Privacy Policy
Last updated: 8 February 2026
1. Data Controller
MindScout is the data controller responsible for processing your personal data. If you have any questions about how we handle your data, please contact us.
MindScout
E-Mail: [email protected]
2. What Data We Collect
We collect different categories of personal data depending on how you use our platform.
Parent / Account Data
When you register, we collect your email address, first and last name, country, and a securely hashed password. This data is necessary to create and manage your account.
Children’s Data
During onboarding, parents provide their child’s first name, date of birth, gender, and choose an avatar. This information is used to personalise the learning experience and match content to the appropriate CAT4 level.
Educational Data
As your child uses MindScout, we collect test results, stanine scores, Standard Age Scores (SAS), practice progress, and target school selections. This data powers the adaptive learning engine and progress reports.
AI Tutor (Atlas) Data
Chat messages exchanged with Atlas, our AI tutor, are processed to provide personalised explanations and learning support. These conversations are not used for any purpose other than delivering the tutoring service.
Payment Data
Payment processing is handled entirely by Stripe. We store a Stripe Customer ID, purchase history, amounts, and currency for billing purposes. We never store credit card numbers or full payment details on our servers.
Analytics Data
With your consent, we collect anonymised analytics data via PostHog (EU-hosted): anonymous user ID, page views, CTA clicks, and A/B test assignments. No analytics data is collected without your explicit opt-in consent.
Marketing Data
URL parameters such as UTM tags, Google Click ID (gclid), and Facebook Click ID (fbclid) may be captured when you visit our website. These are used solely for measuring advertising effectiveness.
Email Data
We use Resend for transactional emails (e.g. welcome emails, password resets). Email open rates may be tracked via standard tracking pixels. You can disable image loading in your email client to prevent this.
Device Data
PostHog may automatically collect browser type, operating system, screen resolution, language, and timezone. This data is only collected with your analytics consent and is used to improve our platform.
Security Data
For account security, we log login IP addresses, failed login attempts, and authentication method (email/password or social login). This data is retained for a limited period to detect and prevent unauthorised access.
3. Legal Basis for Processing
We process your personal data under the following legal bases as defined in the GDPR (Article 6):
- Performance of a contract (Art. 6(1)(b)) — Account creation, children’s data, educational data, payment processing, and AI tutor functionality — all necessary to deliver the service you signed up for.
- Consent (Art. 6(1)(a)) — Analytics tracking, marketing cookies, email open tracking, and advertising conversion measurement. You can withdraw consent at any time.
- Legitimate interest (Art. 6(1)(f)) — Security measures including login tracking and fraud prevention, which are necessary to protect your account and our platform.
4. Children’s Data Protection
MindScout is designed for children aged 6–17, and we take the protection of children’s data very seriously. In compliance with GDPR Article 8 and applicable child protection laws, all children’s accounts are created and managed exclusively by parents or legal guardians.
Children cannot register independently. Parents provide all necessary information during onboarding and maintain full control over their child’s data. When a parent deletes their account, all associated children’s data is permanently removed.
5. Third-Party Processors
We work with the following trusted third-party service providers to deliver our platform. Each provider processes data under a Data Processing Agreement (DPA) in compliance with GDPR requirements.
| Provider | Purpose | Region |
|---|---|---|
| PostHog | Analytics, feature flags, session recording (consent-based) | EU (eu.posthog.com) |
| Stripe | Payment processing | EU/US (PCI DSS) |
| Resend | Transactional emails | US |
| Google Ads | Conversion tracking (consent-based) | US |
| Anthropic (Claude) | AI tutor (Atlas) — question explanations | US |
6. Cookies and Consent
MindScout follows a strict opt-in model. No analytics or advertising cookies are set without your explicit consent. We use Google Consent Mode v2 with all consent signals set to ‘denied’ by default.
The following localStorage keys are used on our platform:
mindscout_analytics_consent— Stores your analytics consent preference (granted or denied)mindscout_anonymous_id— A random anonymous identifier, only active when consent is granted
7. Data Retention and Deletion
We retain your personal data for as long as your account is active and as needed to provide our services. Educational data (test results, progress) is retained for the duration of your subscription to enable continuous progress tracking.
When you delete your account, all personal data — including all children’s profiles, test results, and chat history — is permanently deleted within 30 days. Security logs are retained for up to 90 days for fraud prevention purposes.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access — Request a copy of all personal data we hold about you and your children.
- Right to rectification — Request correction of inaccurate personal data.
- Right to erasure — Request deletion of your personal data (‘right to be forgotten’).
- Right to restriction — Request that we limit how we process your data.
- Right to data portability — Request your data in a structured, machine-readable format.
- Right to object — Object to processing based on legitimate interest.
To exercise any of these rights, please email us at <email/>. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection supervisory authority.
9. International Data Transfers
Our analytics provider PostHog is hosted in the EU (eu.posthog.com). Payment processing via Stripe uses EU and US infrastructure with appropriate safeguards.
For services based in the US (Resend, Google Ads, Anthropic), we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, or equivalent safeguards, to ensure an adequate level of data protection.
10. EU Representative (Art. 27 GDPR)
MindScout is operated by Wildstuff LLC, based in the United States. As we offer services to individuals in the European Union, our appointed EU representative pursuant to Article 27 of the GDPR is: Join GmbH, Hasselbachplatz 2, 39104 Magdeburg, Germany. Phone: +49 3691 7090 00, E-Mail: [email protected]. You can also reach us directly at <email/>.
11. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes, we will notify you via email or through a prominent notice on our website. We encourage you to review this page periodically.
12. Contact
If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us.
E-Mail: [email protected]