Privacy
Privacy Policy
Mindwtr is local-first and built to minimize data collection. Your tasks, notes, and projects stay on your device. Here's exactly what that means — and the few places data touches the network, only when you opt in.
Last updated 27 June 2026
Mindwtr ("we", "our", or "us") is designed as a local-first application. We respect your privacy and aim to minimize data collection by design.
1. Data storage
All data created within the app (tasks, projects, notes) is stored locally on your device.
2. Data sync
If you choose to use sync features (for example File Sync, WebDAV, self-hosted sync, or Dropbox OAuth in supported builds), your data is transmitted directly between your device and your chosen storage/sync provider. We (the developer) do not have access to this data.
- Dropbox OAuth sync (supported builds): Mindwtr requests Dropbox App Folder access and syncs only app data files under
/Apps/Mindwtr/(for exampledata.jsonandattachments/*). - Token handling: OAuth access/refresh tokens are stored locally on your device and used only to call Dropbox APIs for your account.
- FOSS builds: Dropbox OAuth may be disabled in FOSS distributions.
- Other providers via File Sync: iCloud Drive, Google Drive, OneDrive, Syncthing, and similar tools can still be used indirectly through File Sync.
3. Anonymous usage analytics (heartbeat)
In builds configured with the heartbeat endpoint, Mindwtr may send a small heartbeat event at most once per day to help us measure app health and adoption (for example DAU/MAU and distribution-channel usage).
- What may be sent: platform (for example iOS/Android/macOS/Windows/Linux), app version, distribution channel (for example App Store/Play Store/F-Droid/IzzyOnDroid/winget/Homebrew), coarse device class (for example phone/tablet/desktop), coarse OS major version (for example iOS 18 or Android 15), locale (for example en-US), and an app-generated random identifier.
- Country data: country may be derived server-side from edge network metadata during request handling.
- What is not sent in the heartbeat payload: user task data, project data, note content, files, AI prompt content, email address, name, contacts, account data, or other personal content.
- Opt-out: supported builds include a Settings toggle to disable future heartbeat analytics. When this is turned off, Mindwtr sends one final anonymous
opt_outheartbeat with the same app-generated identifier so the server can stop counting that install as active.
4. In-app feedback
If you send feedback from within the app (Settings → feedback), what you submit is sent directly to us at our feedback endpoint. It is only sent when you choose to submit feedback.
- What is sent: the category you pick (bug, feature, or other), your message, and basic context about your install — app version, platform, operating system, distribution channel, locale, and build.
- Email (optional): an email address is included only if you choose to enter one, so we can reply.
- Diagnostic logs (optional): recent app logs are attached only if you have diagnostic logging enabled; otherwise no logs are sent.
- Unlike the heartbeat, feedback can contain information that identifies you, because you write it — your message, and any email or logs you choose to include. We use it only to understand and respond to your report.
5. Third-party services (AI)
If you use optional AI features with your own API key (BYOK):
- What data is sent: the text you submit for AI processing (for example task title/notes/prompt content).
- Who receives it: your selected provider (for example OpenAI, Google Gemini, or Anthropic).
- When it is sent: only after you enable AI and accept the in-app consent prompt.
- How it is sent: directly from your device to that provider.
- Mindwtr developer access: we do not proxy these requests and do not collect or store this AI request content.
6. Contact us
If you have any questions about this Privacy Policy, email [email protected] or reach us via our GitHub repository.