Mindsoul XR · Android Application

Privacy Policy / 隐私政策

Last updated / 最后更新:2026-04-26 · Effective / 生效日期:2026-04-26

This Privacy Policy applies to the Mindsoul XR Android application (package com.pmtalk.mindsoul.xr) distributed via Google Play. The English version below is authoritative; a Chinese translation is provided for convenience.

本隐私政策适用于通过 Google Play 分发的 Mindsoul XR Android 应用(包名 com.pmtalk.mindsoul.xr)。下文以英文版为准,中文译文仅供参考。

Mindsoul XR — Account & Data Deletion

App: Mindsoul XR (com.pmtalk.mindsoul.xr) · Developer: Mindsoul

How to request deletion (步骤)

  1. Send an email from the address registered to your Mindsoul XR account to kevin.zhang@mindsoul.cn.
  2. Use the subject line “Mindsoul XR Account Deletion Request”.
  3. In the body, include your registered email and (optionally) your in-app display name so we can locate the account.
  4. We will verify your identity and confirm the request by reply within 5 business days, and complete deletion within 30 days.

Data that will be deleted

  • Account credentials (email, password hash) and linked Google Sign-In binding.
  • Profile fields: display name, avatar, gender, birthday, institution.
  • EEG records and brain-signal samples uploaded from your headband.
  • AI conversation history and long-term memory entries (Mem0).
  • Images uploaded to the Imagination Gallery.
  • App-side authentication tokens for your account.

Data that may be retained, and for how long

  • Encrypted backups containing your data are purged on a rolling 90-day cycle after primary deletion.
  • De-identified / anonymized records (with no link back to your account) used for BCI model training may be retained indefinitely for research purposes.
  • Records we are required to retain by law (e.g., security incident logs, financial records) are retained for the period mandated by the applicable law and then deleted.

中文说明

如需删除您的 Mindsoul XR 账号及全部相关个人数据,请使用账号绑定的邮箱 向 kevin.zhang@mindsoul.cn 发送邮件,主题写明"Mindsoul XR 账号删除请求",并在正文注明您的注册邮箱 (及可选的应用内昵称)。我们将在 5 个工作日内回复确认,并在 30 天内删除:账号凭证、个人资料(昵称/头像/性别/生日/机构)、EEG 记录、AI 对话记忆、想象力画廊图片以及客户端认证令牌。

会保留的数据:含您数据的加密备份按 90 天滚动清除; 用于 BCI 模型训练的已去标识化/匿名化记录(无法回溯到您的账号)可能长期保留以供研究使用; 法律要求保留的记录(如安全事件日志、财务记录)将按相应法律期限保留后删除。

English

1. Who We Are

Mindsoul XR ("the App") is an Android XR application that integrates a Brain–Computer Interface (BCI) headband, hand-tracking, and AI conversation in an immersive 3D environment. This Privacy Policy describes what information the App processes, why it is processed, and the choices you have. If you have any questions, please contact us at kevin.zhang@mindsoul.cn.

2. Information We Process

  • Account information: email address, password (stored as a hash on our servers), and — if you choose Google Sign-In — the basic profile fields returned by Google Credential Manager (name, email, profile picture URL, stable account identifier).
  • EEG / brainwave data: when you connect a BrainLink Pro / Lite / Mind Link headband, the App reads the raw EEG stream and derived metrics (attention, relaxation, signal quality) over Bluetooth. EEG data is health-related data and we treat it as sensitive personal information.
  • Bluetooth device information: the name, MAC address, and connection state of nearby BrainLink devices, used solely to discover and connect to your headband. We do not use Bluetooth scan results to derive your physical location.
  • XR sensor data: hand-tracking landmarks and scene-understanding signals are used on-device to render the 3D keyboard and place virtual content in your space. These signals are not uploaded to our servers.
  • Content you create: sentences you read aloud during semantic-collection tasks, motor-imagery labels, images you upload to the Imagination Gallery, and messages you send to the AI conversation feature (which are stored as long-term memory by our Mem0 integration).
  • Diagnostic information: app logs (timestamps, screen names, error stack traces) written to the device under /sdcard/Android/data/com.pmtalk.mindsoul.xr/files/logs/. Logs remain on the device unless you choose to share them with us for support.

3. How We Use Information

  • To authenticate you and keep you signed in.
  • To stream EEG data to our backend in real time so the App can display visualizations, run BCI tasks (semantic collection, motor imagery), and return AI-generated results to your headset.
  • To persist your conversation memory so the AI assistant can recall context across sessions.
  • To store images you upload to the Imagination Gallery and link them to your account.
  • To diagnose crashes and improve stability.
  • To train and improve our BCI models. Data used for model training is de-identified or anonymized before use; we do not train models on raw account identifiers.

4. Permissions and Why We Need Them

  • BLUETOOTH_SCAN / BLUETOOTH_CONNECT — to discover and connect to your BrainLink EEG headband. We declare neverForLocation, so scan results are not used to infer location.
  • ACCESS_FINE_LOCATION — required by the Android OS for BLE scanning on Android 11 and below. We do not collect or transmit location data.
  • HAND_TRACKING — to drive the spatial keyboard and gesture input. Hand-tracking data stays on-device.
  • SCENE_UNDERSTANDING_FINE — to place virtual panels and content in your room. Scene data stays on-device.
  • INTERNET / ACCESS_NETWORK_STATE / ACCESS_WIFI_STATE — to talk to our backend over HTTPS and to discover backend endpoints on the local network via UDP broadcast.
  • FOREGROUND_SERVICE / FOREGROUND_SERVICE_MEDIA_PROJECTION — to keep the screen-recording session alive when you explicitly start a recording.

5. Sharing With Third Parties

  • Google Sign-In (Google LLC) — only if you choose to sign in with Google. We receive your basic profile from Google; Google receives the fact that you signed in to Mindsoul XR.
  • Mem0 — we use Mem0 as a memory store for your AI conversations. Conversation content you send to the AI feature is sent to Mem0 under our account and tied to your user ID.
  • Cloud infrastructure providers — we host our backend and storage on standard cloud infrastructure that processes data on our behalf under written agreements.
  • We do not sell personal information and we do not share it with advertisers. We do not include third-party advertising or analytics SDKs in the App.

6. Data Storage, Security, and Retention

All network traffic between the App and our backend is encrypted in transit using HTTPS / TLS. EEG records, conversation memory, and uploaded images are stored on our backend under access controls that limit visibility to the owning account and authorized administrators of your organization (if applicable). We retain account and content data for as long as your account is active. When you delete your account, we delete or anonymize your personal data within 30 days, except where we are required to retain specific records for legal or security reasons.

7. Your Rights and Choices

  • Access, correct, or export your personal data.
  • Delete your account and the personal data associated with it.
  • Disconnect Google Sign-In and switch to email/password (or vice versa).
  • Stop EEG collection at any time by disconnecting the headband or quitting the App.
  • To exercise any of these rights, email kevin.zhang@mindsoul.cn from the address associated with your account. We will respond within 30 days.

8. Children

Mindsoul XR is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. International Transfers

Your information may be processed and stored in jurisdictions other than your own. Where required by law, we use appropriate safeguards (such as standard contractual clauses) for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you in the App. Continued use of the App after an update means you accept the revised policy.

11. Contact

For privacy questions, data-subject requests, or security reports, contact: kevin.zhang@mindsoul.cn.

中文

1. 关于我们

Mindsoul XR(“本应用”)是一款 Android XR 应用,将脑机接口(BCI)头环、手部追踪与 AI 对话整合在沉浸式 3D 环境中。本隐私政策说明本应用处理哪些信息、出于何种目的处理,以及您拥有的选择。如有疑问,请通过 kevin.zhang@mindsoul.cn 与我们联系。

2. 我们处理的信息

  • 账户信息:邮箱、密码(在服务器以哈希形式存储);如选择 Google 登录,则包括 Google Credential Manager 返回的基本资料(姓名、邮箱、头像 URL、稳定账号标识)。
  • 脑电(EEG)数据:当您连接 BrainLink Pro / Lite / Mind Link 头环时,本应用通过蓝牙读取原始 EEG 信号及衍生指标(专注度、放松度、信号质量)。脑电数据属于与健康相关的数据,我们将其作为敏感个人信息处理。
  • 蓝牙设备信息:附近 BrainLink 设备的名称、MAC 地址与连接状态,仅用于发现并连接您的头环。我们不会通过蓝牙扫描结果推断您的物理位置。
  • XR 传感器数据:手部追踪关键点与场景理解信号仅在设备本地用于渲染 3D 键盘和放置虚拟内容,不会上传至我们的服务器。
  • 您创建的内容:在语义采集任务中朗读的句子、运动想象标签、上传至想象力画廊的图片,以及您发送给 AI 对话功能的消息(通过 Mem0 集成作为长期记忆存储)。
  • 诊断信息:写入设备 /sdcard/Android/data/com.pmtalk.mindsoul.xr/files/logs/ 的应用日志(时间戳、页面名称、错误堆栈)。日志保留在设备本地,除非您主动将其分享给我们以便提供支持。

3. 我们如何使用信息

  • 对您进行身份验证并保持登录状态。
  • 将 EEG 数据实时传输到我们的后端,以便本应用展示可视化、运行 BCI 任务(语义采集、运动想象)并将 AI 生成的结果返回到您的头显。
  • 持久化您的对话记忆,使 AI 助手能够跨会话回忆上下文。
  • 存储您上传到想象力画廊的图片,并与您的账户关联。
  • 诊断崩溃并提升稳定性。
  • 训练和改进我们的 BCI 模型。用于模型训练的数据将先经过去标识化或匿名化处理;我们不会基于原始账号标识训练模型。

4. 权限及其用途

  • BLUETOOTH_SCAN / BLUETOOTH_CONNECT —— 用于发现并连接 BrainLink 脑电头环。我们声明 neverForLocation,扫描结果不用于推断位置。
  • ACCESS_FINE_LOCATION —— Android 11 及以下系统进行 BLE 扫描所必需。我们不会收集或传输位置数据。
  • HAND_TRACKING —— 用于驱动空间键盘与手势输入。手部追踪数据仅在设备本地处理。
  • SCENE_UNDERSTANDING_FINE —— 用于在您的房间中放置虚拟面板与内容。场景数据仅在设备本地处理。
  • INTERNET / ACCESS_NETWORK_STATE / ACCESS_WIFI_STATE —— 通过 HTTPS 与后端通信,并通过 UDP 广播在本地网络上发现后端节点。
  • FOREGROUND_SERVICE / FOREGROUND_SERVICE_MEDIA_PROJECTION —— 在您主动开启录屏时维持录屏会话。

5. 与第三方共享

  • Google 登录(Google LLC)—— 仅当您选择使用 Google 登录时。我们从 Google 接收您的基本资料;Google 会得知您登录了 Mindsoul XR。
  • Mem0 —— 我们使用 Mem0 作为 AI 对话的记忆存储。您发送给 AI 功能的对话内容会以我们的账户发送至 Mem0,并与您的用户 ID 关联。
  • 云基础设施服务商 —— 我们的后端与存储部署在标准云基础设施上,受托方根据书面协议代我们处理数据。
  • 我们不出售个人信息,也不与广告商共享。本应用不集成第三方广告或分析 SDK。

6. 数据存储、安全与保留

本应用与后端之间的所有网络流量采用 HTTPS / TLS 加密传输。EEG 记录、对话记忆与上传的图片存储于我们的后端,并通过访问控制限定为账户所有者及(如适用)所属机构的授权管理员可见。账户活跃期间,我们将持续保留账户与内容数据;账户注销后,我们将在 30 天内删除或匿名化您的个人数据,但法律或安全合规要求保留特定记录的除外。

7. 您的权利与选择

  • 访问、更正或导出您的个人数据。
  • 删除您的账户及与之关联的个人数据。
  • 取消 Google 登录绑定并切换为邮箱/密码登录(或反向操作)。
  • 随时通过断开头环或退出本应用停止 EEG 采集。
  • 如需行使上述任一权利,请使用与账户绑定的邮箱地址向 kevin.zhang@mindsoul.cn 发送邮件。我们将在 30 天内回复。

8. 未成年人

Mindsoul XR 不面向 13 周岁以下(或所在司法辖区规定的最低年龄)的儿童。我们不会有意收集儿童的个人信息。如您认为某位儿童向我们提供了个人信息,请联系我们,我们将予以删除。

9. 跨境传输

您的信息可能在您所在司法辖区以外的地区处理与存储。如法律要求,我们将通过适当的保障措施(例如标准合同条款)进行跨境传输。

10. 政策变更

我们可能不时更新本隐私政策。当发生重大变更时,我们将更新本页顶部的“最后更新日期”,并在适当情况下在应用内通知您。在政策更新后继续使用本应用,即视为您接受修订后的政策。

11. 联系方式

如有隐私相关问题、数据主体请求或安全报告,请联系:kevin.zhang@mindsoul.cn。

Contact / 联系方式: kevin.zhang@mindsoul.cn