Privacy Policy

Account Information:

• Email address
• Password (encrypted)
• Name (optional)
• Company name (for B2B users)
• Job title (optional)

Payment Information:

• We do NOT directly collect or store credit card numbers
• Payment processing is handled by LemonSqueezy
• We receive: transaction ID, purchase date, amount, and billing country

Profile Information:

• User preferences and settings
• Communication preferences

Communications:

• Emails you send to our support team
• Survey responses and feedback
• Any other information you choose to provide

Usage Data:

• Scenarios completed and scores
• Time spent on scenarios
• Techniques practiced and mastery levels
• Progress and learning analytics
• Features used and interactions

Device and Technical Information:

• IP address
• Browser type and version
• Device type (desktop, mobile, tablet)
• Operating system
• Screen resolution
• Referring URL
• Pages visited
• Date and time of access

Payment Processor (LemonSqueezy):

• Transaction confirmation
• Billing country
• Subscription status

Authentication Providers:

If you sign in via Google or other OAuth providers, we receive your email and basic profile information.

3.1 Providing the Services

• Create and manage your account
• Process payments and transactions
• Deliver scenario content and training
• Track your progress and learning outcomes
• Provide customer support

3.2 Improving the Services

• Analyze usage patterns to improve content
• Identify which scenarios are most effective
• Develop new features and techniques
• Fix bugs and technical issues
• Personalize your learning experience

3.3 Communications

• Send transactional emails (account creation, password reset, purchase receipts)
• Send product updates and new feature announcements
• Send marketing communications (with your consent)
• Respond to your inquiries and support requests

3.4 Safety and Security

• Detect and prevent fraud
• Protect against unauthorized access
• Enforce our Terms of Service
• Investigate violations and abuse

3.5 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and government inquiries
• Protect our legal rights

5.1 Service Providers

We share information with third-party service providers who help us operate the Services:

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Disclosure

We may disclose your information if required by law or if we believe disclosure is necessary to:

• Comply with legal process (court order, subpoena)
• Respond to government or regulatory requests
• Protect the rights, property, or safety of MindArena, our users, or others
• Investigate potential violations of our Terms
• Prevent fraud or illegal activities

5.3 Business Transfers

If MindArena is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

6.1 Active Accounts

We retain your personal information for as long as your account is active and as needed to provide you the Services.

6.2 Inactive Accounts

If your account is inactive for more than 24 months, we may send you a reminder email and delete your account and associated data.

6.3 After Account Deletion

When you delete your account or request deletion:

• Account data is deleted within 30 days
• Backup systems may retain data for up to 90 days
• Some information may be retained as required by law (e.g., transaction records for tax purposes)

6.4 Specific Retention Periods

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us provide functionality and understand how you use the Services.

7.2 Types of Cookies We Use

7.3 How to Manage Cookies

Most browsers allow you to view, delete, and block cookies. You can also opt out of Google Analytics at tools.google.com/dlpage/gaoptout

7.4 Do Not Track

We currently do not respond to "Do Not Track" (DNT) browser signals, as there is no industry standard for handling them.

8.1 Rights for All Users

Regardless of where you are located, you have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Request your data in a machine-readable format
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw consent for marketing communications

8.2 Additional Rights for EU/UK Users (GDPR)

If you are in the European Economic Area or United Kingdom:

• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interest
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Data Protection Authorities: UK - ICO (ico.org.uk), France - CNIL (cnil.fr)

8.3 Additional Rights for California Users (CCPA/CPRA)

If you are a California resident:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do NOT sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Right to Correct: Request correction of inaccurate information

8.4 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@mindarena.ai with subject line "Privacy Rights Request - [Your Request]".

We will respond within 30 days for GDPR requests and 45 days for CCPA requests.

9.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption: Data encrypted in transit (TLS/HTTPS) and at rest
• Access Controls: Limited access to personal data on a need-to-know basis
• Authentication: Secure password hashing and optional two-factor authentication
• Monitoring: Regular security monitoring and vulnerability assessments
• Vendor Security: Evaluation of third-party security practices

9.2 Your Responsibilities

You are responsible for:

• Keeping your login credentials confidential
• Using a strong, unique password
• Logging out from shared devices
• Notifying us if you suspect unauthorized access

9.3 Data Breach Response

In the event of a data breach that poses a high risk to your rights, we will notify affected users within 72 hours, notify relevant data protection authorities as required, and take immediate steps to mitigate the breach.

10.1 Where Data Is Stored

Your data may be stored and processed in the European Union (primary data storage) and United States (some service providers).

10.2 Transfers from EEA/UK

If we transfer personal data from the EEA or UK to countries without adequate data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and ensure service providers maintain appropriate safeguards.

10.3 UAE Data Protection

The UAE has enacted federal data protection laws (Federal Decree Law No. 45 of 2021). We comply with applicable UAE data protection requirements.

13.1 Types of Communications

13.2 Opt-Out

You can opt out of marketing communications by clicking "Unsubscribe" in any marketing email, updating your preferences in account settings, or contacting us at privacy@mindarena.ai. Opt-out requests are processed within 10 business days.