Effective Date: 30 July 2025 Last Updated: 30 July 2025
This Privacy & Data‑Protection Policy (the “Policy”) explains how Minds Journal Private Limited (“Minds Journal,” “we,” “our,” or “us“) collects, uses, shares, stores, and protects your personal information when you access or use our websites, sub‑domains, community platforms, Android application, future iOS application, newsletters, push notifications, and any other services we operate (collectively, the “Services”).
By accessing or using the Services, you acknowledge that you have read and understood this Policy and agree to the collection and use of information in accordance with it. If you do not agree, please do not use the Services.
Data‑Protection Officer (DPO) / Grievance Officer:
Name: Sakshi Choudhary Email: [email protected] Postal: Module 18, Floor 14, Bengal Eco Intelligent Park, EM 3, Sector 5, Salt Lake City, Kolkata 700091, India
1. Definitions
- “Personal Data” / “Personal Information” means any information relating to an identified or identifiable individual.
- “Processing” means any operation performed on Personal Data, whether automated or not.
- “Sensitive Data” includes information about health, race, ethnicity, or other special categories as defined by law.
2 · Third‑Party Services We Use
We rely on a limited set of trusted third‑party platforms, plugins, and SDKs to deliver core functionality. Each vendor processes data only for the purpose listed below and under a Data‑Processing Agreement (DPA) with Minds Journal.
| Service / Vendor | Key Data Collected | Primary Purpose | Opt‑out / Learn More |
| BuddyBoss Platform (self‑hosted) | Profile fields, follower graph, private messages stored in our database | Community social features | Delete account ⇢ data purged within 90 days |
| GamiPress (WordPress plugin) | Action logs (post IDs, timestamps), point balances, badge status | Gamification & leaderboards | Reset points via Support; records auto‑deleted after 24 months or on account deletion |
| Google Identity Services (OAuth 2.0 Sign‑In) | Google ID token, name, e‑mail | Single‑sign‑on authentication | Disconnect in Google Account > Security > Third‑party apps |
| Firebase Cloud Messaging / OneSignal | Device push token, app instance ID | Mobile & web push notifications | Disable notifications in App > Settings or OS settings |
| Google Analytics (GA4) | Pseudonymised usage data, truncated IP | Site/app analytics & performance | Browser opt‑out add‑on; Cookie banner │ |
| Adnimation & Prebid.js Header‑Bidding Partners | Cookie IDs, ad impression metrics | Programmatic advertising & frequency capping | AdChoices icon on each ad; CMP “Ad Personalisation” toggle |
Full vendor list & real‑time updates are maintained at /legal/vendor‑list; material additions are notified via the Cookie Preferences Centre.
3. Scope & Jurisdictional Compliance
This Policy applies worldwide and is designed to comply with, among others:
- EU / UK GDPR
- California CCPA / CPRA
- Brazil LGPD
- India Digital Personal Data Protection Act 2023 (DPDP)
- Singapore PDPA, South Africa POPIA, and other applicable laws
4. Information We Collect & How We Collect It
| Category | Examples | Source | Purpose |
| Account Data | Name, email, username, date‑of‑birth, password hash | Provided by you | Create & secure account |
| Profile Content | Bio, profile photo, interests, links | Provided by you | Personalise experience |
| UGC | Posts, comments, photos, videos, messages | Provided by you; generated in‑app | Publish & moderate content |
| Usage Data | Pages viewed, interactions, timestamps, referring URL | Automated (cookies, SDKs, server logs) | Analytics, security, product improvement |
| Device & Technical | IP address, browser type, OS, device ID, app version, push‑token, advertising ID | Automated | Operate Services, analytics, fraud prevention |
| Location (approximate) | Country, city (derived from IP) | Automated | Content localisation, legal compliance |
| Marketing Preferences | Newsletter opt‑in, push consent | Provided by you | Send promotional communication |
| Payment Data | Transaction ID, last 4 digits, billing country (handled by app stores/payment processors) | Third‑party provider | Process Paid Services, fraud detection |
We do not intentionally collect sensitive Personal Data (e.g., health data) unless you choose to post it publicly.
5. Legal Bases for Processing (GDPR Article 6)
| Purpose | Legal Basis |
| Provide and maintain the Services | Contract (Art 6‑1‑b) |
| Personalise content, leaderboards, and notifications | Legitimate interest (Art 6‑1‑f) |
| Send marketing emails / push notifications | Consent (Art 6‑1‑a) |
| Analytics & service improvement | Legitimate interest; Consent where required |
| Comply with legal obligations (e.g., DMCA, IT Rules 2021) | Legal obligation (Art 6‑1‑c) |
| Protect rights, prevent fraud | Legitimate interest |
Where consent is the legal basis, you may withdraw it at any time without affecting prior processing.
6. Cookies & Tracking Technologies
We use first‑party and third‑party cookies, SDKs, pixels, and similar technologies to:
- Authenticate Users and maintain sessions (essential).
- Analyse traffic and performance (analytics cookies, e.g., Google Analytics GA4).
- Deliver contextual or personalised ads (advertising cookies/SKAdNetwork).
- Enable social‑media integrations.
EU/UK Users: A granular consent banner is displayed on first visit in compliance with the ePrivacy Directive and IAB TCF v2.2. You may adjust preferences at any time via our “Cookie Settings” link.
Mobile Users: We honour Android/Apple “Opt‑out of Ads” settings. Push tokens are stored solely for delivering notifications you consented to and can be revoked in app settings.
7. How We Share or Disclose Your Information
| Recipient | Reason | Safeguards |
| Service Providers (hosting, CDN, analytics, email, customer support) | Operate and improve Services | Data‑processing agreements; least‑privilege access |
| Advertising Partners (e.g., Google AdSense, OpenX) | Serve ads and measure performance | Standard Contractual Clauses (SCCs); opt‑out mechanisms |
| Payment Processors / App Stores | Complete transactions | PCI‑DSS compliance; tokenised data |
| Legal/Regulatory Authorities | Respond to lawful requests, court orders, or to protect rights | Verified request procedure |
| Corporate Transactions | Merger, acquisition, or asset sale | Notice to Users + data‑protection continuity |
| Other Users | Display UGC, leaderboards, profile info you set to “public” | User privacy settings |
We do not sell Personal Data for money. Under CCPA/CPRA, some sharing for targeted advertising may be considered a “sale or share”; Users can opt‑out via the “Do Not Sell or Share My Information” link.
8. International Data Transfers
Our primary servers are located in [region]. Personal Data may be transferred and processed outside your country.
- EU/UK → India/US Transfers: safeguarded by Standard Contractual Clauses (SCCs) and supplementary measures (encryption in transit/at rest, strict access control).
- Brazil LGPD: Transfers rely on SCC‑equivalent contractual clauses.
9. Data Retention & Deletion
| Data Category | Standard Retention | Deletion Trigger |
| Active Account Data | While Account remains active | Account deletion by User |
| Back‑up Copies | Up to 90 days | Automated purge cycle |
| Log Files | 12 months | Aggregated/anonymised thereafter |
| Marketing Consent Records | 5 years (legal defence) | Consent withdrawal + statutory period |
| Financial Records | 8 years (Indian tax law) | Legal requirement expiry |
When retention expires, data is securely deleted or irreversibly anonymised.
10. Your Privacy Rights
| Jurisdiction | Rights |
| EU/UK (GDPR) | Access, Rectification, Erasure, Restriction, Portability, Objection, Lodge complaint with supervisory authority |
| California (CCPA/CPRA) | Know, Correct, Delete, Opt‑out of Sale/Share, Limit Use of Sensitive Data, No retaliation |
| Brazil (LGPD) | Confirm processing, Access, Correction, Anonymisation, Deletion, Portability, Revoke consent |
| India (DPDP 2023) | Access, Correction, Erasure, Grievance redressal |
| South Africa (POPIA), Singapore (PDPA) | Similar access and correction rights |
We will respond within the legally required timeframe (GDPR: 1 month; CCPA: 45 days, etc.). Identity verification is required.
11. How to Exercise Your Rights
- Self‑service: Privacy dashboard → Account Settings > Privacy & Data.
- Email: [email protected] (Subject: “Data Request”).
- Postal: Attn: DPO / Grievance Officer, [address].
If you are dissatisfied, you may lodge a complaint with your local supervisory authority (e.g., ICO UK, CNIL France, ANPD Brazil).
12. Security Measures
- Encryption: HTTPS/TLS 1.3 for data‑in‑transit; AES‑256 at rest for critical tables.
- Access Control: Role‑based, least privilege, MFA for admin accounts.
- Network Security: WAF, DDoS mitigation, continuous vulnerability scanning.
- Incident Response: 24/7 monitoring; breach notification within 72 hours (GDPR) / as required by law.
- Bug Bounty: [email protected] following ISO/IEC 29147.
13. Children’s Privacy
We do not knowingly collect Personal Data from children under 13 years (or higher age threshold dictated by local law). If we learn that we inadvertently processed such data, we will delete it promptly. Parents/guardians may contact us at [email protected] to request deletion.
14. Automated Decision‑Making & Profiling
We use limited automated processing to:
- Detect spam, fraud, or policy violations.
- Rank popular posts and allocate leaderboard points.
These processes have no legal or similarly significant effects on Users. You may request human review of a decision that affects you.
15. Third‑Party Sites & Integrations
The Services may contain links to external websites, plug‑ins, or widgets operated by third parties (e.g., social‑media “share” buttons). Your interactions with third‑party properties are governed by their own privacy policies, not this Policy. Minds Journal is not responsible for the content, security, or privacy practices of such third parties.
When you use a third‑party login (e.g., “Sign in with Google”), we receive only the authorised profile information necessary to create or link your Account. You can revoke access in your third‑party account settings at any time.
16. Do Not Track (DNT) & Global Privacy Control (GPC)
Some browsers transmit “Do Not Track” signals or the newer “Global Privacy Control” header. Our Services currently honour GPC signals for U.S. and EU/UK Users by automatically opting you out of “sale/share” of Personal Data for cross‑context behavioural advertising. We do not respond to legacy DNT signals because no industry standard has been adopted.
17. Changes to This Policy
We may update this Policy from time to time to reflect changes in law, technology, or our practices. Material changes will be notified at least 14 days in advance via (a) email to registered Users, (b) in‑app notification, or (c) prominent banner on our site. The “Last Updated” date at the top will be revised. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.
18. Contact, Questions & Complaints
- E‑mail (primary): [email protected]
- Postal: Attn: DPO / Grievance Officer, Minds Journal Private Limited, [address]
- EU/UK Representative (GDPR Art 27): [name & address]
If you believe we have not adequately resolved your concern, you have the right to lodge a complaint with your local supervisory authority:
- EU: Find your authority at https://edpb.europa.eu/
- UK: Information Commissioner’s Office (ICO)
- Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
- India: Data Protection Board (once operational)
- USA (California): California Privacy Protection Agency (CPPA)
19. Regional Supplements
19.1 European Economic Area & United Kingdom
- Controller: Minds Journal Private Limited.
- Data Transfers: Rely on Standard Contractual Clauses + supplementary measures.
- Lawful Basis Overrides: Where we rely on legitimate interests, we have conducted balancing tests available on request.
- Automated Decision Review: You may request human intervention under GDPR Art 22.
19.2 California (CCPA/CPRA)
- Categories Disclosed: Identifiers, internet activity, geolocation data, inferences.
- Sensitive Personal Information: We do not process sensitive categories for inferring characteristics.
- Shine the Light: We do not share Personal Data for direct marketing of third parties.
- Appeals: Denied requests can be appealed within 60 days via [email protected].
19.3 Brazil (LGPD)
- Controller Contact: [email protected] (Assunto: “Encarregado LGPD”).
- Legal Bases: Art. 7, incisos I, II, V, VI, and IX.
- Data Subject Requests: Responded within 15 days.
19.4 India (DPDP 2023)
Significant Data Fiduciary Status: Currently not applicable; reassessed annually.
Data Fiduciary: Minds Journal Private Limited.
Grievance Redressal: [email protected] (resolved within 7 working days).
Cookie & Tracking Technologies Policy
Effective Date: 30 July 2025 Last Updated: 30 July 2025
This Cookie & Tracking Technologies Policy (the “Cookie Policy”) explains how Minds Journal Private Limited (“Minds Journal,” “we,” “our,” or “us”) uses cookies, software development kits (SDKs), pixels, local storage, and similar technologies (collectively, “Cookies”) on our websites, sub‑domains, Android application, and future iOS application (the “Services”). It should be read together with our Privacy & Data‑Protection Policy.
Key Point: We only place non‑essential Cookies (analytics, advertising, social‑sharing) on your device after we obtain consent where required by law (e.g., EU/UK, Brazil, California). You can adjust or withdraw consent at any time via our Cookie Preferences Centre.
A. What Are Cookies?
“Cookies” are small text files or code placed on your browser or device when you visit a website or open a mobile app. They perform a variety of functions, such as remembering your preferences, enabling secure login, measuring audience size, and personalising content.
B. Types of Cookies We Use
| Category | Purpose | Examples | Retention |
| Strictly Necessary / Authentication | Enable secure login, session management, fraud prevention. | __Host-session, cf_bm, oauth_google_nonce, g_state, accounts.google.com session cookies | Session / up to 24 h |
| Functional | Remember choices (language, theme) and enhance features (video playback). | user_lang, theme_pref | 30 days – 12 months |
| Analytics & Performance | Understand usage patterns, improve products, A/B testing. | Google Analytics (GA4) _ga, Amplitude amp_* | 30 mins – 24 months |
| Advertising & Marketing | Serve relevant ads, limit ad frequency, measure campaign efficacy. | Google AdSense IDE, Prebid pbjs_*, Facebook Pixel fr | 90 days – 13 months |
| Social Media & Single Sign‑On | Facilitate Google Sign‑In, sharing to Facebook/Twitter. | SID, LSID (Google), fbm_*, twitter_sess | Session / up to 12 months |
| Local Storage / SDK Identifiers (Mobile) | Store app settings, push‑notification tokens, advertising ID. | AsyncStorage@settings, Firebase Instance ID | Persistent until app uninstall or user reset |
Note: Specific Cookie names may change as we update our Services. The live “Cookie Preferences Centre” contains an updated list.
C. Legal Grounds for Using Cookies Legal Grounds for Using Cookies
- Strictly Necessary Cookies: Legitimate interest / contract fulfilment.
- Functional & Analytics Cookies: Legitimate interest or consent (where local law requires).
- Advertising & Social‑Media Cookies: Consent (EU/UK GDPR, Brazil LGPD, California CPRA “sale/share” opt‑out).
D. Consent Management & Control
- Granular Consent Banner (EU/UK, Brazil, South Korea): Shown on first visit; operates under IAB TCF v2.2.
- Cookie Preferences Centre: Accessible anytime via footer link “Cookie Settings.”
- California & U.S. States (CPRA, CPA, CTDPA): “Do Not Sell or Share My Personal Information” link opts out of Advertising Cookies.
- Global Privacy Control (GPC): We honour GPC signals by disabling Advertising Cookies and setting a “do_not_sell” flag.
- Mobile App Opt‑Out: We respect “Limit Ad Tracking” (iOS) and “Opt‑out of Ads Personalisation” (Android). You can also clear app data to remove stored identifiers.
E. Third‑Party Cookies & SDKs
Third‑party providers may place their own Cookies when you visit our Services or use Google Sign‑In. We contractually require them to process data only for specified purposes and to honour user consent signals.
| Provider | Purpose | Opt‑out/Docs |
| Google Identity Services (OAuth 2.0 / Sign‑In) | Single‑sign‑on authentication; issues ID & access tokens; sets secure cookies on accounts.google.com. | Google Privacy & Terms https://policies.google.com/privacy; revoke access in Google Account > Security > Third‑party apps |
| Google Analytics GA4 | Site usage analytics | https://tools.google.com/dlpage/gaoptout |
| Google AdSense / Ad Manager | Display advertising | Ad‑Choices icon on each ad; Cookie banner |
| Meta (Facebook) Pixel | Ad conversion tracking | Network Advertising Initiative (https://optout.networkadvertising.org) |
| Prebid.js Partners | Header‑bidding ads | Managed via Consent Management Platform |
F. How to Manage Cookies How to Manage Cookies
- Browser Settings: You may block or delete Cookies via your browser’s preferences. Note: essential Cookies are required for core functionality (e.g., login).
- Device Settings (Mobile): Reset Advertising ID (AAID/IDFA) in Android/iOS settings.
- Third‑Party Opt‑outs: Use industry opt‑out tools (NAI, DAA, EDAA).
- Local Storage: Clear app storage or uninstall to remove persistent identifiers.
G. Do Not Track (DNT)
Because there is no industry standard for DNT, we do not respond to DNT signals. Instead, we honour the newer Global Privacy Control (GPC) header.
H. Changes to This Cookie Policy
We may update this Cookie Policy as our use of technology evolves. Material changes will be notified 14 days in advance via banner and/or in‑app notification. The “Last Updated” date will reflect the latest revision.
I. Contact Us
If you have questions about this Cookie Policy or our data practices, please email [email protected] or write to:
Data‑Protection Officer, Minds Journal Private Limited, Module 18, Floor 14, Bengal Eco Intelligent Park, EM 3, Sector 5, Salt Lake City, Kolkata 700091, India.