Mindex is a desktop application for taking notes and working with an AI copilot over a local Markdown vault. This policy explains what data the app and its sign-in flow process, and why.
Mindex requires sign-in with a Google account. Authentication is handled by Supabase (our backend provider) using Google OAuth. We store a minimal profile — your Google account identifier, email address, and an entitlement record (your plan and account status). We do not see or store your Google password.
We request the following Google scopes:
openid, email, profile — to identify your account and show your name/avatar.https://www.googleapis.com/auth/calendar — to read and
write calendar events on your behalf when you use calendar features.
Google OAuth tokens used for the Calendar API are stored locally on your device, encrypted by your operating system keychain. Mindex's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell this data, do not use it for advertising, and do not transfer it except as needed to provide the features you request.
Your notes live as plain files in a folder on your own computer (local-first). Mindex does not upload your vault to our servers. When you use AI features, the relevant content is sent to Anthropic's Claude API (via the Claude CLI) to generate responses — see Anthropic's privacy policy.
On launch the app contacts our backend to validate your session and check the minimum required app version. These requests include your account identifier and the app version/platform; they do not include your note content.
You can sign out at any time, which clears the local session. To delete your account and associated profile data, or to revoke Calendar access, contact us at the address below (you can also revoke access from your Google account permissions).
Questions about this policy: privacy@mindex.live.