MINDSET

Privacy Policy

& End User Licence Agreement

Version 2.0Effective: 27 March 2026Updated: 27 March 2026Mindset Ltd · United Kingdom · hello@mindsetapp.io

Plain Language Summary

Before you read the full legal text, here is what matters most in plain terms:

This plain-language summary does not replace the full legal text below. In all matters of interpretation, the full text governs.

PART A — PRIVACY POLICY

1. Introduction

1.1 Mindset Ltd ("Mindset", "we", "us", "our") is a company registered in England and Wales. We are the developer and operator of the Mindset mobile application ("the Application"), available on iOS and Android, and any associated web-based tools made available to institutional clients (collectively, "the Services").

1.2 Mindset is a focus enforcement application. It is built on the principle that genuine focus requires genuine restriction, not passive reminders or motivation. When enforcement is active, selected applications and websites become structurally inaccessible on a user's device. Mindset does not suggest, remind, or nudge. It enforces.

1.3 Privacy is central to that mission. An enforcement tool that simultaneously surveils the very behaviour it restricts would be a contradiction. Mindset is architecturally designed so that the specific content of your activity — which apps you use, which websites you visit, what you type — is never transmitted to or stored on our servers. Enforcement is entirely local and rule-based.

1.4 This Privacy Policy ("Policy") explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, what your rights are, and how to exercise them. It applies to all users of the Services, including consumers using the personal mobile application and individuals using Mindset in an institutional context.

1.5 This Policy is issued in compliance with the UK General Data Protection Regulation ("UK GDPR") as retained in UK law by the European Union (Withdrawal) Act 2018, the Data Protection Act 2018 ("DPA 2018"), the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR") where applicable, and other applicable data protection legislation.

1.6 For the purposes of applicable data protection legislation, Mindset Ltd is the data controller in respect of personal data processed in connection with the Services. Our contact address for all privacy-related matters is: hello@mindsetapp.io.

1.7 If you have any questions about this Policy or about how we handle your personal data, you are welcome to contact us at any time. We aim to respond to all enquiries within three business days.

2. Definitions

2.1 In this Policy, the following terms have the meanings set out below:

3. Who We Are and How to Contact Us

3.1 Mindset Ltd is registered in England and Wales. We operate the Mindset Application and Services.

3.2 All privacy-related enquiries, data subject access requests, complaints, and correspondence should be addressed to:

Mindset Ltd

United Kingdom

Email: hello@mindsetapp.io

Website: mindsetapp.io

3.3 Mindset Ltd has appointed a Data Protection Officer (DPO) who is responsible for overseeing our compliance with applicable data protection law, including UK GDPR and EU GDPR. The DPO is the appropriate point of contact for all matters relating to data protection, data subject rights requests, and complaints. The DPO can be contacted at: hello@mindsetapp.io. Please mark the subject line of any DPO correspondence accordingly (for example: "FAO: Data Protection Officer").

3.4 Where Mindset is deployed by an Institutional User, the Institutional User acts as a separate data controller in respect of its own members' data and is responsible for its own compliance obligations. Mindset acts as a data processor on behalf of the Institutional User to the extent agreed in a Data Processing Agreement. Individual members of an Institutional User who have questions about how their data is handled by that institution should direct those questions to the institution directly.

4. Personal Data We Collect

4.1 We collect and process only the personal data that is necessary for the purposes described in this Policy. The categories of personal data we collect are set out below. We do not collect personal data speculatively, and we do not collect personal data that we do not have a clear purpose for processing.

4.1 Account and Identity Data

We collect the following data when you create and maintain a Mindset account:

We use this data to create and maintain your account, authenticate your identity, synchronise your settings across devices, and respond to support requests.

4.2 Subscription and Billing Data

Mindset subscriptions are processed exclusively through Apple App Store or Google Play. We do not collect, process, or store payment card information.

We use this data to verify your entitlement to Premium features, manage subscription renewals, process refund requests, and resolve billing disputes.

4.3 Session and Focus Data

When you use the Application to run focus sessions, we collect the following data:

We do not collect which specific applications or websites you choose to block. That information remains entirely on your device and is never transmitted to our servers. This is not merely a policy choice — it is an architectural one.

4.4 Diagnostic and Technical Data

We collect anonymised technical data to maintain the performance and reliability of the Application:

This data is not linked to your identity. It is used solely to identify and fix defects, improve Application performance, and prioritise product development.

4.5 Communications Data

Where you contact us by email or through any in-app support mechanism, we retain a record of your correspondence. This includes your email address, the content of your message, and any attachments. We use this data to respond to your enquiry and, where appropriate, to identify and resolve systemic issues.

4.6 Institutional Session Data

Where Mindset is used in an institutional setting, additional data is generated as a consequence of running group enforcement sessions. This may include:

This data is generated on behalf of and for the use of the Institutional User. It is accessed by authorised administrators within that institution. Mindset processes this data as a data processor on behalf of the Institutional User as data controller. We do not use this data for our own analytical or commercial purposes.

We do not disclose in this Policy the specific technical mechanisms by which institutional sessions are managed, as these details are commercially sensitive. Institutional clients may request a Data Processing Agreement and associated technical documentation by contacting hello@mindsetapp.io.

5. How We Collect Personal Data

5.1 We collect personal data in the following ways:

5.1 Directly from you

5.2 Automatically, through your use of the Application

5.3 From third parties

5.4 We do not purchase personal data from data brokers. We do not source personal data from social media platforms. We do not receive personal data from advertising networks.

6. Legal Basis for Processing

6.1 Every processing activity we carry out requires a lawful basis under UK GDPR and EU GDPR. The table below sets out the legal basis for each category of processing we perform.

6.2 Where we rely on legitimate interests as our legal basis, we have carried out a balancing test to confirm that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. The legitimate interests we rely on are: providing effective customer support, maintaining the security and integrity of our systems, and preventing fraud and abuse of the Services.

6.3 Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. To withdraw consent, contact us at hello@mindsetapp.io or adjust your preferences within the Application settings.

7. How We Use Personal Data

7.1 We use the personal data we collect for the following purposes:

7.1 Provision and maintenance of the Services

7.2 Support and communications

7.3 Security and fraud prevention

7.4 Product improvement

We do not use personal data to train machine learning models that are deployed externally. Any automated processing of personal data is described in Section 12 of this Policy.

7.5 Legal and regulatory compliance

8. Disclosure of Personal Data

8.1 We do not sell, rent, trade, or otherwise transfer your personal data to third parties for their own commercial or marketing purposes. The following describes all circumstances in which we may disclose personal data:

8.1 Service Providers and Data Processors

We engage a limited number of third-party service providers who process personal data on our behalf, under strict contractual terms that prohibit them from using data for any purpose other than performing the services we have engaged them to perform. These providers are bound by data processing agreements consistent with UK GDPR and EU GDPR requirements. They include:

We do not name specific third-party providers in this Policy as this information is commercially sensitive. The categories of providers and the nature of data shared with each are as described above. Institutional clients may request further detail by contacting hello@mindsetapp.io.

8.2 Other Users — Group Features

Where you participate in group focus features ("Rooms"), limited information is visible to other participants in the same session:

No other personal data is shared with other participants. The specific applications or websites you have chosen to block are never visible to other users. Email addresses, account identifiers, and session history are never shared between users.

8.3 Institutional Users

Where you use Mindset in an institutional setting, data about your session participation — including attendance records and engagement metrics — is made available to authorised administrators within that institution. This disclosure is made on behalf of and under the direction of the Institutional User as data controller. Mindset does not control how the Institutional User uses this data.

8.4 Legal Requirements and Protection of Rights

We may disclose personal data to public authorities, regulators, courts, or law enforcement agencies where we are legally required to do so, or where we reasonably believe disclosure is necessary to:

Where legally permitted, we will notify you of any such disclosure request. We will always endeavour to challenge requests that we consider to be overly broad, disproportionate, or not in compliance with applicable law, and we will disclose only the minimum personal data necessary to comply with any valid legal requirement.

8.5 Business Transfers

If Mindset Ltd undergoes a merger, acquisition, restructuring, insolvency proceeding, or sale of all or a substantial part of its assets, your personal data may be transferred to the relevant successor entity as part of that transaction. We will notify you in advance of any such transfer where practicable. Any successor entity will be required to honour the terms of this Privacy Policy or provide you with equivalent or greater protections.

9. International Data Transfers

9.1 Our primary servers and infrastructure are hosted by Hetzner Online GmbH in Nuremberg, Germany, within the European Economic Area (EEA). Personal data stored on these servers is subject to EU GDPR and the equivalent protections established in the UK under UK GDPR. Germany is subject to some of the most rigorous data protection standards in the world, and Hetzner's infrastructure meets enterprise-grade security requirements.

9.2 Where we engage service providers whose processing activities occur outside the UK or EEA, we ensure that appropriate safeguards are in place before any transfer is made. Such safeguards may include:

9.3 We do not transfer personal data to countries that lack adequate data protection safeguards without first putting in place one of the safeguard mechanisms described above.

9.4 You may request further information about the safeguards we have put in place for any specific international transfer by contacting us at hello@mindsetapp.io.

10. Data Retention

10.1 We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The following table sets out our retention periods for each category of data:

10.2 When you delete your account, we will permanently delete your personal data within 30 days, except where a longer retention period is required by law (for example, financial records required for tax purposes). Data held in backup or archival systems at the point of deletion may persist for a further period consistent with our backup rotation schedule, after which it will be permanently expunged.

10.3 We review our retention periods periodically and will update this Policy if they change.

11. Security

11.1 We take the security of your personal data seriously and implement a range of technical and organisational measures designed to protect it against unauthorised access, disclosure, alteration, loss, or destruction.

11.1 Technical Measures

11.2 Organisational Measures

11.3 Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (the UK Information Commissioner's Office, and/or the relevant EU supervisory authority) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by UK GDPR and EU GDPR.

Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, unless an exception under applicable law applies. Our notification will describe the nature of the breach, the categories and approximate number of individuals and records concerned, the likely consequences of the breach, and the measures we have taken or propose to take to address it.

11.4 While we take extensive precautions, no data transmission or storage system can be guaranteed to be 100% secure. If you suspect any unauthorised access to your account or data, please contact us immediately at hello@mindsetapp.io.

12. Automated Decision-Making and Profiling

12.1 Mindset Ltd uses automated processing in two specific contexts within the operation of the Services. We are committed to transparency about both, and in each case where automated processing produces an outcome that affects your account, you will be notified.

12.1 Subscription Status Determination

When you open the Application, our systems automatically query Apple or Google's subscription verification APIs to determine your current subscription status. The result of this query automatically determines which features and tiers of the Application you are able to access. This process may result in the following automated outcomes:

These automated determinations are based solely on verified payment data from Apple or Google. They do not involve profiling of your behaviour, assessment of your personal characteristics, or any form of discretionary judgment. They are a necessary and straightforward consequence of operating a subscription service.

If you believe any automated determination applied to your account is incorrect, you may contact us at hello@mindsetapp.io marked "FAO: Data Protection Officer" and a member of our team will review your case manually and respond within three business days.

12.2 Session Enforcement

During an active focus session, the Application's enforcement engine automatically blocks access to resources you have selected for blocking when you attempt to access them. This automated action is the core functionality of the Application and operates entirely locally on your device. It does not involve any processing on our servers and does not produce any outcome that affects your account status or your rights.

12.3 No Profiling

12.2 We do not carry out profiling — that is, automated processing of personal data to evaluate, analyse, or predict aspects of your personal situation, behaviour, preferences, interests, reliability, or location — that produces legal effects on you or similarly significantly affects you. We do not use personal data to build individual profiles for advertising, credit assessment, insurance, employment, or any other form of automated evaluation of personal characteristics.

12.3 We will notify you if we introduce any new automated decision-making that has a significant effect on you. Where required by applicable law, we will obtain your explicit consent or provide appropriate human review and opt-out mechanisms before implementing any such processing.

13. Cookies and Tracking Technologies

13.1 Mobile Application

The Mindset mobile application does not use cookies. It does not use web-based tracking technologies such as pixels, beacons, or fingerprinting. All data held by the Application on your device is stored in secure local storage or in your Mindset account on our servers, as described in this Policy. No data is shared with advertising networks or third-party data brokers through the Application.

13.2 Website (mindsetapp.io)

Our website may use a limited number of cookies. These fall into the following categories:

We do not use advertising cookies, retargeting cookies, or any cookies set by third-party advertising networks on our website. Mindset products are entirely ad-free.

Where required by applicable law, we present a cookie consent banner to website visitors and obtain consent before setting any non-essential cookies. You may update your cookie preferences at any time.

14. Device Permissions

14.1 The Application requests certain device permissions in order to deliver its enforcement functionality. The specific permissions requested depend on the operating system of your device. We request only the permissions that are genuinely necessary for the features you use.

14.2 A general description of the categories of permission we may request is as follows:

14.3 All enforcement activity — including determining which applications and websites are blocked during a session — occurs locally on your device. We do not receive information about which specific applications or websites you have chosen to block, and we do not receive information about the content of your activity on your device.

14.4 You may revoke any permission granted to the Application through your device's operating system settings at any time. Revoking certain permissions may impair the functionality of the Application.

15. Minors and Parental Guidance

15.1 Mindset does not impose a minimum age requirement for use of the Application. The Application is designed to assist users of any age in managing their device usage and maintaining focus. We recognise that younger users — including children and teenagers — may benefit significantly from focus enforcement tools, and we do not exclude them from using the product.

15.2 We do not knowingly collect any personal data from users that we would handle differently based on age. The data we collect — as described in Section 4 — is the same regardless of the age of the user, and is limited to what is necessary to provide the Service.

15.3 Where a child uses the Application, Mindset Ltd encourages parents and guardians to be involved in setting up and supervising their child's account and usage. Parents and guardians who wish to review, correct, or request the deletion of data associated with their child's account may contact us at hello@mindsetapp.io. We will accommodate such requests in accordance with applicable law and, where the request relates to a minor in the household, will endeavour to verify the parental or guardian relationship before taking action.

15.4 Mindset does not serve advertising within the Application. The Application is a subscription product. We do not use the data of any user — regardless of age — for advertising, profiling for commercial purposes, or resale to third parties.

15.5 Where Mindset is deployed by an educational institution and used by students who may be minors, the institution is responsible for ensuring that its use of the Services complies with all applicable child protection, education, and data protection legislation in its jurisdiction. Institutional clients should refer to their Data Processing Agreement with Mindset Ltd for applicable provisions.

15.6 If you become aware of any use of the Application by a child in circumstances that cause you concern, please contact us at hello@mindsetapp.io marked "FAO: Data Protection Officer" and we will investigate promptly.

16. Your Data Protection Rights

16.1 You have a number of rights in relation to the personal data we hold about you. The rights available to you depend on your location and the legal basis on which we process your data. These rights are described in detail below.

16.1 Rights Available to All Users

Regardless of where you are located, you have the following rights:

16.2 Additional Rights — UK and EU Residents

If you are located in the United Kingdom or European Economic Area, you have the following additional rights under UK GDPR and EU GDPR:

16.3 Rights — United States Residents

The United States does not have a single federal privacy law applicable to all residents. Privacy rights in the US are established by a growing body of state-level legislation. The sections below describe your rights under each applicable state law. If your state is not listed, please contact us at hello@mindsetapp.io and we will confirm what rights apply to you under the most current applicable legislation.

As a general commitment applicable to all US residents regardless of state: Mindset does not sell personal information. Mindset does not share personal information for cross-context behavioural advertising. Mindset does not discriminate against any user for exercising their privacy rights. We honour Global Privacy Control (GPC) signals for users of our website.

California (CCPA / CPRA — California Consumer Privacy Act and California Privacy Rights Act)

California residents have the most extensive set of statutory privacy rights in the United States. Under the CCPA as amended by the CPRA, you have the following rights:

To submit a verifiable consumer request, contact us at hello@mindsetapp.io with the subject line "California Privacy Request." We will respond within 45 calendar days of receipt of a verifiable request. We may extend this period by a further 45 days where reasonably necessary, with prior notice. You may designate an authorised agent to make a request on your behalf; we will require written authorisation and may verify your identity directly.

Virginia (CDPA — Consumer Data Protection Act, effective 1 January 2023)

Virginia residents have the following rights under the Virginia Consumer Data Protection Act:

We will respond to verifiable Virginia consumer requests within 45 days. This period may be extended by a further 45 days where reasonably necessary. If we decline to take action on a request, we will inform you of our reasons and the process by which you may appeal our decision. Appeals will be decided within 60 days of receipt.

Colorado (CPA — Colorado Privacy Act, effective 1 July 2023)

Colorado residents have the following rights under the Colorado Privacy Act:

We will respond to Colorado consumer requests within 45 days. Where reasonably necessary, this may be extended by a further 45 days with prior notice. You have the right to appeal any refusal to act on your request. Appeals will be responded to within 45 days, and you may subsequently escalate to the Colorado Attorney General if unsatisfied.

Connecticut (CTDPA — Connecticut Data Privacy Act, effective 1 July 2023)

Connecticut residents have the following rights under the Connecticut Data Privacy Act:

We will respond to Connecticut consumer requests within 45 days, extendable by a further 45 days with notice. You may appeal any refusal within a reasonable period, and we will respond to appeals within 60 days. You may further appeal to the Connecticut Attorney General.

Texas (TDPSA — Texas Data Privacy and Security Act, effective 1 July 2024)

Texas residents have the following rights under the Texas Data Privacy and Security Act:

We will respond to Texas consumer requests within 45 days. Appeals must be submitted within a reasonable period following our response, and we will decide appeals within 60 days. You may escalate unresolved appeals to the Texas Attorney General.

Florida (FDBR — Florida Digital Bill of Rights, effective 1 July 2024)

Florida residents of companies meeting the applicable thresholds have the following rights under the Florida Digital Bill of Rights:

We will respond to Florida consumer requests within 45 days, extendable where reasonably necessary with prior notice.

Utah (UCPA — Utah Consumer Privacy Act, effective 31 December 2023)

Utah residents have the following rights under the Utah Consumer Privacy Act:

We will respond to Utah consumer requests within 45 days, extendable by a further 45 days where reasonably necessary.

Virginia, Montana, Oregon, Delaware, Iowa, Indiana, Tennessee, and other enacted state laws

A number of additional US states have enacted privacy legislation that came into effect in 2024 and 2025, including Montana (MCDPA), Oregon (OCPA), Delaware (DPDPA), Iowa (ICDPA), Indiana (IDPA), Tennessee (TIPA), and others. Where applicable, residents of these states have rights substantially equivalent to those described above for Virginia, Colorado, and Connecticut — including rights of access, correction, deletion, portability, and opt out from sale and targeted advertising. We will honour all such rights in accordance with applicable law.

If you are a resident of a US state not specifically listed above and wish to know what rights apply to you, contact us at hello@mindsetapp.io and we will respond with the applicable information within three business days.

All US Residents — Response Process

To exercise any right described in this section, contact us at hello@mindsetapp.io with the subject line "US Privacy Rights Request — [your state] — [description of request]." We will verify your identity before processing your request. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive. We will not discriminate against you in the quality, price, or availability of the Services as a consequence of your exercising any privacy right.

16.4 Rights — Other Jurisdictions

We are committed to respecting applicable privacy rights in every jurisdiction in which we operate. If your jurisdiction is not listed and you wish to understand your rights, contact us at hello@mindsetapp.io and we will assist within three business days.

17. How to Exercise Your Rights

17.1 To exercise any of the rights described in Section 16, please contact us as follows:

Email: hello@mindsetapp.io

Subject line: "Privacy Rights Request — [description of your request]"

17.2 Please include in your request your registered email address and a clear description of the right you wish to exercise and the scope of your request. The more specific you are, the more efficiently we can respond.

17.3 We may be required to verify your identity before processing your request, in order to protect against fraudulent or unauthorised requests. Identity verification will typically involve confirming access to your registered email address. We will not charge you for making a request, and we will not use the information you provide for any purpose other than verifying your identity and responding to your request.

17.4 We will acknowledge receipt of your request promptly and provide a substantive response within 30 calendar days. Where a request is complex or involves a large volume of data, we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it within the initial 30-day period, as permitted by applicable law.

17.5 If you are not satisfied with our response, you have the right to escalate your complaint to the relevant supervisory authority as described in Section 16. We would, however, appreciate the opportunity to address your concern directly before you contact the supervisory authority, and we invite you to contact us first.

18. Changes to This Privacy Policy

18.1 We may update this Privacy Policy from time to time to reflect changes in our data processing activities, changes in applicable law, or improvements in how we describe our practices. We will not use this Policy as a mechanism to introduce material reductions in your privacy rights without adequate notice.

18.2 When we make material changes to this Policy, we will notify you by:

18.3 We will provide at least 30 days' notice before any material changes take effect. If you do not agree with any change, you may delete your account before the effective date. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

18.4 Where a change involves processing your personal data in a new way that requires your consent, we will seek that consent separately before commencing such processing.

18.5 Previous versions of this Policy are available upon request by contacting hello@mindsetapp.io.

PART B — END USER LICENCE AGREEMENT

19. About This Licence

19.1 The Mindset Application made available through the Apple App Store and Google Play Store is licensed to you, not sold. Your licence to use the Application is subject to your acceptance of this End User Licence Agreement ("EULA"). By downloading, installing, or using the Application, you agree to be bound by this EULA.

19.2 This EULA is an agreement between you and Mindset Ltd. It governs your use of the Application and any in-app content or services. Where you download through the Apple App Store, Apple's standard licensed application end user licence agreement terms also apply to the extent required by Apple.

19.3 If you do not agree with any part of this EULA, you must not download, install, or use the Application.

20. Scope of Licence

20.1 Mindset Ltd grants you a personal, limited, non-exclusive, non-transferable, revocable licence to install and use the Application on devices that you own or control, solely for your own personal, non-commercial use, and in accordance with this EULA and any applicable App Store or Google Play usage rules.

20.2 This licence does not permit you to:

20.3 If you sell or transfer ownership of a device on which the Application is installed, you must remove the Application from that device before doing so.

21. Intellectual Property

21.1 The Application, including all content, features, functionality, code, design, and related documentation, is owned by Mindset Ltd and is protected by copyright, trade mark, and other applicable intellectual property laws. All rights not expressly granted to you under this EULA are reserved by Mindset Ltd.

21.2 The name "Mindset," the Mindset logo, and all related product and service names, designs, and slogans are trade marks of Mindset Ltd. You may not use these marks without the prior written permission of Mindset Ltd.

21.3 Nothing in this EULA transfers any intellectual property rights to you. Your licence is a right to use the Application, not ownership of the Application or any intellectual property within it.

22. User Obligations and Acceptable Use

22.1 By using the Application, you represent and warrant that:

22.2 You agree that you will not use the Application in any manner that:

23. Updates and Changes to the Application

23.1 Mindset Ltd may from time to time release updates to the Application that fix defects, improve performance, or introduce new features. Depending on your device settings, these updates may be applied automatically.

23.2 We reserve the right to modify, suspend, or discontinue any aspect of the Application at any time. We will endeavour to provide reasonable notice of significant changes where practicable. We shall not be liable to you for any modification, suspension, or discontinuation of the Application or any part thereof.

23.3 Continued use of the Application following the release of an update constitutes your acceptance of the updated version. If any update is accompanied by a revised EULA, your continued use will constitute acceptance of the revised EULA.

24. Consent to Use of Data

24.1 By using the Application, you acknowledge and agree that Mindset Ltd may collect and use technical and diagnostic data as described in Part A of this document (Privacy Policy). Such data is used to provide software updates, product support, and service improvements. To the extent that such data does not personally identify you, it may be used to improve our products and to provide and develop services and technologies.

24.2 All personal data processing is governed by Part A of this document. In the event of any conflict between this clause and Part A, Part A prevails.

25. Third-Party Services and Links

25.1 The Application may facilitate access to third-party services, including Apple services and Google services, through which subscriptions are managed. Your use of any third-party service is governed by that third party's own terms of service and privacy policy. Mindset Ltd is not responsible for the practices of any third-party service.

25.2 The Application does not contain links to third-party websites for advertising or commercial purposes. Any reference to third-party products or services within the Application is for operational purposes only.

26. Termination

26.1 This EULA is effective from the date you first use the Application and continues until terminated.

26.2 You may terminate this EULA at any time by deleting the Application from your device and closing your Mindset account.

26.3 Mindset Ltd may terminate this EULA immediately, without notice, if:

26.4 Upon termination for any reason, your licence to use the Application ceases immediately, and you must delete all copies of the Application from your devices. Termination does not affect any rights or liabilities that have accrued prior to the date of termination. Sections of this EULA that by their nature should survive termination (including but not limited to Sections 21, 27, 28, and 29) will continue in full force.

27. Disclaimer of Warranties

27.1 THE APPLICATION IS PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTY OF ANY KIND, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MINDSET LTD EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

27.2 Nothing in this EULA excludes or limits any warranty that cannot be excluded or limited under applicable consumer protection law, including under the Consumer Rights Act 2015 (UK).

27.3 We do not warrant that our enforcement features will be effective in all circumstances or on all device configurations. No enforcement mechanism can guarantee that blocking cannot be circumvented under any circumstances. Our marketing accurately describes our enforcement features as strong and friction-based. We do not represent them as technically unbreakable.

28. Limitation of Liability

28.1 TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MINDSET LTD, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, HOWEVER CAUSED, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE APPLICATION, INCLUDING BUT NOT LIMITED TO LOSS OF DATA, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF GOODWILL, OR LOSS OF BUSINESS OPPORTUNITY.

28.2 NOTWITHSTANDING THE FOREGOING, MINDSET LTD'S TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS EULA OR YOUR USE OF THE APPLICATION SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL AMOUNT PAID BY YOU TO MINDSET LTD IN THE TWELVE MONTHS PRECEDING THE CLAIM; OR (B) ONE HUNDRED POUNDS STERLING (£100).

28.3 Nothing in this EULA excludes or limits Mindset Ltd's liability for: death or personal injury caused by our negligence; fraud or fraudulent misrepresentation; any other liability that cannot be excluded or limited under applicable law, including under the Consumer Rights Act 2015 (UK).

28.4 If you are a consumer located in the European Union, nothing in this EULA affects your rights under mandatory consumer protection law applicable in your member state.

29. Governing Law and Jurisdiction

29.1 This EULA and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter shall be governed by and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.

29.2 Subject to clause 29.3, the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this EULA.

29.3 If you are a consumer resident in a European Union member state, you may also bring proceedings in the courts of your country of residence, to the extent that applicable consumer protection law in that country provides you with such a right. Nothing in this EULA restricts any rights you may have as a consumer under the mandatory laws of the country in which you are resident.

29.4 The United Nations Convention on Contracts for the International Sale of Goods does not apply to this EULA.

30. General Provisions

30.1 Entire agreement: This EULA and the Privacy Policy (Part A) together constitute the entire agreement between you and Mindset Ltd with respect to your use of the Application and supersede all prior agreements, representations, and understandings of any kind.

30.2 Severability: If any provision of this EULA is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be deemed modified to the minimum extent necessary to make it valid and enforceable, or severed if modification is not possible. The remaining provisions of this EULA shall continue in full force and effect.

30.3 Waiver: A failure or delay by Mindset Ltd to exercise any right or remedy under this EULA shall not constitute a waiver of that right or remedy. Any waiver must be given expressly and in writing.

30.4 Assignment: You may not assign, transfer, or sublicense any of your rights or obligations under this EULA without the prior written consent of Mindset Ltd. Mindset Ltd may assign its rights and obligations under this EULA without restriction, including in connection with a merger, acquisition, or sale of assets.

30.5 Notices: Any notices or communications from us to you will be sent to the email address registered to your account. Notices from you to us should be sent to hello@mindsetapp.io.

30.6 Language: This EULA is written in English. In the event of any inconsistency between the English version and any translated version, the English version prevails.

30.7 No partnership or agency: Nothing in this EULA creates or implies any partnership, joint venture, agency, franchise, or employment relationship between you and Mindset Ltd.

31. Contact Us

For all questions, requests, and correspondence relating to this Privacy Policy, this EULA, or your personal data, please contact us at:

Mindset Ltd

Registered in England and Wales

Email: hello@mindsetapp.io

Website: mindsetapp.io

We aim to respond to all privacy-related enquiries within three business days and to resolve requests fully within the time periods required by applicable law. If you are not satisfied with our response, you may refer the matter to the relevant supervisory authority as described in Section 16 of this Policy.

Mindset Ltd · Privacy Policy & EULA · Version 2.0 · 27 March 2026

This document is governed by the laws of England and Wales. Registered in England and Wales. © 2026 Mindset Ltd. All rights reserved.

For the most current version of this document, visit mindsetapp.io/privacy

Enforce your focus

hello@mindsetapp.io

InstagramTwitterTiktokLinkedIn
Individual
For Schools
For Enterprise
Blog
Mindset

© 2026 Mindset. All rights reserved.

Privacy Policy
Terms of Service
Mindset
Privacy Policy
Terms and Conditions

© 2026 Mindset. All Rights Reserved.