Privacy Policy

Effective Date: September 2, 2025

---

Who we are: Mylin (the “Service”, “we”, “us”, “our”) provides a mental, emotional, behavioral and intellectual well‑being platform that compiles structured feedback from trusted circles (e.g., parents, teachers, mentors), tracks life events, self-journal of user’s daily behaviors and delivers AI‑driven insights and reports.

555 Republic Dr, Suite 201, Plano, TX 75074, USA

Email: support@mylinapp.com

By registering for an account with us, you are accepting the terms of this Privacy Policy, and you are consenting to our collection, use, disclosure, retention and protection of your personal and other information as described in this Privacy Policy.

1. Scope & Roles

• This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use Mylin websites, apps, and services.
• Direct‑to‑consumer accounts (parents/guardians): Mylin is the controller of personal information.
• Organization accounts (e.g., schools, clubs): Mylin typically acts as a processor/service provider on behalf of the institution, which is the controller

2. What We Collect

We use the collected information for the following purposes:

• Account & relationship data - The personal information you voluntarily provide us. For example, Parent/guardian name, email, phone; child profile (e.g., first name, last name, Date of Birth, class/grade, school or club), and invited contributors (e.g., teachers, mentors, friends, coaches).
• Feedback & life‑event content - Structured observations from trusted circles; selection of behaviors from the pre-defined list, optional free‑text notes as comments; life‑event entry selection from the pre-defined list and tags; reports and insights about emotional, behavioral, mental, and intellectual development; personality traits score, credibility score based on the user’s activity in the product, predictive alerts and risk indicators.
• Usage & device data - App/web logs, device identifiers, IP address, approximate location from IP, app version, referral source, error/crash logs, and similar telemetry.
• Communications - Support requests, survey responses (including Beta program), in‑app messages, and email preferences managed by the users.
• Payment data - Limited billing information processed by our payment provider (We do not store any PII or PCI data within Mylin app. It’s managed by our Payment gateway provider)
• Cookies & similar technologies - Cookies, SDKs, pixels and local storage used for authentication, security, preferences, analytics, and feature performance.

Children: For users under 13 in the U.S., we obtain verifiable parental consent before collecting personal information, unless an exception applies.

3. Why We Use Data (Purposes) & Legal Bases

• Service delivery & accounts - create and manage accounts; authenticate users; generate dashboards and reports; enable invitations and access controls.
• Insights & personalization - produce AI‑assisted insights from contributed observations and life events; notifications you opt in to.
• Safety & vital interests - detect and act on signals indicating risk of onset of mental disorders where permissible and appropriate. We do not provide emergency services.
• Product improvement & research - analytics, quality assurance, de‑identified statistics, and user research to improve features and model performance.
• Communications - transactional emails (e.g., account, security), and-if you opt in-product updates or Beta surveys.
• Compliance & enforcement - legal obligations, responding to lawful requests, preventing misuse and fraud.

4. Sources of Data

• You (parent/guardian), teen users as permitted, and invited contributors (e.g., teachers, mentors).
• Your organization (for enterprise/school deployments).
• Your device/browser.
• Service providers (e.g., analytics), strictly for services we request.

5. Sharing & Disclosures

Protecting this Information is a top priority for us. We will never sell or rent any Information you input in the We do not sell personal information, and we do not share it for cross‑context behavioral advertising.

• Service providers/processors - hosting, analytics, error monitoring, messaging, and payments-under contracts that limit use to our instructions.
• Your trusted circle - per your settings/role permissions (e.g., Your parents can view what you allow).
• Organizations - for institution‑managed accounts, data is shared per the contract with the school/club and your role permissions.
• Legal/safety - when required by law or to protect vital interests (e.g., credible risk of harm), consistent with applicable legal standards.
• Corporate transactions - in a merger, acquisition, or asset sale, with appropriate protections.

6. Cookies & Tracking

We use cookies/SDKs for authentication, security, remembering preferences, analytics, and performance. You can control cookies in your browser or device; some features may not function without essential cookies. If you use the app via a school deployment, cookie settings may be more limited to essential operation. See our Cookie Notice for details.

7. Data Retention

We retain personal information only as long as needed for the purposes above, then delete or de‑identify it. Indicative periods (subject to your settings/contractual obligations):

• Account & profile data: for the life of the account + up to 24 months.
• Logs & telemetry: 12–24 months.
• Life‑event entries & feedback: until you delete them or your admin/organization instructs deletion, or upon account closure (plus a short backup window).
• Legal/compliance records: per statutory limits.

8. Security

We apply layered controls to protect data (encryption in transit/at rest where applicable, access controls, logging, secure development practices, and vendor due diligence). No method of transmission or storage is 100% secure, but we continually improve safeguards and limit access to those with a need to know.

9. Your Rights & Choices

• Global controls - Access, correction, deletion, and export/portability; object/opt out of certain processing (e.g., analytics) and withdraw consent (where relied upon); manage sharing via in‑product settings. We will respond consistently with applicable law and, where we process on behalf of an organization, refer your request to the controller.
• U.S. – California (CCPA/CPRA) - California residents have the right to know, access, correct, delete, and opt‑out of sale/share of personal information, and to limit use/disclosure of sensitive personal information. We do not sell or share your information for cross‑context behavioral advertising. We will not discriminate for exercising rights.
• Washington & Nevada - Consumer Health Data - Some states regulate consumer health data (e.g., Washington’s My Health My Data Act and Nevada SB370). We provide a supplemental Consumer Health Data Notice (Appendix A) that explains how we collect/use such data, obtain consent, provide rights, and restrict geofencing/secondary use consistent with those laws.

10. Children & Teens

• Under 13 (U.S.) - Mylin is intended for use with a parent/guardian or institution acting as an authorized school official; we do not allow children under 13 to create standalone accounts. We obtain verifiable parental consent before collecting personal information from a child. Parents can review/delete their child’s information and revoke consent at any time.
• Ages 13–17 - We may allow limited teen participation (e.g., viewing certain insights, logging life events) with appropriate parental/guardian consent and controls, as required by applicable law.
• Schools - Where a K‑12 institution deploys Mylin, the school may consent on parents’ behalf solely for educational use, and we process student information under the school’s direction and applicable FERPA constraints.

11. Automated Insights & Human Oversight

Our models synthesize contributed observations and life events to produce insights and trend indicators. These insights do not make legal or similarly significant decisions about you. You can request an explanation of key factors behind a given insight and can disable/limit certain notifications.

12. Third‑Party Links & Integrations

The Service may contain links or integrations to third‑party sites or tools. Their privacy practices are governed by their own policies. Please review them before using those services.

13. Beta Program

During Beta, we may collect additional product‑feedback and diagnostic information to improve performance and reliability. Any AI‑related experiments will be disclosed in‑product with distinct opt‑ins where required. Beta participants can leave at any time, and we will stop collecting Beta‑only telemetry once you exit.

14. Not Medical Advice & Emergencies

Mylin is a mental, emotional, behavioral and intelligence well‑being and growth tool; it does not provide medical care, diagnosis, or emergency services. In an emergency or crisis, call your local emergency number or appropriate hotline. If you receive a high‑risk indicator, treat it as a prompt to seek qualified help, not as a clinical determination.

15. Changes to This Policy

We may update this Policy to reflect new features or legal requirements. We will post the updated version with a new “Effective date” and, where required, notify you and/or request consent for material changes.

16. How to Contact Us

Email: support@mylinapp.com

Mail: Privacy, Mylin, 555 Republic Dr, Suite 201, Plano, TX 75074, USA

Appendix A — Consumer Health Data Supplement (WA & NV)

Under Washington’s My Health My Data Act (MHMDA) and Nevada SB370, it can include information linked or reasonably linkable to a consumer that identifies past, present, or future physical or mental health status (e.g., mental well‑being observations, assessments, life‑event notes).

Our commitments:

• We collect/use consumer health data only for the purposes described in this Policy and this Supplement (e.g., providing well‑being insights, account management, safety, and compliance).
• We obtain consent where required before collecting or sharing consumer health data, including separate consent for secondary use when applicable.
• We provide rights to access, delete, and withdraw consent over consumer health data, and we will not discriminate for exercising these rights.
• We do not sell consumer health data.
• We do not use geofencing around in‑person health care facilities for targeting or identification.

How to exercise your CHD rights: Contact us at support@mylinapp.com. We will authenticate your request and respond within the timelines required by law.

Appendix B — California “Notice at Collection”

Under Washington’s My Health My Data Act (MHMDA) and Nevada SB370, it can include information linked or reasonably linkable to a consumer that identifies past, present, or future physical or mental health status (e.g., mental well‑being observations, assessments, life‑event notes).

Our commitments:

• Categories collected:identifiers (name, email), child profile attributes (age range/grade), relationships, feedback and life events (may be sensitive), usage data/identifiers, communications, payment metadata.
• Purposes:provide the Service and insights; maintain safety/security; analytics and improvement; communications; compliance.
• Retention: see Section 7.
• Sale/share: we do not sell and do not share personal information for cross‑context behavioral advertising. You may limit certain uses of sensitive personal information via settings or by contacting us.