Privacy Policy

Privacy Policy

Hivemind Privacy Policy

This Policy explains how Aether Technologies UG (haftungsbeschränkt) processes personal data when you use Hivemind and related app services.



PRIVACY AT A GLANCE

This summary helps you understand the key points. The full policy below gives the complete details.

Controller: Aether Technologies UG (haftungsbeschränkt), Berlin, represented by its CEO Victor Bellu.

Main data: Account, learning, device, upload, voice, subscription, analytics/session replay and AI-input data.

Why we use it: To run the app, save progress, generate and personalize content, manage subscriptions, fix bugs, send optional notifications and measure attribution.

Important sharing: We use infrastructure, analytics, crash, payment, attribution, speech and AI providers. The provider groups are listed below.

Locations: Core structured app/database data is mainly processed in the EU. Some media, AI, speech, subscription, push and attribution providers process data in the USA/global.

Your choices: You can change device permissions, withdraw consent, opt out of tracking/push where available and contact us for GDPR rights or deletion.


  1. CONTROLLER AND CONTACT

The controller responsible for your personal data is:

Aether Technologies UG (haftungsbeschränkt) c/o CODE Education GmbH Donaustraße 44 12043 Berlin Germany

Represented by its CEO Victor Bellu.

Privacy contact: support@gethivemind.app

We have not appointed a data protection officer because we are currently not legally required to do so. Please use the privacy contact above for any privacy questions or requests.


  1. WHAT DATA WE PROCESS

We process different data depending on which app features you use.

Account and login

  • Examples: Email address, name, phone number if provided, profile picture, authentication provider user ID, anonymous auth ID, sign-in provider data, app-integrity tokens.

  • Why we use it: Create and secure your account; provide login and app-integrity protection.

Learning and app use

  • Examples: Viewed content, quiz/progress data, likes, watch events, preferences, skill signals, app settings and session/device identifiers.

  • Why we use it: Provide the app, save progress, personalize recommendations and improve the product.

Device and technical data

  • Examples: Device model, OS/app version, language/locale, time zone, calendar/time format, push tokens, IP address and approximate location.

  • Why we use it: Operate the app, send optional notifications, diagnose issues and protect the service.

Voice input

  • Examples: Microphone audio and transcript when you use voice features.

  • Why we use it: Transcribe your voice request. Audio may be sent directly from your device to a third-party speech-to-text provider.

Uploads and user content

  • Examples: Profile photos, camera/gallery images, uploaded PDFs and extracted text, prompts, searches, URLs, YouTube links, chat messages, profile text, ratings and votes.

  • Why we use it: Use your materials as learning sources, generate AI content and operate chat/tutor features.

Subscriptions and purchases

  • Examples: App user ID, subscription/purchase status, product and transaction IDs, platform receipts, entitlement/wallet data, IDFA/IDFV after ATT consent.

  • Why we use it: Manage subscriptions, entitlements, refunds, trials, conversion logic and accounting. We do not receive card details.

Analytics, crash and quality

  • Examples: Pseudonymous IDs, events, behavior data, device/app metadata, crash/error data, stack traces, AI traces and session-replay recordings.

  • Why we use it: Understand usage, fix bugs, monitor AI quality, secure the app and improve performance.

Marketing attribution

  • Examples: Attribution provider ID, device/install data, IDFA after ATT opt-in and SKAdNetwork postbacks.

  • Why we use it: Measure campaign performance and install attribution.


  1. PURPOSES AND LEGAL BASES

Under the GDPR, each processing purpose needs a legal basis. The main bases are:

  • Account, login, core app functions, learning progress, subscriptions, uploads, chat/tutor and AI generation: Performance of contract — Art. 6(1)(b) GDPR.

  • Product analytics, crash diagnostics, observability, security, abuse prevention and product improvement: Legitimate interests — Art. 6(1)(f) GDPR.

  • Push notifications, App Tracking Transparency, IDFA-based attribution and consent-based tracking: Consent — Art. 6(1)(a) GDPR.

  • Tax/accounting retention for transaction records: Legal obligation — Art. 6(1)(c) GDPR.


  1. SERVICE PROVIDERS AND RECIPIENTS

We use service providers and platform providers to operate, secure and improve the app. These recipients process personal data only for the purposes described in this Policy, unless they act as independent platform controllers for their own services, such as app-store payment processing.

We disclose personal data to the following categories of recipients:

Account, login, app integrity and push

  • Recipients: Authentication, app-integrity and push-notification providers.

  • Location: USA/global.

  • Transfer safeguards: DPF and/or SCC where applicable.

Backend, database and app infrastructure

  • Recipients: Cloud hosting and managed-database providers.

  • Location: Mainly EU-hosted.

  • Transfer safeguards: Where access or subprocessing from outside the EEA occurs, appropriate transfer safeguards apply.

Media storage and video rendering

  • Recipients: Cloud media-storage and rendering providers.

  • Location: USA/global.

  • Transfer safeguards: DPF and/or SCC where applicable.

Analytics, session replay, crash reporting and observability

  • Recipients: Product-analytics, session-replay, crash-reporting and observability providers.

  • Location: Mainly EU-hosted.

  • Transfer safeguards: Where access or subprocessing from outside the EEA occurs, appropriate transfer safeguards apply.

Subscriptions and payments

  • Recipients: Subscription-management and app-store payment providers.

  • Location: USA/global.

  • Transfer safeguards: DPF and/or SCC where applicable; app stores may act as independent controllers for platform/payment processing.

Marketing attribution

  • Recipients: Mobile-attribution and ad-measurement providers.

  • Location: EU/EEA, countries with adequacy decisions, and USA/global.

  • Transfer safeguards: Adequacy decisions, DPF and/or SCC where applicable.

Speech, OCR and AI features

  • Recipients: Speech-to-text, OCR and AI content-generation providers.

  • Location: EU and USA/global.

  • Transfer safeguards: DPF and/or SCC where applicable.

You may contact us if you would like more information about the recipients or transfer safeguards relevant to your data.


  1. INTERNATIONAL TRANSFERS

Core structured user and content data, backend compute and the main databases are processed mainly in the EU. Some services, including media rendering/storage, speech-to-text, subscription infrastructure, push delivery, marketing attribution and several AI providers, may process data in the USA or globally.

Where personal data is transferred outside the European Economic Area, we rely on safeguards such as the EU-US Data Privacy Framework for certified providers and/or Standard Contractual Clauses, together with additional safeguards where required.


  1. STORAGE PERIODS

  • Account, profile, learning progress, chat and user content: Usually until account deletion or until the data is no longer needed for the app.

  • Payment and transaction records: As required for accounting and tax retention, generally up to 10 years.

  • Crash and error reporting: Provider default: about 90 days.

  • Session replays: Provider/default configuration: about 30 days.

  • Push and device tokens: Until opt-out, stale-token cleanup or account deletion.

  • Provider logs and AI/API processing: According to provider defaults and commercial API settings, unless a shorter period is configured.

We may keep data longer where required to establish, exercise or defend legal claims, comply with legal obligations, prevent abuse or resolve security incidents.


  1. YOUR PRIVACY RIGHTS

Subject to the conditions under the GDPR, you may have the following rights:

  • Access to your personal data (Art. 15 GDPR)

  • Rectification of inaccurate data (Art. 16 GDPR)

  • Erasure/deletion where the legal requirements are met (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection to processing based on legitimate interests (Art. 21 GDPR)

  • Withdrawal of consent at any time with effect for the future (Art. 7 GDPR)

  • Complaint with a data protection supervisory authority (Art. 77 GDPR)

To exercise your rights or request account/data deletion, contact us at support@gethivemind.app. If the app provides an account deletion function, you may also use that function. Some data may remain where we must keep it for legal reasons, such as tax and accounting records.


  1. TRACKING, ATT AND PUSH NOTIFICATIONS

For iOS App Tracking Transparency, IDFA-based tracking and marketing attribution, we ask for consent where required. This includes attribution through a mobile-attribution provider and Apple SKAdNetwork, including SKAN postbacks involving third-party ad networks. You can change tracking permissions in your device settings.

Push notifications are optional. You can disable them in your device settings or in the app where available.


  1. AI FEATURES AND AUTOMATED DECISIONS

The app uses AI services to generate or prepare learning/content materials, transcribe or synthesize audio, process PDFs and other inputs, support chat/tutor features and personalize recommendations. Inputs may include prompts, search queries, uploaded PDFs, URLs, YouTube links, chat messages and preference or learning signals.

We do not use the app to make solely automated decisions that produce legal effects or similarly significant effects for you within the meaning of Article 22 GDPR. AI-generated content may be identified or labelled as AI-generated where applicable.


  1. CHILDREN AND MINIMUM AGE

The app is intended for users who meet the minimum age stated in the relevant app-store listing, in the app or under applicable law. If you are under 16, use the app only with parental consent where required by law. If we learn that a child has used the app without required consent, we will take appropriate steps, which may include deletion of the relevant data.


  1. CHANGES TO THIS POLICY

We may update this Policy when our services, providers or legal requirements change. If changes are material, we will take reasonable steps to notify you, for example in the app or by another appropriate method.

Questions? Contact us at support@gethivemind.app.

Hivemind Privacy Policy

This Policy explains how Aether Technologies UG (haftungsbeschränkt) processes personal data when you use Hivemind and related app services.



PRIVACY AT A GLANCE

This summary helps you understand the key points. The full policy below gives the complete details.

Controller: Aether Technologies UG (haftungsbeschränkt), Berlin, represented by its CEO Victor Bellu.

Main data: Account, learning, device, upload, voice, subscription, analytics/session replay and AI-input data.

Why we use it: To run the app, save progress, generate and personalize content, manage subscriptions, fix bugs, send optional notifications and measure attribution.

Important sharing: We use infrastructure, analytics, crash, payment, attribution, speech and AI providers. The provider groups are listed below.

Locations: Core structured app/database data is mainly processed in the EU. Some media, AI, speech, subscription, push and attribution providers process data in the USA/global.

Your choices: You can change device permissions, withdraw consent, opt out of tracking/push where available and contact us for GDPR rights or deletion.


  1. CONTROLLER AND CONTACT

The controller responsible for your personal data is:

Aether Technologies UG (haftungsbeschränkt) c/o CODE Education GmbH Donaustraße 44 12043 Berlin Germany

Represented by its CEO Victor Bellu.

Privacy contact: support@gethivemind.app

We have not appointed a data protection officer because we are currently not legally required to do so. Please use the privacy contact above for any privacy questions or requests.


  1. WHAT DATA WE PROCESS

We process different data depending on which app features you use.

Account and login

  • Examples: Email address, name, phone number if provided, profile picture, authentication provider user ID, anonymous auth ID, sign-in provider data, app-integrity tokens.

  • Why we use it: Create and secure your account; provide login and app-integrity protection.

Learning and app use

  • Examples: Viewed content, quiz/progress data, likes, watch events, preferences, skill signals, app settings and session/device identifiers.

  • Why we use it: Provide the app, save progress, personalize recommendations and improve the product.

Device and technical data

  • Examples: Device model, OS/app version, language/locale, time zone, calendar/time format, push tokens, IP address and approximate location.

  • Why we use it: Operate the app, send optional notifications, diagnose issues and protect the service.

Voice input

  • Examples: Microphone audio and transcript when you use voice features.

  • Why we use it: Transcribe your voice request. Audio may be sent directly from your device to a third-party speech-to-text provider.

Uploads and user content

  • Examples: Profile photos, camera/gallery images, uploaded PDFs and extracted text, prompts, searches, URLs, YouTube links, chat messages, profile text, ratings and votes.

  • Why we use it: Use your materials as learning sources, generate AI content and operate chat/tutor features.

Subscriptions and purchases

  • Examples: App user ID, subscription/purchase status, product and transaction IDs, platform receipts, entitlement/wallet data, IDFA/IDFV after ATT consent.

  • Why we use it: Manage subscriptions, entitlements, refunds, trials, conversion logic and accounting. We do not receive card details.

Analytics, crash and quality

  • Examples: Pseudonymous IDs, events, behavior data, device/app metadata, crash/error data, stack traces, AI traces and session-replay recordings.

  • Why we use it: Understand usage, fix bugs, monitor AI quality, secure the app and improve performance.

Marketing attribution

  • Examples: Attribution provider ID, device/install data, IDFA after ATT opt-in and SKAdNetwork postbacks.

  • Why we use it: Measure campaign performance and install attribution.


  1. PURPOSES AND LEGAL BASES

Under the GDPR, each processing purpose needs a legal basis. The main bases are:

  • Account, login, core app functions, learning progress, subscriptions, uploads, chat/tutor and AI generation: Performance of contract — Art. 6(1)(b) GDPR.

  • Product analytics, crash diagnostics, observability, security, abuse prevention and product improvement: Legitimate interests — Art. 6(1)(f) GDPR.

  • Push notifications, App Tracking Transparency, IDFA-based attribution and consent-based tracking: Consent — Art. 6(1)(a) GDPR.

  • Tax/accounting retention for transaction records: Legal obligation — Art. 6(1)(c) GDPR.


  1. SERVICE PROVIDERS AND RECIPIENTS

We use service providers and platform providers to operate, secure and improve the app. These recipients process personal data only for the purposes described in this Policy, unless they act as independent platform controllers for their own services, such as app-store payment processing.

We disclose personal data to the following categories of recipients:

Account, login, app integrity and push

  • Recipients: Authentication, app-integrity and push-notification providers.

  • Location: USA/global.

  • Transfer safeguards: DPF and/or SCC where applicable.

Backend, database and app infrastructure

  • Recipients: Cloud hosting and managed-database providers.

  • Location: Mainly EU-hosted.

  • Transfer safeguards: Where access or subprocessing from outside the EEA occurs, appropriate transfer safeguards apply.

Media storage and video rendering

  • Recipients: Cloud media-storage and rendering providers.

  • Location: USA/global.

  • Transfer safeguards: DPF and/or SCC where applicable.

Analytics, session replay, crash reporting and observability

  • Recipients: Product-analytics, session-replay, crash-reporting and observability providers.

  • Location: Mainly EU-hosted.

  • Transfer safeguards: Where access or subprocessing from outside the EEA occurs, appropriate transfer safeguards apply.

Subscriptions and payments

  • Recipients: Subscription-management and app-store payment providers.

  • Location: USA/global.

  • Transfer safeguards: DPF and/or SCC where applicable; app stores may act as independent controllers for platform/payment processing.

Marketing attribution

  • Recipients: Mobile-attribution and ad-measurement providers.

  • Location: EU/EEA, countries with adequacy decisions, and USA/global.

  • Transfer safeguards: Adequacy decisions, DPF and/or SCC where applicable.

Speech, OCR and AI features

  • Recipients: Speech-to-text, OCR and AI content-generation providers.

  • Location: EU and USA/global.

  • Transfer safeguards: DPF and/or SCC where applicable.

You may contact us if you would like more information about the recipients or transfer safeguards relevant to your data.


  1. INTERNATIONAL TRANSFERS

Core structured user and content data, backend compute and the main databases are processed mainly in the EU. Some services, including media rendering/storage, speech-to-text, subscription infrastructure, push delivery, marketing attribution and several AI providers, may process data in the USA or globally.

Where personal data is transferred outside the European Economic Area, we rely on safeguards such as the EU-US Data Privacy Framework for certified providers and/or Standard Contractual Clauses, together with additional safeguards where required.


  1. STORAGE PERIODS

  • Account, profile, learning progress, chat and user content: Usually until account deletion or until the data is no longer needed for the app.

  • Payment and transaction records: As required for accounting and tax retention, generally up to 10 years.

  • Crash and error reporting: Provider default: about 90 days.

  • Session replays: Provider/default configuration: about 30 days.

  • Push and device tokens: Until opt-out, stale-token cleanup or account deletion.

  • Provider logs and AI/API processing: According to provider defaults and commercial API settings, unless a shorter period is configured.

We may keep data longer where required to establish, exercise or defend legal claims, comply with legal obligations, prevent abuse or resolve security incidents.


  1. YOUR PRIVACY RIGHTS

Subject to the conditions under the GDPR, you may have the following rights:

  • Access to your personal data (Art. 15 GDPR)

  • Rectification of inaccurate data (Art. 16 GDPR)

  • Erasure/deletion where the legal requirements are met (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection to processing based on legitimate interests (Art. 21 GDPR)

  • Withdrawal of consent at any time with effect for the future (Art. 7 GDPR)

  • Complaint with a data protection supervisory authority (Art. 77 GDPR)

To exercise your rights or request account/data deletion, contact us at support@gethivemind.app. If the app provides an account deletion function, you may also use that function. Some data may remain where we must keep it for legal reasons, such as tax and accounting records.


  1. TRACKING, ATT AND PUSH NOTIFICATIONS

For iOS App Tracking Transparency, IDFA-based tracking and marketing attribution, we ask for consent where required. This includes attribution through a mobile-attribution provider and Apple SKAdNetwork, including SKAN postbacks involving third-party ad networks. You can change tracking permissions in your device settings.

Push notifications are optional. You can disable them in your device settings or in the app where available.


  1. AI FEATURES AND AUTOMATED DECISIONS

The app uses AI services to generate or prepare learning/content materials, transcribe or synthesize audio, process PDFs and other inputs, support chat/tutor features and personalize recommendations. Inputs may include prompts, search queries, uploaded PDFs, URLs, YouTube links, chat messages and preference or learning signals.

We do not use the app to make solely automated decisions that produce legal effects or similarly significant effects for you within the meaning of Article 22 GDPR. AI-generated content may be identified or labelled as AI-generated where applicable.


  1. CHILDREN AND MINIMUM AGE

The app is intended for users who meet the minimum age stated in the relevant app-store listing, in the app or under applicable law. If you are under 16, use the app only with parental consent where required by law. If we learn that a child has used the app without required consent, we will take appropriate steps, which may include deletion of the relevant data.


  1. CHANGES TO THIS POLICY

We may update this Policy when our services, providers or legal requirements change. If changes are material, we will take reasonable steps to notify you, for example in the app or by another appropriate method.

Questions? Contact us at support@gethivemind.app.