Privacy Policy

Effective Date: March 9, 2026  |  Last Updated: March 9, 2026

1. Introduction

Space AI Labs ("Company", "we", "us", "our") operates the ChartMind mobile application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you access or use our Service.

This Privacy Policy applies to all users of the Service worldwide. By accessing or using ChartMind, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must discontinue use of the Service immediately.

We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent revision. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

2. Information We Collect

2.1 Account Information

When you create an account through third-party authentication providers, we collect:

• Full name and email address (provided by Google Sign-In or Apple Sign-In)
• Profile photograph (from your authentication provider)
• Unique user identifier assigned by the authentication provider
• Authentication tokens necessary for session management

We do not collect or store your passwords. Authentication is handled entirely by Google or Apple.

2.2 Chart Images and Analysis Data

When you use the chart analysis feature:

• Chart images you upload or capture with your device camera are transmitted to our servers for AI processing
• Images are processed through our AI analysis pipeline (utilizing OpenAI, Anthropic, and/or Google AI services) and are automatically and permanently deleted within 24 hours of analysis completion
• Analysis results (text-based predictions, pattern identifications, and technical assessments) are stored in your account history and may be deleted by you at any time
• We do not use your chart images for training AI models, advertising, or any purpose other than providing you with analysis results

2.3 Usage and Device Data

We automatically collect certain technical information:

• Device information: manufacturer, model, operating system type and version, screen resolution
• Application version, build number, and installation source
• Usage analytics: features accessed, screens visited, interaction patterns, session duration
• Performance data: crash reports, error logs, application latency metrics
• Network information: connection type (Wi-Fi, cellular), general geographic region (country-level, not precise location)

2.4 Camera and Photo Library Access

ChartMind requests access to your device's camera and photo library solely to enable chart capture and gallery-based analysis features. Camera access is entirely optional — you may always upload images from your gallery instead. Camera and photo data is used exclusively for chart analysis and is never accessed, stored, or used for any other purpose, including facial recognition, biometric analysis, or advertising.

2.5 Push Notification Tokens

With your explicit opt-in consent, we collect push notification tokens (via Firebase Cloud Messaging or Apple Push Notification Service) to deliver price alerts, analysis completion notifications, and critical service updates. You may revoke notification permissions at any time through your device settings.

2.6 Subscription and Payment Information

Subscription transactions are processed entirely by Apple (App Store) or Google (Play Store). We receive only:

• Subscription status (active, expired, trial)
• Subscription tier (free, premium)
• Transaction identifiers for entitlement verification

We do not collect, process, store, or have access to your credit card numbers, bank account details, billing addresses, or any other financial payment information. All payment processing is handled by Apple, Google, and our subscription management partner RevenueCat, subject to their respective privacy policies.

2.7 User-Generated Content

If you use social features (Ideas, Forum, Comments), we collect the content you voluntarily submit, including text, images, and interactions (likes, comments). This content may be visible to other users of the Service.

3. How We Use Your Information

We use collected information strictly for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve the core functionality of ChartMind
• AI Analysis: To process chart images through our artificial intelligence pipeline and deliver analysis results
• Account Management: To create, authenticate, and manage your user account and subscription entitlements
• Communications: To send push notifications for price alerts, analysis results, and essential service updates (with your consent)
• Analytics: To monitor usage trends, diagnose technical issues, and improve Service performance and user experience
• Safety: To detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests

We do not use your information for behavioral advertising, profiling for credit scoring, automated decision-making with legal effects, or selling/renting to third parties.

4. Third-Party Services and Data Sharing

We share information with the following categories of third-party service providers, solely to the extent necessary to operate the Service:

4.1 AI Analysis Providers

• OpenAI, Anthropic (Claude), Google AI (Gemini): Chart images are transmitted to these providers for AI-powered analysis. Images are processed in accordance with each provider's data processing agreements and are not used by these providers for model training when processed via their API services.

4.2 Infrastructure and Authentication

• Firebase (Google Cloud): Authentication services, push notification delivery, crash reporting (Crashlytics)
• Amazon Web Services (AWS): Server infrastructure, data storage, and processing
• Cloudflare: DNS management, DDoS protection, and content delivery

4.3 Subscription Management

• RevenueCat: Subscription lifecycle management, entitlement verification, and anonymous purchase analytics
• Apple App Store / Google Play Store: Payment processing and subscription billing

4.4 Market Data

• Market data providers (CoinGecko, Yahoo Finance, exchange APIs): Real-time and historical pricing data. No personal information is shared with these providers.

We do not sell, rent, lease, or trade your personal information to any third party for their own marketing or commercial purposes. We may disclose information if required by law, court order, subpoena, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including but not limited to:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS)
• Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 or equivalent encryption standards
• Access Controls: Strict role-based access controls, multi-factor authentication for administrative systems, and principle of least privilege
• Security Monitoring: Continuous monitoring, intrusion detection, and regular vulnerability assessments
• Incident Response: Documented incident response procedures with notification obligations under applicable data protection laws

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users and relevant authorities in the event of a data breach as required by applicable law.

6. Data Retention

• Chart images: Automatically and permanently deleted within 24 hours of analysis completion
• Analysis results: Retained in your account history until you delete them or delete your account
• Account data: Retained for the duration of your account. Upon account deletion, all personal data is purged within 30 days, except where retention is required by law
• Usage analytics: Aggregated and anonymized within 90 days. Anonymized data may be retained indefinitely for statistical purposes
• Server logs: Automatically purged after 90 days
• Backup copies: Removed from backup systems within 60 days of deletion from primary systems

7. Your Rights Under Applicable Law

Regardless of your jurisdiction, we respect the following data subject rights:

7.1 Universal Rights

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Request your data in a structured, commonly used, machine-readable format
• Right to Withdraw Consent: Withdraw consent for data processing at any time without affecting the lawfulness of processing prior to withdrawal
• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Request temporary restriction of processing in certain circumstances

7.2 European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data is processed under the General Data Protection Regulation (GDPR). Our lawful bases for processing include:

• Consent: For push notifications, marketing communications, and optional data collection
• Performance of Contract: For providing the core Service functionality
• Legitimate Interests: For analytics, security, and service improvement (balanced against your rights)
• Legal Obligation: For compliance with applicable laws and regulations

You have the right to lodge a complaint with your local Data Protection Authority (DPA). For cross-border transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

7.3 California (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• We do not sell personal information as defined by the CCPA
• We do not share personal information for cross-context behavioral advertising
• You have the right to know what personal information we collect, use, and disclose
• You have the right to delete your personal information
• You have the right to non-discrimination for exercising your CCPA rights
• You may designate an authorized agent to exercise your rights on your behalf

7.4 Brazil (LGPD)

If you are a Brazilian resident, your data is protected under the Lei Geral de Proteção de Dados (LGPD). You have the right to access, correct, delete, and port your data, and to be informed about shared processing.

7.5 Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate, including but not limited to Turkey (KVKK), South Korea (PIPA), Japan (APPI), Australia (Privacy Act), and Canada (PIPEDA).

To exercise any of your data rights, contact us at privacy@spaceailabs.ai. We will respond within 30 days (or sooner as required by applicable law).

8. International Data Transfers

Your information may be transferred to, and processed in, countries other than your country of residence, including the United States and European Union member states. These countries may have different data protection laws than your jurisdiction.

When we transfer data internationally, we ensure adequate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements (DPAs) with all service providers
• Adequacy decisions where applicable
• Additional technical and organizational measures (encryption, pseudonymization) as appropriate

9. Children's Privacy

ChartMind is not intended for, directed at, or designed to attract individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you are under 18, do not use the Service, and do not provide any personal information to us.

If we learn that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete such information. If you believe a child has provided us with personal information, please contact us immediately at privacy@spaceailabs.ai.

10. Cookies and Tracking Technologies

The ChartMind mobile application does not use cookies. Our website (chartmind.space) may use essential cookies strictly necessary for site functionality. We do not use advertising cookies, tracking pixels, or third-party analytics cookies on our website.

11. Do Not Track Signals

We honor Do Not Track (DNT) signals transmitted by your browser. When DNT is enabled, we limit data collection to what is strictly necessary for Service operation.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated through:

• Updating the "Last Updated" date at the top of this page
• In-app notification for significant changes
• Email notification for material changes affecting your rights (where feasible)

Your continued use of the Service after the effective date of any modification constitutes your acceptance of the updated Privacy Policy. If you do not agree to the modified terms, you must stop using the Service and delete your account.

13. Contact Information

For privacy-related inquiries, data subject access requests, or complaints regarding this Privacy Policy:

• Privacy Email: privacy@spaceailabs.ai
• General Email: m.aliud@spaceailabs.ai
• Company: Space AI Labs
• Website: https://chartmind.space

We aim to respond to all legitimate requests within 30 days. In complex cases, we may extend this by an additional 60 days, and we will inform you of any such extension.