Legal

Privacy Policy

Effective Date: April 15th, 2026

Last Updated: April 15th, 2026

This Privacy Policy explains how Mendly ('we,' 'us,' or 'our'), operated by Christopher Joseph Puthiakunnel, collects, uses, stores, and protects your personal information when you use the Mendly mobile application ('App'). By using Mendly, you agree to the practices described in this policy. If you do not agree, please do not use the App.

Mendly is designed with privacy as a core value. Your voice recordings are yours. Your data is not sold. You are in control.

Section 1 — Who We Are

Mendly is a self-awareness and self-compassion app operated by Christopher Joseph Puthiakunnel as an individual. When Mendly is incorporated as a legal entity in Malaysia, this policy will be updated to reflect the registered business details. Until then, all data-related enquiries should be directed to: chris@getmendly.app.

Section 2 — What We Collect and Why

We collect only the data necessary to provide and improve Mendly.

2.1 Account Information

When you create an account, we collect:

  • Your name (optional display name)
  • Email address
  • Authentication credentials (managed securely via Firebase Authentication)

This is used to create and maintain your account and to communicate with you about your account or subscription.

2.2 Usage Data

We collect anonymised usage data to understand how the App is used and to improve it. This includes:

  • Tap events (timestamps, not content)
  • Feature interactions (e.g. which sections of the App you visit)
  • Session length and frequency
  • Device type, operating system version, and app version
  • Crash reports and error logs

This data is collected via PostHog and is used solely for product analytics and debugging. It is not linked to your identity and is not sold.

2.3 Voice Recordings

If you choose to leave a voice note, your recording is stored securely in Firebase Storage. Voice recordings are private and associated only with your account. We do not listen to, transcribe, or analyse your voice recordings unless you have explicitly opted in to research use (see Section 3). You can delete individual recordings or all recordings at any time from within the App. Recordings are permanently deleted upon account deletion.

2.4 Subscription Data

Subscription and payment data is managed by RevenueCat and Apple. We do not store your payment card details. We receive information about your subscription status (active, cancelled, trial) to unlock premium features.

2.5 Data We Do Not Collect

We do not collect:

  • Your location
  • Your contacts or address book
  • Data from other apps on your device
  • Any biometric data
  • Any information about your mental health diagnoses or clinical history

Section 3 — Optional Research Use of Voice Data

Mendly may in future offer you the option to contribute anonymised voice recordings to research aimed at improving the App and understanding patterns in self-talk. This is entirely optional and requires explicit, informed opt-in consent. It is not enabled by default.

If you opt in:

  • Your voice recordings may be used in anonymised, de-identified form for research and model improvement
  • Your name, email, and account identity are never linked to the research data
  • You can withdraw consent at any time in Settings, and your recordings will be removed from the research pool

We will provide full details about the scope and purpose of any research use before asking for your consent.

Section 4 — How We Store and Protect Your Data

4.1 Storage

Your data is stored in Firebase (Google Cloud infrastructure), which provides industry-standard encryption at rest and in transit. Voice recordings are stored in Firebase Storage with access controls that restrict access to your account only.

4.2 Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, disclosure, alteration, or destruction. These include encrypted storage, secure authentication, and access controls. No system is completely secure. If you believe your account has been compromised, please contact us immediately at chris@getmendly.app.

4.3 Retention

We retain your data for as long as your account is active. If you delete your account, your personal data, voice recordings, and tap history are permanently deleted within 30 days. Anonymised usage analytics (which are not linked to you) may be retained for longer for product improvement purposes.

Section 5 — Third-Party Services

Mendly uses the following third-party services:

  • Firebase (Google) — authentication, database, and file storage
  • RevenueCat — subscription management
  • PostHog — anonymised product analytics
  • Apple App Store — app distribution and payment processing

Each of these services has its own privacy policy and data practices. We encourage you to review them. We select third-party services that meet high standards for data protection and we do not share your personal data with third parties for advertising purposes.

Section 6 — Your Rights

Depending on your location, you may have rights regarding your personal data under applicable law (including GDPR, UK GDPR, CCPA, PDPA, and others). These may include:

  • The right to access the personal data we hold about you
  • The right to correct inaccurate data
  • The right to delete your data ('right to be forgotten')
  • The right to restrict or object to certain processing
  • The right to data portability
  • The right to withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at chris@getmendly.app. We will respond within 30 days. You can also delete your account and all associated data directly within the App via Settings > Delete Account.

Section 7 — Children's Privacy

Mendly is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you are between 13 and 17, your parent or guardian must have reviewed and agreed to our Terms and this Privacy Policy on your behalf. If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly. Please contact us at chris@getmendly.app if you have concerns.

Section 8 — International Data Transfers

Mendly is operated from Thailand and your data may be processed by our service providers (Firebase, RevenueCat, PostHog) in the United States and other countries. By using Mendly, you consent to your data being transferred to and processed in these countries. We ensure that any such transfers are subject to appropriate safeguards consistent with applicable data protection law.

Section 9 — Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App and update the effective date at the top of this page. Your continued use of Mendly after changes constitutes acceptance of the updated policy. If we make changes that materially affect how we handle your voice recordings, we will seek fresh explicit consent.

Section 10 — Contact

For questions, requests, or concerns about this Privacy Policy or your data, please contact:

Christopher Joseph Puthiakunnel

Email: chris@getmendly.app

Your data is yours. We built Mendly to help you listen to yourself — not to listen to you.