Privacy Policy MindNavigator

MindNavigator B.V.
Address: Will be published after Chamber of Commerce registration
Chamber of Commerce (KvK): Pending (will be published here once available)
Email: privacy@mindnavigator.io
Website: www.mindnavigator.io

Data Protection Officer (DPO):
Glenn Bosch (the data controller currently fulfils the DPO role)
Email: dpo@mindnavigator.io
For all privacy-related questions and complaints. As we scale up, an independent DPO will be appointed.

• Transparency: You have the right to know what happens with your data.
• Control: You must be in control of your personal information.
• Legal obligation: The GDPR requires this of us.
• Trust: Your trust is the foundation of our collaboration.

Name, email address, date of birth, encrypted password, and IP address.

School information, interests, goals, and preferences.

Tool responses, progress data, login activity, and platform behaviour.

Messages with customer support and guides, feedback, and notifications.

Billing details, type of payment method (no card details), and transaction history.

Personalised reports, coaching suggestions, and progress analyses.

AI chat conversations (Dr. Florentine Forest): As a premium feature you can chat with our AI expert. This works as follows:

• Chat messages are not permanently stored (stateless processing)
• Child context (name, age group, scores) is passed to the AI for personalised advice
• Token usage is tracked for cost management (no personal content)
• Rate limiting: maximum 30 messages per hour per user

We do not retain your data longer than necessary. Retention periods are:

• Account data: As long as the account is active. Deleted immediately upon confirmation of account closure (two-step via email token); only financial data is retained longer due to legal obligations (see below).
• Quiz answers & brain-type profiles: Up to 3 years or as long as the account is active, whichever comes first. Automatic deletion via cleanup cron thereafter.
• Energy tracking data: 180 days for pattern analysis, then automatic deletion. You can also delete older data yourself sooner.
• Progress data (XP, badges, streaks): As long as the account is active
• IP addresses (security): 90 days
• Login history: 1 year
• Communications (support, messages): 3 years after last message
• Proof of parental consent: 2 years (Dutch Implementation Act art. 5 — proof of consent for processing data of minors)
• Financial data (billing): 7 years (legal obligation — Dutch tax authority; only relevant once premium functionality is activated)
• Backup data: Maximum of 30 days after deletion from production database

MindNavigator uses minimal cookies for basic functionality:

Strictly necessary cookies (no consent required):

• Session cookie: Keeps you logged in (expires after 24 hours)
• Preferences cookie: Remembers language/theme choice (expires after 1 year)
• Security cookie: CSRF protection (expires after session)

Optional cookies (consent required):

• Analytics cookie (Google Analytics): Anonymous usage statistics with IP anonymisation (expires after 24 hours — 2 years, depending on cookie type)

Managing consent:

• First visit: Cookie banner with choice of options
• Change: Via Account Settings → Cookie Preferences
• Browser settings: You can also manage cookies via your browser

For full information: www.mindnavigator.io/cookies

During the beta phase of MindNavigator we collect additional data from beta testers:

• Registration data: Email address, name, registration date
• Verification status: Whether the account is verified, number of reminder emails sent
• Beta feedback: Feedback about features, including any screenshots

Retention period: Duration of the beta programme + 6 months after it ends.

Legal basis: Consent (Art. 6.1.a GDPR) — you give consent when signing up for the beta programme.

To provide our services, such as account management, platform functionality and customer support.

For platform improvement, security and (anonymous) research.

For optional features we explicitly ask for your consent via:

• Clear opt-in checkboxes (not pre-ticked)
• Separately per feature (not bundled)
• Freely withdrawable via Account Settings
• No impact on core functionality if declined

Optional features we ask consent for:

• Newsletters and product updates
• Participation in research (anonymous)
• Advanced personalisation (additional AI analysis)
• Marketing emails about new features

Where the law requires it, such as retaining tax data for 7 years.

• Parental consent always required — children in this age group cannot create their own account.
• The account is created and managed by the parent/guardian.
• The parent has full control and access to all data.
• No community features: No messaging, no social interaction, no coach connections.
• Adapted interface: Playful, gamified environment with short sentences and visual elements, tailored to the age.
• The parent manages all privacy settings — the child has no separate control here.

• Parental consent required for all data processing.
• Parents have the right of access, rectification and erasure of their child's data.
• The child can manage privacy settings themselves (what parents see), but cannot delete all data.

When a child (12-15) registers, we follow this process:

1. Child enters basic data: Name, date of birth, email address
2. System detects age: Automatic check whether the child is under 16
3. Parent email address requested: Child enters parent/guardian email address
4. Parent receives verification email with:
   • Explanation of MindNavigator and what we do
   • Link to this full privacy policy
   • Overview of the data we collect
   • "I give consent" button (active opt-in)
5. The account is only activated after parental confirmation

• Young people can give their own consent and fully manage their privacy.
• They can delete their own data, with a 7-day reflection period and parental notification.
• Parental involvement is still required for payments and in case of safety concerns.

12-15 year olds: Parents can see progress and patterns, but not private messages or individual energy check-ins.

16-17 year olds: Young people decide what parents see, except for payment-related information.

Children decide themselves what is shared with parents:

• Shared by default (12-15 years): Weekly patterns, best times of the day, warning when there are concerns (5+ days tired).
• Always private: Every individual energy check-in moment, messages with coaches, specific quiz answers.
• Child can adjust: Via "Privacy Settings" in the dashboard with 3 levels (Share Less / Normal / Share More).

Technical measures:

• Encryption in transit: All communication via HTTPS/TLS 1.3
• Encryption at rest: Database encrypted with AES-256
• Password security: Bcrypt hashing with salt (industry standard)
• Access control: Multi-factor authentication for employees
• Network security: Firewall, DDoS protection, intrusion detection
• Logging: All access to data is logged (retained 1 year)

Organisational measures:

• Minimal access: Employees only have access to data required for their work
• Background checks: All employees with data access are screened
• Privacy training: Mandatory GDPR training for all employees
• Processor agreements: All external parties sign Data Processing Agreements
• Annual audit: External security audit by a certified party

Incident response:

• Breach detection: Real-time monitoring for suspicious activity
• Notification deadline: Within 72 hours of discovering a breach
• Breach assistance: Free identity protection for 1 year in the event of a serious breach
• Incident contact: dpo@mindnavigator.io

Testing & updates:

• Penetration testing: Twice a year by an external party
• Bug bounty programme: Responsible disclosure rewarded
• Security updates: Within 48 hours of discovering a critical vulnerability

The child CAN:

• Export their data (GDPR Art. 20 — Data portability)
• Delete older data (older than 6 months)
• Adjust privacy settings (what parents see)

The child CANNOT:

• Delete all data — Parental consent is required for this

Why this choice?

• Protection against impulsivity: Children at this age can make impulsive decisions (especially with ADHD/ASD traits), which they may later regret.
• Safety: The data contains valuable insights for support and coaching. Permanent deletion can make guidance harder.
• GDPR compliant: This is consistent with Art. 8 GDPR, which requires parental consent for data processing of minors under 16.
• Educational: The child learns the difference between daily data management (privacy settings) and permanent deletion.

The young person CAN:

• Export data
• Delete older data (>6 months)
• Delete all data, with additional safeguards:

Full control over your own data:

• Export, delete, and manage without restrictions
• Direct deletion available (with confirmation)

As a parent of a child <16, you can via the Parental Dashboard manage your child's data:

1. Log in to your Parental Dashboard
2. Go to "Data Management" under your child's profile
3. Choose "Delete Data" and confirm by typing: DELETE MY CHILD'S DATA
4. Data is deleted directly and permanently (cannot be undone!)

When you export your data, you receive a file with all personal information.

The export includes:

• All quiz answers and results
• Brain-type profile
• Energy tracking (full history)
• Notes (from you and your parent)
• Progress and earned badges
• Learning-route progress and reflections
• Score history per domain
• Consent records and privacy settings
• Activity logs

What happens to data in backups after deletion?

• Backup retention period: Backups are kept for 30 days after deletion from the production database
• Permanent erasure: After 30 days backups are also permanently erased
• Expedited deletion: You can request expedited deletion (within 7 days, €25 administration fee)
• Acute need: In case of acute need (e.g. stalking): Free, immediate deletion within 24 hours — contact dpo@mindnavigator.io

Through the Parental Dashboard you have access to:

This balance is designed to give you enough insight for good guidance, while your child retains enough privacy for trust-building.

Yes! Your child can choose from 3 levels via "Privacy Settings":

• 🟠 Share Less: Only that quizzes have been completed (no scores), no energy tracking
• 🟢 Normal (recommended): Patterns and summaries (as described above)
• 🔵 Share More: Also concern warnings and which tools are used

If your child chooses "Share Less", you receive a notification with a friendly reminder that this makes it harder to support them. You can then have a conversation about why this choice was made.

• Access to progress and patterns (according to the child's privacy settings)
• Export your child's data (for your own records / support)
• Delete your child's data (with extra confirmation)
• Schedule sessions with coaches/tutors on behalf of your child (12-15 years)
• Receive notifications on concern signals (if enabled by the child)

When your child indicates 'Tired' or 'Very tired' for 5 days in a row, you receive a notification.

Parents can add notes, observations and profile information about their child.

Your child has the right to know:

• Which data you have added
• When this was added
• To correct this data if it is inaccurate

For children aged 12-15:

• ✓ Right of access (via own dashboard)
• ✓ Right to export (self-service)
• ✓ Right to adjust privacy settings
• ⚠️ Right to erasure (via parent)

For young people aged 16-17: All rights, with additional safeguards for full deletion (7-day reflection period, parental notification).

For adults 18+: Full control without restrictions.

We respond to your requests within:

• 1 month (standard): For all regular requests
• 2 months: For complex requests (with explanation why)
• 72 hours: For acute emergencies (e.g. stalking, safety)
• 5 business days: You always receive a receipt confirmation within 5 business days

For access/deletion requests we ask for verification to protect your privacy from unauthorised access:

• Primary verification: Logging in with your account
• In case of doubt: Additional verification via email/SMS
• In case of serious doubt: Copy of ID (with the national ID/passport number blacked out)

Google Cloud Platform (Firebase)

• Purpose: Database, authentication, file storage
• Location: The Netherlands — europe-west4 (Amsterdam). Personal data does not leave the EU.
• Safeguard: Google Cloud Data Processing Addendum (accepted 2026-03-29) + Standard Contractual Clauses Module 2+3 + EU GDPR certification
• Data shared: All account data, quiz data, progress, energy tracking

Anthropic (Claude AI)

• Purpose: Analysis of quiz data, content generation, brain-type profiles
• Location: United States
• Safeguard: Anthropic Data Processing Addendum (effective 24 February 2025) + EU Standard Contractual Clauses Module 2 (controller-processor) + No-training clause
• Data shared: Pseudonymised quiz answers (no name/email)
• Privacy: Claude AI may NOT use data for model training

Mollie (for paid subscriptions)

• Purpose: Processing payments (iDEAL, credit card, Bancontact, etc.)
• Location: The Netherlands (EU)
• Safeguard: PCI-DSS certified, processor agreement
• Data shared: Name, email address, payment details
• Privacy: Card details are NOT stored by us

Resend

• Purpose: Sending transactional emails (account verification, password reset, notifications, report notifications)
• Location: United States
• Safeguard: EU Standard Contractual Clauses apply; DPA validation in progress
• Data shared: Email address, name, email content

Google Analytics (with Consent Mode v2)

• Purpose: Anonymised usage statistics for platform improvement
• Location: United States (with EU Data Processing)
• Safeguard: DPA + SCCs + IP anonymisation + Google Consent Mode v2
• Data shared: Anonymised page visits and usage patterns (IP address is anonymised)
• Privacy: Only active after your explicit consent via the cookie banner. Do Not Track is respected. Minors (<16 years) are automatically excluded. No remarketing or ad personalisation.

Sentry (technical error monitoring)

• Purpose: Detecting and resolving technical errors in the platform
• Location: EU (Germany)
• Safeguard: DPA, data processing within the EU
• Data shared: Technical error information, stack traces, browser and operating system information
• Privacy: No personal user data; only technical context on errors. 10% sample of transactions.

Only data you explicitly share via the platform

• Coaches have NO access to your login credentials
• Coaches have NO access to messages with other coaches
• Coaches have NO access to data you have set as private
• Coaches are bound by professional confidentiality and the GDPR

All parties listed above have signed a Data Processing Agreement (DPA) stating that:

• They may only process data according to our instructions
• They have adequate security measures
• They may not use data for their own purposes
• They must notify us within 24 hours of a data breach

You can request copies of DPAs via dpo@mindnavigator.io

Coaches have access to data of children. To prevent misuse we have additional safeguards:

Access control:

• Coaches only have access to data that the child/parent explicitly shares
• Coaches have NO access to: login credentials, financial data, data of other children, messages with other coaches
• Access can be revoked by the child/parent at any time

Professional safeguards:

• Professional confidentiality: All coaches are bound by professional confidentiality (GDPR Art. 9.3)
• Background checks: Mandatory screening for all coaches
• Privacy training: Annual GDPR training required
• Audit trail: All data access is logged and monitored
• In case of misuse: Immediate access block + report to the DPO

• Location: The Netherlands — europe-west4 (Amsterdam). Firestore and App Hosting run exclusively in the EU. Personal data does not leave the EU.
• Safeguard: Google Cloud Data Processing Addendum (accepted 2026-03-29) + Standard Contractual Clauses Module 2+3 + EU GDPR certification
• Purpose: Database hosting, authentication, file storage

• Location: United States
• Safeguard: Anthropic Data Processing Addendum (effective 24 February 2025) + EU Standard Contractual Clauses Module 2 (controller-processor) + encryption in transit
• Purpose: Content generation, analysis of quiz data (pseudonymised)
• Privacy: AI providers may NOT use data for training
• Data minimisation: Only pseudonymised data (no names/emails)

• Location: The Netherlands (EU) — no transfer outside the EU
• Safeguard: PCI-DSS certified, processor agreement
• Purpose: Payment processing once premium functionality is activated

• Location: United States
• Safeguard: EU Standard Contractual Clauses apply; DPA validation in progress
• Purpose: Transactional emails (verification, notifications, password reset)

• Location: United States (Google LLC), with EU Data Processing Amendment
• Safeguard: Google Cloud Data Processing Addendum + EU Standard Contractual Clauses Module 2 + IP anonymisation (default in GA4) + Google Consent Mode v2
• Purpose: Anonymised usage statistics for platform improvement (only after explicit cookie consent)
• Minor protection: Users under 16 are automatically excluded from analytics tracking; Do Not Track is respected; no remarketing or ad personalisation

• Location: EU (Frankfurt, Germany) — Sentry EU tenancy (de.sentry.io). Personal data does not leave the EU
• Safeguard: Sentry Data Processing Addendum + processing exclusively within the EU; no transfers to third countries
• Purpose: Technical error monitoring and stack-trace analysis for platform stability
• Legal basis: Legitimate interest (GDPR art. 6(1)(f)) — minimally necessary technical monitoring
• Privacy-by-design: URL query strings are automatically anonymised before transmission (filtering of possible tokens or email addresses); 30% sampling of performance data; only active in production

You have the right to:

• Object to transfers to countries outside the EU
• Request copies of the Standard Contractual Clauses
• Ask questions about safeguards via dpo@mindnavigator.io

All transfers take place in line with GDPR Art. 46 with adequate safeguards:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Supplementary measures: Encryption, pseudonymisation, data minimisation
• Impact assessment: Carried out for each third party (Transfer Impact Assessment)
• Monitoring: Annual review of safeguards

When does MindNavigator share data with government?

• Only with a court order or legal obligation
• Never voluntarily without a legal basis
• Only data specifically named in the order
• Minimal disclosure: We never provide more data than strictly necessary

MindNavigator uses AI (Claude AI from Anthropic) to:

• Analyse quiz results: Recognise patterns in your answers
• Determine brain-type profiles: Such as "Visual Thinker", "Analytical Brain", etc.
• Generate personalised tips: Tailored study and learning strategies
• Monitor progress: Track development over time

You have the right to:

• Human review: Via coaches/tutors who can review and correct AI-driven insights
• Explanation: How the AI reaches conclusions (via dpo@mindnavigator.io)
• Objection: Against AI use (with impact on functionality)
• Correction: If AI-generated data is inaccurate

What we NEVER do with AI profiles:

Additional safeguards:

• No training: AI models are NOT trained on your personal data
• Pseudonymisation: The AI does not receive names/emails, only pseudonymised data
• Human control: Coaches can always override AI output
• Transparency: You can always see what the AI has generated (badge "AI-generated")

In line with GDPR Art. 35, MindNavigator has conducted a Data Protection Impact Assessment (DPIA) for the AI profiling of children. Given the nature of the processing (profiling of minors with AI) we consider this a mandatory step.

Status: DPIA v1.1 was completed on March 29, 2026 and is available internally. A summary can be requested via dpo@mindnavigator.io

You can always:

• Delete your brain-type profile (without consequences for core functionality)
• Object to AI analysis (via Account Settings → AI Preferences)
• Ask how the AI reached a conclusion
• Request human review (via your coach)

We may change this privacy policy in case of:

• New features: For example new AI features or tools
• New legislation: Changes to GDPR or other privacy laws
• Feedback from the Dutch Data Protection Authority: Recommendations from the regulator
• External audit recommendations: Improvements following security audits
• User feedback: Clarifications based on questions received

For substantial changes:

• Email notification to your registered email address
• Pop-up in the platform on your first login after the change
• Summary of changes in a clear changelog
• 30-day reflection period for material changes that limit your rights

For minor changes:

• Update of the "Last updated" date at the top of this document
• Changelog available via dpo@mindnavigator.io