privacy

mind.exe runs entirely on your device. nothing you write, record, or generate is sent to a server. there are no accounts, no analytics, no tracking, no third-party SDKs. we have no way to read your data because your data never leaves the browser tab.

• your daily reckonings, pattern interrupts, the testimony, profile, and settings live in your browser's local IndexedDB.
• every record is encrypted at rest with AES-GCM 256, using a key derived from your recovery phrase via PBKDF2 (600,000 iterations of SHA-256). the key only exists in memory while the app is unlocked, and is wiped when the tab closes or you press lock.
• if you enroll a passkey, the WebAuthn PRF extension is used to wrap the recovery phrase so you can unlock biometrically. the passkey itself is held by your operating system / browser; we never see it.

• your name, email, phone number, or any identifier (we don't ask).
• device fingerprints, behavioural-tracking cookies, A/B-test identifiers, advertising identifiers, or crash reports tied to your account.
• any of the content you write — reckonings, interrupts, the testimony, anchors, inventory entries, quiz answers — those never leave your device.

we use vercel's built-in analytics to count page views and unique-visitor pings so we can tell whether anyone's using the app. it is cookieless, does not fingerprint your device, does not set advertising IDs, and is GDPR / CCPA-compliant by design. it sees: which page you visited, the referrer, your country (not city), and a coarse device class (desktop / mobile). it does not see: who you are, what you wrote, or anything inside your encrypted IndexedDB.

we use this only as a rough dial on whether the site is being used. nothing about you is identifiable to us. if you want to suppress even this, use a privacy-respecting browser or disable JavaScript on this domain — the app will still work locally.

the static files are served from a hosting provider. that provider sees standard request metadata (your IP, user-agent, requested URL) for the milliseconds it takes to deliver the page. no cookies are set. no session is established. content is delivered, the connection closes, and the app runs locally from there.

you can export your data as a markdown file (single reckoning or the full journal) and share it with whomever you choose. once you press export, the file is on your device. what happens next is up to you. exports are plain text. they are not encrypted.

we cannot recover your data. there is no "reset password" flow because there is no server holding a backup. this is a deliberate trade-off: data privacy in exchange for an irreversible failure mode if the phrase is lost.

mind.exe has no social layer. there is no network of other users to compare yourself against, no leaderboard, no shared streak, no public badges, no “achievements,” no community feed. the architecture cannot support it because there is no server holding your data. this is intentional. anything else would turn the work into a performance.

mind.exe is not intended for users under 18. the subject matter (compulsive-behavior recovery, addiction patterns) is for adults. we do not knowingly target or collect from minors.

mind.exe is a self-reflection tool. it is not therapy, not a medical device, and not a substitute for professional medical, psychological, or psychiatric care. if you are in crisis, reach a crisis line.

if this policy changes materially — for instance, if optional cloud-sync is ever added — it will be reflected here, dated, and called out in-app on the next launch after the change.

this app is a small project. contact details are intentionally minimal. if you need to reach us, the support contact is listed in the app store / hosting provider's page.