Your Custom Text Here

Privacy Policy - Kaleidoscope Axiom Inc.

Last Updated: April 12, 2026

Introduction

Kaleidoscope Axiom Inc. ("we," "us," "our") operates the Mim and Krystallos web and mobile applications (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

1. Personal Information You Provide

Mim (Mobile Application):

  • Account information (email address, username)
  • Authentication data (password, tokens)
  • Value assessment responses
  • Coaching conversation history
  • Extracted memory points derived from coaching sessions (key insights saved to maintain continuity across sessions)
  • Selected coaching journey (Career, Health, Relationships, Personal Growth)
  • Data residency preference (your chosen storage region — see "Data Residency" below)
  • User preferences and settings

Krystallos (Web Application):

  • Email address (optional, only if you choose to subscribe to updates or create an account)
  • Value assessment responses
  • Survey responses (optional)
  • Feedback submissions (optional)
  • Data residency preference (your chosen storage region, if you create an account — see "Data Residency" below)

If you create an account in Krystallos, your assessment data is synced to our cloud infrastructure for cross-device access and sharing with Mim and MCP. Without an account, your data is stored only in your browser's local storage.

2. Health and Wellness Data

Within Mim's coaching journeys — particularly the Health journey — you may voluntarily share personal health and wellness information. This may include:

  • Information about your physical or mental health, wellbeing, or lifestyle
  • Health-related goals, habits, or personal wellness concerns
  • Any other health-related details you choose to disclose during a coaching session

This information is collected only when you voluntarily share it during a coaching session. It is used exclusively to provide personalised coaching responses aligned with your values and goals. Your health-related conversation content is:

  • Stored securely in our cloud database (AWS DynamoDB)
  • Processed by our AI coaching engine (Claude, provided by Anthropic, accessed via AWS Bedrock) to generate coaching responses
  • Subject to memory extraction to maintain coaching continuity across sessions
  • Never sold to third parties or used for advertising purposes
  • Deleted when you request account deletion

Important: Mim is a personal development and values coaching application, not a medical or healthcare service. Nothing shared or received within the App constitutes medical, psychiatric, or clinical advice. Please consult qualified healthcare professionals for any health concerns.

3. Safety and Content Monitoring Data

Mim includes automated safety and content monitoring systems that evaluate coaching conversations for signs of emotional distress, crisis, and prohibited content. These systems:

  • Use evidence-based psychological constructs to assess whether a user may be experiencing a crisis
  • Detect prohibited content including hate speech, threats of violence, and other harmful content
  • Operate automatically after each coaching response — they cannot be disabled while using the coaching feature
  • May flag certain messages for review and store them separately in a dedicated safety log
  • Trigger delivery of crisis support resources (such as the 988 Suicide & Crisis Lifeline and international helpline directories) when appropriate
  • May replace or modify an AI coaching response with crisis support information or a content policy notice in urgent situations

IP Address Collection: We collect your IP address when you use the coaching feature. This information is stored alongside flagged content and is used to identify the appropriate jurisdiction and authorities in cases where referral may be necessary (see "Referral to Authorities" below).

Flagged safety and content data is stored securely and may be retained separately from your regular conversation history for compliance, safety reporting, and potential referral to authorities.

Referral to Authorities: In cases where our monitoring systems detect content involving credible threats of violence, hate speech that may constitute a criminal offence, or ideation suggesting imminent harm to yourself or others, we may refer the flagged content — along with associated account information and IP address — to the appropriate law enforcement or regulatory authorities. We use your IP address to help determine the relevant jurisdiction for such referrals.

We may be required to report anonymized, aggregated crisis referral statistics to regulatory authorities.

Important: Mim is an AI chatbot, not a licensed therapist or crisis service. It is not a substitute for professional mental health support. If you are in crisis, please contact emergency services or a crisis helpline immediately.

4. Voice Input

Mim offers an optional voice input feature that uses your device's built-in speech-to-text capability. If you choose to use voice input:

  • Your device's microphone is accessed only while you are actively using the voice input feature
  • Speech recognition is processed on-device using your operating system's native speech-to-text service
  • We do not transmit raw audio to our servers; only the resulting transcribed text is sent
  • You can use the App entirely without enabling voice input

5. Third-Party AI Tool Access (MCP)

Krystallos offers an optional feature that allows you to connect your values data to external AI tools (such as Claude Desktop or other compatible applications) using the Model Context Protocol (MCP). If you choose to use this feature:

  • You must authenticate and hold an active MCP subscription or Mim subscription
  • You authorize the connected AI tool to read your values assessment data, mind map structure, and related information
  • Your data is transmitted from our servers to the external AI tool you have connected — this data leaves your chosen storage region
  • You can revoke access at any time by disconnecting the AI tool or cancelling your subscription
  • We are not responsible for how third-party AI tools process, store, or use your data once it leaves our servers — please review the privacy policy of any AI tool you connect

MCP access is always user-initiated. We never share your data with external AI tools without your explicit authorization.

6. Automatically Collected Information

Analytics Data (with your consent): We use PostHog, a third-party analytics service, to understand how you use our Service. When you consent to analytics, PostHog may collect:

  • Device information (browser type, operating system, device model)
  • Usage data (pages viewed, features used, time spent)
  • Session data (session duration, interactions)
  • Anonymized user identifiers

PostHog is hosted in the United States. For more information about PostHog's privacy practices, visit: https://posthog.com/privacy

Essential Data (always collected):

  • Assessment progress and state (stored locally on your device in Krystallos web app)
  • User preferences and consent choices

7. Cookies and Local Storage

Krystallos Web Application:

  • Essential Storage (localStorage): We store your assessment progress, value ratings, clustering data, and consent preferences in your browser's local storage. If you create an account, this data is also synced to our cloud infrastructure (in your chosen data residency region) for cross-device access and sharing with Mim and MCP. Without an account, this data never leaves your device. These are essential for the application to function and cannot be disabled.
  • Analytics Cookies (optional): If you consent to analytics, PostHog may set cookies to track your session and usage patterns across visits.

Mim Mobile Application:

  • Session tokens for authentication
  • User preferences
  • Analytics data (with consent)

Your Control: You can manage your consent preferences at any time through:

  • The consent banner on your first visit to Krystallos
  • The "Privacy Settings" link in the application footer
  • Your browser's privacy settings to clear cookies and local storage

How We Use Your Information

We use the collected information for the following purposes:

  1. Provide and Maintain the Service

    • Deliver the value assessment experience
    • Store your assessment progress and results
    • Provide AI-powered coaching (Mim)
    • Authenticate your account (Mim)

  2. Improve the Service (with your consent)

    • Analyze usage patterns to improve user experience
    • Identify and fix bugs
    • Understand which features are most valuable
    • Optimize assessment completion rates

  3. Communicate with You (with your consent)

    • Send updates about Krystallos and Mim
    • Respond to your feedback and support requests
    • Notify you of important changes to the Service

  4. Comply with Legal Obligations

    • Respond to legal requests
    • Enforce our Terms of Use
    • Protect our rights and the rights of our users

Consent Management

We provide you with granular control over your data:

Consent Categories

  1. Essential Storage (always active)

    • Required for the Service to function
    • Stores assessment progress locally on your device
    • Cannot be disabled

  2. Analytics (optional, disabled by default)

    • Enables PostHog tracking
    • Allows us to understand usage patterns
    • Enables in-app surveys

  3. Marketing Communications (optional, disabled by default)

    • Allows us to collect your email address
    • Enables us to send updates about Krystallos and Mim
    • You can unsubscribe at any time

How to Manage Consent

  • Initial Choice: When you first visit Krystallos, you'll see a consent banner with options to "Accept All," "Reject All," or "Manage Preferences."
  • Change Anytime: Access "Privacy Settings" from the application footer on any page.
  • Granular Control: You can enable analytics while declining marketing communications, or vice versa.

We record the date and time when you grant or revoke consent for compliance purposes.

Survey Data

We may occasionally ask you to complete surveys to help us improve the Service. Survey participation is always optional. Survey responses may include:

  • Feedback about your experience
  • Ratings of features or satisfaction
  • Open-text comments

Survey data is collected via PostHog and is only gathered if you have consented to analytics. Survey responses are anonymized unless you choose to provide your email address for follow-up.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share your information in the following limited circumstances:

  1. Service Providers

    • PostHog (United States): Analytics and survey platform (with your consent). PostHog Privacy Policy
    • Amazon Web Services / AWS (United States, Canada, or Ireland, depending on your chosen data residency region): Cloud infrastructure for Mim and Krystallos, including database storage (DynamoDB), API (AppSync), authentication (Cognito), and AI model inference (Bedrock). Your data is stored and processed in the AWS region you select at account creation (see "Data Residency" below). AWS processes data in accordance with their Data Processing Addendum.
    • Anthropic via AWS Bedrock (same region as your data residency choice): Our AI coaching engine uses Claude, a large language model developed by Anthropic, accessed through AWS Bedrock. Your coaching conversation messages and values context are processed within your chosen data residency region. Conversation data sent to Bedrock is not used to train Anthropic's models.
    • RevenueCat (United States): Manages subscription billing and entitlements for Mim. RevenueCat may collect your app store account identifier and subscription status. Actual payment processing is handled by Apple App Store or Google Play (mobile subscriptions) or Stripe (web subscriptions). We do not collect or store your payment card details — these are handled directly by RevenueCat and Stripe in accordance with PCI-DSS standards.

  2. Legal Requirements and Safety Referrals

    • To comply with a legal obligation
    • To protect and defend our rights or property
    • To prevent or investigate possible wrongdoing
    • To protect the safety of users or the public
    • To refer flagged content involving credible threats, hate speech, or harmful ideation to the appropriate law enforcement or regulatory authorities, along with associated account information and IP address (see "Referral to Authorities" above)

  3. Business Transfers

    • In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity

Data Retention

  • Krystallos (Web): For unauthenticated users, assessment data is stored in your browser's local storage indefinitely until you clear your browser data or use the "Restart Process" feature. For authenticated users, assessment data is also stored in our cloud infrastructure and retained as long as your account is active. You may delete your account at any time. Consent records are stored separately in local storage and persist even after restarting the assessment.
  • Mim (Mobile): Account data and conversation history are retained as long as your account is active. You may delete your account at any time.
  • Safety-Flagged Data: Messages flagged by our automated safety and content monitoring systems, along with associated IP addresses, may be retained separately from your regular conversation history for compliance, safety reporting, and potential referral to authorities, even after account deletion, as required by applicable law.
  • Analytics Data: PostHog retains data according to their retention policy. We do not control PostHog's retention practices.
  • Email Marketing: If you provide your email address, we retain it until you unsubscribe or request deletion.

Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Secure authentication (AWS Cognito for Mim)
  • Regular security reviews
  • Access controls and logging

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights:

  1. Access: Request a copy of the personal information we hold about you
  2. Correction: Request correction of inaccurate or incomplete information
  3. Deletion: Request deletion of your personal information
  4. Portability: Request transfer of your data to another service (Mim)
  5. Objection: Object to processing of your personal information
  6. Withdraw Consent: Withdraw consent for analytics or marketing at any time (does not affect prior processing)
  7. Restrict Processing: Request restriction of processing in certain circumstances

For Krystallos (Web): If you use Krystallos without an account, your assessment data is stored locally on your device and you have full control over it:

  • Clear your browser's local storage to delete all assessment data
  • Use the "Restart Process" feature to reset your assessment
  • Change consent preferences via "Privacy Settings"

If you have a Krystallos account, your data is also stored in our cloud infrastructure. You can delete your account and cloud data through Account Settings, or contact us at info@kaleidoscopeaxiom.com.

For Mim (Mobile): Contact us at info@kaleidoscopeaxiom.com to exercise your rights. We will respond within 30 days.

United States Residents

Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA/CPRA). We do not sell or share your personal information for cross-context behavioral advertising. To exercise your rights under California law, contact us at info@kaleidoscopeaxiom.com with "California Privacy Request" in the subject line.

AI Companion Safety Compliance

Mim's AI coaching feature is designed to comply with applicable U.S. state laws governing AI companion and digital mental health chatbot applications, including California SB 243 (Digital Mental Health Companion Chatbot Safety) and New York's AI Companion Models Law (S3008), as well as similar legislation that may be enacted in other states. Our compliance measures include:

  • AI Disclosure: Mim clearly discloses that it is an AI chatbot, not a licensed therapist or crisis service, and is not a substitute for professional mental health support.
  • Crisis Detection: Mim uses evidence-based methods to detect when a user may be in emotional distress or crisis, and provides crisis support resources (including the 988 Suicide & Crisis Lifeline and international helpline directories) when appropriate.
  • Session Breaks: Mim prompts users to take breaks after extended coaching sessions to support wellbeing.
  • Minor Advisory: Mim is not intended for use by minors.
  • Reporting: We maintain records of crisis referrals as required for regulatory reporting.
  • Notification: In addition to automated responses, our team receives direct notifications when the safety monitoring system flags a conversation, ensuring human awareness of escalated situations

Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@kaleidoscopeaxiom.com and we will promptly delete it.

Data Residency

When you create an account with Mim or Krystallos, you choose a data residency region that determines where your core personal data is stored and processed. Currently available regions are:

  • United States (Virginia) — data stored and processed in AWS us-east-1
  • Canada (Montreal) — data stored and processed in AWS ca-central-1
  • Ireland (Dublin) — data stored and processed in AWS eu-west-1

Your chosen region applies to your account information, value assessment data, coaching conversation history, extracted memories, mind map structure, and AI coaching processing (including AWS Bedrock). Data stored in the Ireland region remains within the EU. Data stored in the Canada or United States regions remains within North America.

What is NOT affected by your region choice:

  • Analytics data (if you consent to analytics): PostHog processes analytics data in the United States regardless of your chosen region.
  • Subscription billing: RevenueCat and Stripe process billing data in the United States.
  • MCP connections: If you connect external AI tools via MCP, your data is transmitted to those tools and may leave your chosen storage region (see "Third-Party AI Tool Access" above).

International Data Transfers

Our Service is operated by Kaleidoscope Axiom Inc., a Canadian corporation. Depending on your chosen data residency region and the services you use, your data may be processed in Canada, the United States, Ireland, or other jurisdictions.

For users in the European Economic Area (EEA) who choose the Ireland data residency region, your core personal data — including AI coaching processing via Bedrock — remains within the EU. However, some ancillary services (analytics, billing) may still involve transfers to the United States.

We ensure appropriate safeguards are in place for all international transfers, including:

  • Standard Contractual Clauses (SCCs) with service providers
  • Adequacy decisions by the European Commission where applicable (Canada has an adequacy decision under GDPR)
  • Your explicit choice of data residency region as an additional safeguard

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Kaleidoscope Axiom Inc. Email: info@kaleidoscopeaxiom.com

For GDPR-related inquiries (EEA residents), please include "GDPR Request" in your email subject line.