels, AI commentary, theme words, Mint Memory items, AI profile summaries, semantic embeddings (vector representations used for search), and related structured metadata
• Chat data: Mint Reflect prompts and replies in your current app session, plus cited entry references and any entries or memories the chat creates or updates for you
• Audio files: new recordings are stored locally on your device for playback and review, inside tellmint's private app storage — not visible to other apps, and removed if you uninstall tellmint. Recordings made by app versions released before May 2026 may still be in your phone's Download/tellmint/ folder; you can remove them anytime with "delete all recordings" in Settings. Audio is sent to our server for transcription and then discarded from the server.
• Profile information: optional nickname, age, city, interests, important people, important places, and about-me text that you choose to provide for a more personalized experience
• Settings and preferences: consent settings, timezone, language, notification preferences, theme, and app settings
• Subscription and billing data: your plan (free, Pro, or Max), recording top-up credit balance with expiry dates, and subscription lifecycle events (purchase, renewal, cancellation, expiration)
• Diagnostics: crash reports, performance telemetry, a latest app/device support snapshot (app version, build number, Android version/API level, device model/manufacturer, locale, install source, and physical/emulator flag), and product usage signals such as screen opens, recording counts, durations, widget launches, and notification interactions. These signals are linked to your account (pseudonymous, not anonymous) so we can diagnose issues per user. We do not collect IMEI, Android ID, advertising ID, serial number, MAC address, IP address, or other device identifiers for this support snapshot.
• Website server logs: Firebase Hosting request logs for tellmint.com, such as request time, requested page URL, status code, country/city derived from IP, IP address, user agent, referrer if present, cache status, and latency. We use these logs for security, abuse prevention, debugging, uptime, and aggregate traffic reporting. The admin dashboard shows only aggregate counts such as page requests, top countries, and top pages; it does not show raw IP addresses, user agents, or referrers.
• Server-side operational data: usage counters (recordings per month, chat messages per month), AI processing metadata (model used, latency, token counts), rate-limit counters, and abuse-detection logs. These are linked to your account for security and quota enforcement.
• Subscription history: a log of subscription events (purchase, renewal, cancellation, expiration) and credit transactions (top-up purchases, usage) for billing accuracy and dispute resolution.
• Feedback: if you submit feedback through the app, we store your message, optional screenshot, category, rating, the screen you were on, and device information (app version, build number, OS version, device model, locale).
• Search queries: recent search terms are stored locally on your device for convenience. Search queries are also sent to our server for semantic search processing.

3. Why we process it

We process your journal data to provide the service you asked for: transcribing recordings, organizing thoughts and tasks, syncing your account, powering search, reminders, exports, Pattern Sky, Mint Memory, and Mint Reflect.

Our legal bases under GDPR are:

• Contract performance (Art. 6(1)(b)): processing your journal data, managing your subscription, and providing the features you use.
• Legitimate interests (Art. 6(1)(f)): crash reports, performance telemetry, security monitoring, abuse prevention, quota enforcement, and support troubleshooting to keep the app stable, secure, and fast.
• Consent (Art. 6(1)(a)): analytics and marketing are processed only if you opt in. You can withdraw consent at any time in Settings.
• Legal obligation (Art. 6(1)(c)): billing, tax, accounting, consumer-rights requests, and legal compliance where applicable.

4. Where your data is stored and processed

tellmint stores app data in Firebase/Firestore and Cloud Functions in europe-west1 (Belgium). That includes your entries, tags, domains, emotions, memories, settings, and exports.

Mint Reflect conversation history is kept in the current app session or local app state so the assistant can respond coherently. When you send a chat request, the current prompt, recent chat context, and relevant journal content are processed through our backend and AI providers to generate the reply.

tellmint uses Google-managed infrastructure. All data is encrypted in transit with TLS 1.2+ (HTTPS) and at rest with AES-256 server-side encryption on Google Cloud — the same standards used by major platforms like Notion, Day One, and Spotify, and by online banking.

Mint Reflect may use Vertex AI Global endpoints for reliability. That means prompts, chat context, and selected journal content sent to Mint Reflect may be processed outside the EU. We call this out because region-locked EU processing is not guaranteed for that path.

5. Who can access your data

Your data is yours. Automated systems read your content to do their job — transcription, search, sync, AI features. That is the whole point of the product. No one reads your entries as part of normal operation, no human reviews your transcripts, and we never use your content to improve our service or train AI models.

Like every cloud product, the developer who runs tellmint holds the technical keys needed to fix things when they break. That access is used only for support, security, and maintenance work — never to browse or read user content. In practice this means looking at one specific entry only when:

• Fixing a bug you reported — if a sync failure or an AI issue cannot be reproduced from anonymised logs alone, the developer may need to look at the specific entry that failed in order to fix it.
• Stopping abuse — investigating suspicious sign-ins, account takeovers, or attempts to abuse usage limits.
• Migrations and maintenance — running data-integrity checks when we change how something is stored.
• Legal compliance — responding to lawful requests we are legally required to act on (rare).

That access lives behind internal tools that are separate from the user-facing app, gated by Google sign-in, an internal allowlist, network-level security checks, and every action is logged. tellmint is run by a single founder; in practice this means one person who only ever opens a specific entry when fixing a real reported issue.

6. AI providers and model training

We never use your journal content to train AI models.

When tellmint sends content to AI providers to transcribe audio, generate embeddings for search, or answer Mint Reflect requests, that content is used only to provide the feature you asked for. We do not sell your content, and we do not give third parties permission to train on your journal content on our behalf.

Our AI providers are contractually prohibited from using your content to train their own models. Google Vertex AI processes content only to serve the request and discards it after the response is returned. OpenRouter (used as a fallback) operates under a zero-data-retention policy for API requests. We never share content with providers who reserve training rights.

tellmint uses AI to automatically transcribe recordings, classify entries (thought vs. task), assign emotion labels, extract tags and domains, suggest dates, determine importance, generate insights, and respond in Mint Reflect.

Emotion recognition notice: tellmint includes an emotion classification feature that assigns a label from a fixed set (such as "calm", "anxious", "hopeful") to your entries to help you reflect on patterns over time. This is automated organization of your own content, not a clinical, diagnostic, or psychological assessment of you. The labels are estimates, not facts about you, and you can edit or disable them in Settings. We disclose this in line with the EU AI Act transparency obligations for emotion-recognition systems.

AI outputs are generated estimates. Transcripts, summaries, task extraction, dates, tags, emotion labels, importance scores, Pattern Sky groupings, Fresh Insights, Mint Memory items, and Mint Reflect replies can be wrong or incomplete. Where the app allows it, you can edit, delete, correct, ignore, or disable generated output.

This automated processing helps organize your journal but has no legal or similarly significant effects on you. It does not determine your rights, eligibility, credit, employment, medical treatment, or access to essential services.

7. Third-party services that process your data

We use the following services to operate tellmint. Each processes personal data only as needed to provide their part of the service:

Service	What they process	Location
Google Cloud / Firebase	Firebase Authentication + Google Sign-In / email-link sign-in: account login and identity Cloud Firestore: journal data storage Cloud Functions: server-side AI processing Firebase Storage: feedback screenshots Firebase Crashlytics: crash reports (opt-out) Firebase Performance: speed diagnostics (opt-out) Firebase Analytics: usage analytics (opt-in only) Firebase App Check: app authenticity verification Cloud Logging: server-side operational logs and Firebase Hosting request logs for security, debugging, uptime, and aggregate website traffic reporting Website iOS waitlist: email address, Turnstile anti-abuse signal, and timestamp only when you submit the waitlist form	EU (Belgium)
Google Vertex AI	Audio transcription, entry structuring, emotion detection, semantic embeddings, memory extraction, chat responses	EU primary, Global fallback
OpenRouter	Chat AI responses (fallback when Vertex AI is unavailable)	US (zero data retention policy)
RevenueCat	Subscription management, purchase receipt validation, entitlement tracking. RevenueCat automatically collects device identifiers, purchase history, and subscriber status.	US
Google Play Billing	Payment processing for subscriptions and in-app purchases	Google infrastructure
Cloudflare Turnstile	Bot and abuse prevention on the website support form	Cloudflare infrastructure
Google Ads (conversion tracking)	Website-only advertising measurement: counts clicks on download buttons as ad conversions. Processes an ad-click identifier (e.g. gclid), conversion events, and advertising cookies. Loads only after you accept cookies on the website.	Google infrastructure (EU/US)
Resend	Delivery of website support and contact emails	Resend infrastructure

8. International data transfers

Most tellmint app data is stored in EU servers (Belgium). Some processing may involve international transfers:

• Mint Reflect: may use Vertex AI Global endpoints (processing outside the EU).
• OpenRouter: US-based, with a zero data retention policy for API requests.
• RevenueCat: US-based, for subscription management.
• Cloudflare Turnstile and Resend: used by the public website for support-form abuse prevention and email delivery.
• Google Analytics and Google Ads (website only): if you accept cookies on the website, Google may process website analytics and ad-conversion data in the US.

Where data is transferred outside the EU/EEA, we rely on:

• the EU-US Data Privacy Framework adequacy decision (for Google and eligible US providers), and
• Standard Contractual Clauses (SCCs) approved by the European Commission.

If the EU-US Data Privacy Framework adequacy decision is suspended, invalidated, or otherwise withdrawn, transfers to US providers continue under the Standard Contractual Clauses already in place, plus any supplementary measures the European Data Protection Board recommends at that time.

9. Data retention

• Journal entries, memories, and profile data: stored until you delete them or delete your account.
• Deleted entries: soft-deleted for 14 days (recoverable), then permanently removed.
• Recording top-up credits: expire 12 months after purchase.
• Local audio files: kept on your device for playback and review, inside tellmint's private app storage, until you remove them — from Settings you can export copies of your recordings (handy before uninstalling) or delete them all. (Leftover files from recordings that failed and were never saved are cleaned up automatically; nothing tied to a note or task is.)
• Mint Reflect session history: stays in the current app session or local app state until you clear the conversation, sign out, or delete the app. Chat messages are not stored as a separate server-side chat history after the response is generated.
• Crash reports: retained per Firebase Crashlytics defaults (typically 90 days).
• Performance telemetry: retained per Firebase Performance Monitoring defaults.
• Latest app/device support snapshot: stored while Crash Reports & Speed Diagnostics is on, refreshed only when the value changes or about every 30 days, and cleared if you turn diagnostics off or delete your account.
• Operational and website request logs: retained according to Google Cloud logging settings, usually 30 days unless a shorter or longer retention setting is configured, and used for security, debugging, uptime, quota enforcement, billing reconciliation, and aggregate website traffic reporting.
• Subscription event history: retained for billing and tax compliance purposes as required by law.
• Website iOS waitlist emails: retained until the iOS launch list is no longer needed or until you ask us to delete your email.
• Feedback and support submissions: retained until manually reviewed and resolved, and longer where needed for abuse prevention, legal compliance, or dispute handling.

10. Android permissions

tellmint requests the following device permissions, each for a specific purpose:

• Microphone (RECORD_AUDIO): required to record voice notes. Without this, the core capture feature cannot work.
• Notifications (POST_NOTIFICATIONS): optional, used for reminders, daily/weekly digests, and task alerts.
• Exact alarms (SCHEDULE_EXACT_ALARM): used so timed reminders fire at the exact time you set, not minutes late.
• Media/storage access: used to read and save local audio files. On older Android versions (12 and below), this uses broader storage permissions; on newer versions, it uses scoped media access.
• Boot completed: restores your scheduled reminders after a device restart.

11. Just-in-time notices

Settings include explanations of optional AI features (such as emotion detection and AI commentary) and let you disable them at any time. Consent prompts and settings explain the difference between optional analytics and default crash/performance diagnostics.

12. Website analytics, cookies, and fonts

The tellmint website uses Google Analytics (audience measurement) and Google Ads conversion tracking (counting clicks on our download buttons as advertising conversions), wired through Google Consent Mode v2 (advanced mode). By default every Google tag is set to denied: the tag loads on the page but sets no cookies and stores nothing on your device, and only anonymous, cookieless signals are processed. We set cookies and enable full advertising/analytics measurement only after you press “Accept all” on the cookie banner. If you press “Reject all” or ignore the banner, no cookies are set and nothing is stored on your device.

Legal basis. These cookies and the related processing rely on your consent (Art. 6(1)(a) GDPR and § 25 TDDDG). You can withdraw your consent at any time — as easily as you gave it — via the “Cookie settings” link in the website footer, which re-opens the banner. Withdrawing stops further loading on your next page view. Your consent choice is stored locally in your browser (localStorage), not in a cookie.

Cookies set only after you accept:

Cookie	Purpose	Provider	Expiry
_ga	Distinguishes website visitors (Google Analytics)	Google	2 years
_ga_<id>	Persists analytics session state (Google Analytics)	Google	2 years
_gcl_au	Stores ad-click information for conversion measurement (Google Ads)	Google	90 days

Where this data flows to Google in the US, we rely on the EU-US Data Privacy Framework and the Standard Contractual Clauses described in section 8. We do not enable Google Ads “enhanced conversions,” so we do not send hashed personal data (such as email addresses) to Google for ad matching.

The iOS waitlist form sends your email to a protected Cloud Function and uses Cloudflare Turnstile for bot protection. Normal page visits do not load the Firebase website SDK.

The support page loads Cloudflare Turnstile to reduce spam. If you submit the form, our backend uses Resend to deliver the message.

The website uses local system fonts. We do not load Google Fonts or another third-party font provider.

13. Your rights under GDPR

As a user in the EU, you have the following rights:

• Access (Art. 15): request a copy of your personal data. You can export your data in the app via Settings → Export My Data.
• Rectification (Art. 16): correct inaccurate data. You can edit your entries and profile directly in the app.
• Erasure (Art. 17): delete your data. You can delete your account via Settings → Delete Account, which permanently removes all your data from our servers.
• Restriction (Art. 18): request that we limit how we process your data in certain circumstances.
• Data portability (Art. 20): receive your data in a structured format. The export feature provides JSON and CSV formats.
• Object (Art. 21): object to certain processing based on legitimate interests.
• Withdraw consent: for analytics and marketing, you can withdraw consent at any time in Settings → Analytics & Improvements.
• Diagnostics opt-out: turn off crash reports and performance diagnostics in Settings → Crash Reports & Speed Diagnostics.

To exercise any right, contact us at ... or use the in-app features listed above.

14. Right to complain

If you believe we are not handling your data correctly, you have the right to lodge a complaint with a data protection supervisory authority. The relevant authority for our business is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5, 30159 Hannover, Germany
Website: lfd.niedersachsen.de

You may also contact any other EU supervisory authority.

15. Children

tellmint is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it.

16. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date at the top and, where practical, notify you through an in-app notice. We encourage you to review this policy periodically.

17. Contact

If you have privacy questions or want to exercise your rights:

Email: ...
Support: tellmint.com/support
Impressum: tellmint.com/impressum