Privacy Policy

Effective date: May 10, 2026. Last updated: May 10, 2026.

CEO Mind is a voice journaling app for founders, built and operated by Lotem Taba(sole proprietor, Israel). This policy explains what data the app collects, how it's used, and the choices you have. We've tried to write it in plain English. If anything is unclear, email us at legal@ceomind.dev.

1. What we collect

When you use CEO Mind, the following data is created and stored on our servers:

• Account info — email address, password hash (managed by Firebase Authentication, never stored in plaintext), and an optional display name.
• Voice recordings (transient) — when you record a session, audio is captured on your device and sent to our backend for transcription. The audio bytes are never written to our database or persistent storage. They live in memory only long enough to be transcribed, then are discarded.
• Transcripts — the text version of your sessions. These are stored in your private vault.
• Session analyses — AI-generated reflections, themes, action items, and mood tags derived from your transcripts.
• Calendar events, goals, tasks, categories — items you create through the app, by voice or manually.
• Profile preferences — your role, language preference, reminder settings, and similar settings you configure.
• Crash and error logs — when the app crashes or hits an unexpected error, we log it via Sentry. We send your account user ID to correlate errors per user; we do not send your email, name, or transcript content.

We do not collect your phone's contacts, photos, location, or any other data the app doesn't directly need to function.

2. How we use it

Your data is used only to provide the app's features:

• Transcribe your voice sessions and make them readable.
• Generate AI reflections, themes, and action items.
• Schedule local reminders for events you create.
• Show you your own history, goals, and progress over time.
• Diagnose crashes and bugs so we can fix them.

We do not sell your data. We do not share it with advertisers. We do not use it to train AI models — neither our own nor anyone else's.

3. Sub-processors (who else touches your data)

To run the app, we route data through a small number of trusted third parties. Each one processes only what it needs and is contractually prohibited from using your data for their own purposes.

• Google / Firebase — hosts our database (Firestore), authentication, and backend functions. Located in the US. Firebase privacy.
• Groq— transcribes your voice recordings to text. Per Groq's API terms, audio submitted via the API is not retained after processing and is not used to train models. Groq privacy.
• OpenAI— generates AI reflections from your transcripts. Per OpenAI's API data policy, content sent through the API is not used to train models and is retained for a maximum of 30 days for abuse monitoring (or zero retention with their zero-retention configuration). OpenAI privacy.
• Sentry — error and crash reporting. Receives anonymized error events with a user ID hash, no PII. Sentry privacy.
• Apple App Store / Google Play — when you subscribe to a paid plan, payment is processed by Apple or Google, not us. We never see your card details.

4. Data retention

• Audio recordings — never stored. Discarded as soon as transcription completes.
• Transcripts and analyses — kept until you delete the session, or indefinitely as long as your account exists.
• Account data — kept until you delete your account. Once deleted, all of your data is removed from our database within 24 hours and from third-party caches (Firebase backups, etc.) within 30 days.
• Crash logs (Sentry) — retained for 90 days, then automatically deleted.

5. Your rights

You have the right to:

• Access your data — open the app and you can see everything we have on you.
• Correct any data — edit sessions, events, goals, profile fields directly in the app.
• Deleteyour account — Profile screen → "Delete account". This permanently removes all your data.
• Export your data — email legal@ceomind.devand we'll send your full data within 30 days.
• Object or restrict processing(EU/UK residents under GDPR) — email us and we'll honor the request.
• Lodge a complaintwith your local data protection authority if you believe we're mishandling your data.

6. Security

Your data is encrypted in transit (HTTPS / TLS 1.2+) and at rest (Firestore default encryption). Your password is never stored — Firebase Authentication stores a salted hash. API keys for our AI providers (OpenAI, Groq) live only on our backend, never in the app you install.

Despite our best efforts, no system is 100% secure. If we ever experience a breach affecting your data, we will notify you within 72 hours of becoming aware of it.

7. Children

CEO Mind is not designed for children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, email legal@ceomind.devand we'll delete the account.

8. International data transfers

We are based in Israel. Some sub-processors (Firebase, OpenAI, Groq, Sentry) are located in the United States. By using the app you consent to your data being transferred and processed in the US. The US has been recognized by the European Commission as providing an adequate level of protection through the EU-US Data Privacy Framework.

9. Changes to this policy

If we materially change this policy, we'll notify you in-app and via email at least 14 days before the change takes effect. The current version is always linked from the app's Profile screen and at ceomind.dev/privacy.

10. Contact

Privacy questions, data requests, or concerns: legal@ceomind.dev.
General support: support@ceomind.dev.