MentalityMakers

Privacy Policy

Last updated: 16 April 2026

1. Who we are

MentalityMakers (“we”, “our”, “us”) is a personal productivity application available at mentalitymakers.com. It helps users set goals, track sessions, and schedule commitments to their Google Calendar.

For any privacy-related questions, contact us at: mentalitymakers@gmail.com

2. What data we collect

We collect only what is necessary to provide the service:

  • Google account email address: Used to identify your account and for login
  • Google profile name: Used to personalise your experience
  • Google OAuth tokens (access token + refresh token): Used to create and delete Google Calendar events on your behalf — stored securely in our database
  • Goals, sessions, categories, and activity data you create: Core app data — stored in our database and visible only to you

3. How we use your data

  • To authenticate you securely via Google Sign-In
  • To create, update, and delete Google Calendar events that correspond to your scheduled goal sessions
  • To store and display your goals, sessions, and progress within the app
  • To automatically mark past uncompleted sessions as missed (via a scheduled database job)

We do not sell your data, share it with third parties for marketing, or use it for any purpose beyond operating the app.

4. Google Calendar access

MentalityMakers requests access to your Google Calendar via the calendar.events scope. This allows the app to:

  • Create calendar events when you schedule a goal session
  • Delete calendar events when you skip or remove a session

We only access events created by MentalityMakers. We do not read, modify, or delete any other events in your calendar. Your Google OAuth tokens are stored in our secure database and used solely for the Calendar operations described above.

MentalityMakers' use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. How we store your data

Your data is stored in a Supabase PostgreSQL database hosted on AWS infrastructure in the EU (eu-west-2). All data is protected by Row Level Security (RLS) — your data is only accessible to your own authenticated account. Connections are encrypted in transit via HTTPS/TLS.

6. Data retention

Your data is retained for as long as your account is active. If you wish to delete your account and all associated data, contact us at mentalitymakers@gmail.com and we will permanently delete it within 30 days.

7. Your rights

You have the right to:

  • Access all data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Revoke Google Calendar access at any time via your Google Account settings at myaccount.google.com/permissions

8. Cookies

We use a single session cookie to keep you logged in. This cookie is set by Supabase Auth and contains an encrypted session token. No tracking cookies, advertising cookies, or third-party analytics cookies are used.

9. Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact

For any questions about this privacy policy or your data, contact: mentalitymakers@gmail.com

← Back to MentalityMakers