Effective date: May 14, 2026 · Last updated: May 14, 2026
MindFlock is published by Create67 LLC, a California limited liability company ("MindFlock", "we", "us", or "our"). Create67 LLC is the data controller for the information described in this policy.
This Privacy Policy explains what information the MindFlock iOS app and the mindflock.app website collect, how we use it, who we share it with, how long we keep it, and the controls and legal rights you have over your data.
We built MindFlock to help people spend less time on their phones — not to monetize their attention. We do not sell or share your personal information. We do not run advertising. We do not use advertising or analytics SDKs. We do not share your information with data brokers. We do not profile you for marketing.
MindFlock is a social screen time management app. It uses Apple's Family Controls framework (FamilyControls, DeviceActivity, ManagedSettings) to block apps you choose on your own device. Some features — shared challenges, coops, and the ability to "catch" or "peck" a friend who is using a blocked app — require us to keep a small amount of data on a server so the friends you have chosen can see it. This policy is primarily about that small amount of server-stored data.
When you join a challenge, other participants in that challenge can, through gameplay actions defined by the rules you accepted (for example, "catching" you in StimCheck mode), trigger a temporary block of your selected apps on your own device. Those blocks happen via Apple's Family Controls framework on your device; the other participants never learn which specific apps were blocked. Joining a coop, accepting a challenge invite, and the game mode each challenge uses are all individual opt-in actions you can decline, and you may leave a coop or challenge at any time.
Apple's Family Controls framework only exposes opaque tokens to MindFlock — never the names, bundle identifiers, or usage statistics of the specific apps you have installed or use. Even on your own device, MindFlock's code cannot decode which apps are inside the selection you made; that information stays inside Apple's frameworks and is not readable by us. As a direct result of this technical design:
The app names that appear in our social features (for example "Instagram" or "TikTok" in a team-vote screen) come from MindFlock's own static app catalog that ships inside the app binary. They are app labels we authored — not data derived from inspecting your device.
We collect only what we need to operate the features you signed up for.
To power shared challenges and "is my friend currently on a blocked app" features, the app uploads the following aggregate values:
We do not upload an hour-by-hour or minute-by-minute log of your phone usage. Hourly usage data, where it exists, stays on your device only. Your historical daily archive stores only your day's total minute count — no timestamps and no live-state flags.
The app is free during open beta. If we offer paid subscriptions in the future, we will receive the receipt-validation information Apple's StoreKit returns. We never receive your full payment details — those stay with Apple.
The app keeps a local debug log on your device. If you contact support and choose to attach a log file, we receive whatever you send us. MindFlock does not include any third-party analytics or crash-reporting SDKs. We do not silently collect crash reports; the only crash data we might receive is what Apple provides in aggregate if you have enabled "Share With App Developers" in iOS Settings.
The mindflock.app website does not use analytics, advertising, or tracking cookies. It is served through Cloudflare, our hosting and security provider, which may set strictly-necessary cookies for security and bot-protection purposes. We do not place advertising or analytics cookies, and the website does not build a profile of you.
For California residents, the categories of personal information we collect, mapped to the statutory categories under the CCPA/CPRA:
| Statutory category | Do we collect it? | Examples |
|---|---|---|
| Identifiers | Yes | Email, display name, account ID, device push tokens |
| Customer records (Cal. Civ. Code §1798.80) | Yes | Email, display name |
| Internet or other electronic network activity | Limited | Aggregate daily minute totals and an active/inactive flag — no browsing history, no per-app data |
| Geolocation data | No | — |
| Commercial information | Limited | Subscription status, if you ever purchase one |
| Biometric information | No | — |
| Audio/visual information | No | — |
| Professional, education, or financial information | No | — |
| Sensitive personal information | See section 5 | — |
| Inferences / profiles | No | We do not build profiles or inferences about you |
Sources of this information: directly from you, and automatically from your device as you use the app. Business purpose for collecting it: to operate the features you signed up for, send notifications you permitted, and keep the community safe. We do not sell or share personal information.
Aggregate screen-time data could be considered "sensitive personal information" under the CPRA. We want to be clear about how we treat it:
We use the information described above only to:
We do not use your information for advertising, profiling, retargeting, or sale of any kind. We do not engage in automated decision-making that produces legal or similarly significant effects about you.
If you are in the United Kingdom or the European Economic Area, we process your personal data under the following lawful bases:
| Processing purpose | Lawful basis |
|---|---|
| Creating and maintaining your account; providing blocking, coop, and challenge features | Performance of a contract (Art. 6(1)(b)) |
| Sending push notifications you enabled | Consent (Art. 6(1)(a)) — withdrawable any time in iOS Settings |
| Keeping the community safe; detecting and acting on abuse | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
We use a small number of third-party providers to operate MindFlock. They process data on our behalf, under contract, and do not use your data for their own purposes:
| Service | Provider | What it handles |
|---|---|---|
| Authentication, database, cloud functions, push delivery | Google Cloud / Firebase (Google LLC) | Account login, the account and screen-time data in section 3, push-token routing |
| Website hosting and security | Cloudflare, Inc. | Serving mindflock.app; security and bot protection |
| "Sign in with Apple" and Apple Push Notifications | Apple Inc. | Optional authentication; APNs routing for push |
| "Sign in with Google" | Google LLC | Optional authentication |
| On-device app blocking | Apple Inc. (Family Controls) | Enforcement happens on your device; no data is sent to Apple by us through this framework |
Google's Firebase privacy and security documentation: https://firebase.google.com/support/privacy.
We may disclose information if required by valid legal process. We will resist overbroad requests and, where legally permitted, notify you.
Do Not Sell or Share My Personal Information: We do not sell or share your personal information, and we have not done so in the preceding 12 months. There is nothing for you to opt out of, but if this ever changes we will provide a clear opt-out mechanism before doing so.
| Data | Retention |
|---|---|
| Live presence snapshot (current minute count, active flag, recency timestamp) | Most recent value only; overwritten on every update |
| Daily total minute count (one number per day) | Kept while your account exists, so trends and Insights can be shown to you |
| Account information (email, display name) | Kept while your account exists |
| Coop and challenge participation history | Kept while your account exists |
| Blocks and reports | Kept while your account exists, so safety controls keep working; we may retain a minimal record of an enforcement action after the related account is removed |
| Device push tokens | Until you sign out, uninstall, or the token becomes invalid |
| All of the above on account deletion | Permanently deleted, typically within minutes and in all cases within 30 days |
We retain data only as long as needed for the purposes described in this policy or as required by law.
When you delete your account from inside the app (Settings → Delete Account), MindFlock:
After this process completes, MindFlock retains nothing personally identifying about you. We may retain anonymized, aggregate counts that cannot be linked back to you (for example, "number of coops created last week") for product purposes only.
You can also request deletion by emailing support@mindflock.app from the email address tied to your account.
You have the right to: know what personal information we collect and how we use it; access a copy of it; delete it; correct it; and not be discriminated against for exercising these rights. We do not sell or share personal information, so there is no "opt out of sale" to exercise. Under California's "Shine the Light" law (Cal. Civ. Code §1798.83), we do not share personal information with third parties for their own direct marketing.
You have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability; object to processing based on legitimate interests; and withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority (in the EU) or the Information Commissioner's Office (in the UK).
Use the in-app controls where available, or email support@mindflock.app. We will verify your request against your account and respond within 30 days (45 days for California requests where an extension is permitted). We will not charge you for exercising your rights except where a request is manifestly unfounded or excessive.
MindFlock is operated from the United States. If you use MindFlock from outside the U.S., your information will be transferred to, stored in, and processed in the United States. Where we transfer personal data of EU/UK residents to the United States, that transfer relies on the Standard Contractual Clauses approved by the European Commission (and the UK Addendum), which our service providers, including Google Cloud, incorporate into their data-processing terms.
We use industry-standard security practices to protect your data, including:
No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify you and any relevant regulator without undue delay, as required by applicable law.
MindFlock is intended for users age 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created a MindFlock account, contact us at support@mindflock.app and we will delete the account and associated data promptly.
The app or website may link to third-party sites or services (for example, a service provider's privacy documentation). We are not responsible for the privacy practices or content of those third parties. We encourage you to read their policies.
Some browsers offer a "Do Not Track" (DNT) signal. Because the mindflock.app website does not track users across websites or over time, and does not use advertising or analytics cookies, our behavior is the same whether or not a DNT signal is present: we do not track you either way.
If we make material changes, we will notify you through the app or by email before the changes take effect. The "Last updated" date at the top of this policy always reflects the most recent revision. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy.
Create67 LLC (California, USA)
Email: support@mindflock.app
For general questions, account help, or any privacy request, email us. We aim to respond within 7 business days, and never later than the deadlines in section 11.4.