Legal
Privacy Policy
Last updated: April 2026
1. Who we are
Mend is operated by King Chi Ltd. We are the data controller for your personal information.
Contact: info@king-chi.org
2. What data we collect
| Data | Purpose | Storage |
|---|---|---|
| Email address | Account creation & sign-in | Encrypted, access-controlled database |
| Display name | Personalisation | Encrypted, access-controlled database |
| Journal entries | Your personal healing journal | Encrypted at rest (AES-256) |
| Task completion | Track your 90-day progress | Encrypted at rest (AES-256) |
| Chat messages | AI companion conversations | Processed in real time, not permanently stored |
| Phase progress | Determine which character you see | Encrypted at rest (AES-256) |
| YOU avatar selection | Your Phase 6 character | Encrypted at rest (AES-256) |
| Purchase status | Unlock premium features | Apple App Store / Google Play Store |
3. What we do not collect
- We do not collect your location.
- We do not collect your contacts.
- We do not collect health or medical data.
- We do not sell your data to third parties.
- We do not use your data for advertising.
4. AI companion conversations
When you chat with a Mend character, your messages are sent to a secure AI service for processing. Messages are used solely to generate a response and are not permanently stored after the session ends. We do not train AI models on your conversations. All data is transmitted over TLS-encrypted connections.
5. Legal basis (GDPR)
- Contract: We process your data to provide the Mend service you signed up for.
- Legitimate interest: We use anonymous analytics to improve the app.
- Consent: Push notifications are opt-in only.
6. Data retention
- Your data is retained for as long as your account is active.
- If you delete your account (Settings → Delete Account), all your data is permanently removed within 30 days.
- Guest accounts and their data are deleted when the user signs out or the app is uninstalled.
7. Your rights
Under GDPR and UK data protection law, you have the right to:
- Access your data — request a copy.
- Rectify inaccurate data.
- Erase your data — delete your account at any time.
- Port your data — request an export.
- Object to processing.
- Withdraw consent for notifications at any time.
To exercise any of these rights, email info@king-chi.org.
8. Third-party services
We use trusted third-party services to operate Mend, including:
- Authentication provider — secure sign-in (Apple, Google, email).
- Cloud database — encrypted storage for your account data.
- AI processing service — generates companion responses in real time.
- Apple App Store / Google Play Store — payment processing.
All services are GDPR-compliant. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We only share the minimum data required for each service to function. We do not share your data with advertisers or data brokers.
9. Children
Mend is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.
10. Security
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is restricted to authenticated users only. We follow industry security best practices including access controls, audit logging, and regular security reviews.
11. Changes to this policy
We may update this policy from time to time. We will notify users of material changes through the App. Continued use after changes constitutes acceptance.
12. Contact & complaints
Data controller: King Chi Ltd
Email: info@king-chi.org
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO).