Trust documents

Privacy policy.

How MindBank collects, anonymizes, stores, and protects the information survivors choose to share. Plain language. No legalese where it can be avoided.

Effective
January 2026
Jurisdiction
Canada (PIPEDA)
Hosted in
Canadian servers

01. Our promise

MindBank exists because survivors deserve to share lived experience without fear that what they share will be used against them, sold without their knowledge, or stripped of their consent. Privacy is not a feature here. It is the foundation.

The principle

MindBank collects the least amount of information possible. Every default favours the contributor. Stories remain survivor-owned at every stage.

02. What we collect

Information you may choose to submit

  • Written stories or reflections
  • Voice notes (transcribed and stored separately from any identifying data)
  • Answers to guided, trauma-informed prompts
  • Insight reflections and recommendations
  • Your consent choices about how your story can be used

Information MindBank automatically removes before storage

  • Names, family names, and references to specific people
  • Addresses, workplaces, schools, and place names
  • Specific dates and identifying time markers
  • Any other detail flagged as potentially identifying

Information MindBank does not require

  • Legal name
  • Home address
  • Date of birth
  • Phone number (unless you choose to receive paid-research opportunities)
  • Demographic data — and where collected, always optional

03. How we use information

MindBank uses survivor submissions to:

  • Generate anonymized, aggregated insights for partner organizations
  • Identify gaps in services, support, and policy
  • Inform program design and trauma-informed training
  • Develop lived-experience-led solutions and recommendations

Stories are never used for marketing, fundraising appeals, commercial resale, or any disciplinary or legal action against a contributor.

04. When and how we share

What organizations partnered with MindBank receive:

  • Anonymized themes and trends across many contributors
  • Aggregated data summaries
  • Anonymized quotes — only when the contributor specifically consented to direct quotation
  • High-level insight reports

What organizations never receive:

  • Names or contact details
  • Identifying details from any individual story
  • Raw, unprocessed submissions
  • Cross-referenced data between you and other contributors

05. Consent — yours, always

When submitting a story, you choose one or more of the following options. You can change or revoke consent at any time, and revocation is honoured retroactively across active partnerships:

  • Internal only — kept on the platform, not shared with any organization
  • Themes only — your insights inform aggregated themes; your specific story is never quoted or read directly
  • Anonymized story — your story can be read in full by approved organizations, with all identifying detail removed
  • Use in training — your insights can inform staff training and curriculum development
  • Paid participation contact — you can be invited to focus groups, advisory circles, and paid research

06. Storage and security

MindBank protects all data using industry-standard and trauma-informed practices:

  • Canadian-based secure cloud servers with data residency guarantees
  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • Two-factor authentication for all administrative access
  • Daily encrypted backups with the same protection standards
  • Role-based access controls — staff only see what their role requires
  • Comprehensive access logging, reviewed by the Ethics Council quarterly
  • Story content stored separately from any user-identifying information

Only authorized MindBank staff with explicit role-based access can reach back-end data, and every access is logged.

07. Your rights

As a survivor or contributor, you may at any time:

  • Edit your story or insights
  • Delete your story permanently
  • Withdraw consent for any specific use
  • Request a full record of how your story has been used
  • Decline further contact, without explanation
  • Request your data in a portable format

As a partner organization, you may:

  • Request correction of inaccurate information held about your account
  • Receive your activity logs upon request
  • Request anonymized impact reports

08. Data retention

Stories are stored for a maximum of five years from the date of submission, OR until the contributor deletes the story, OR until MindBank removes the story for safety reasons (e.g., a re-flagging that detects identifying information missed during initial submission).

Deleted stories are permanently removed from all production systems within 14 days, and from all encrypted backups within 30 days.

09. AI and automated processing

MindBank uses AI for these specific purposes only:

  • Automatic identification and removal of personal identifiers
  • Theme extraction across aggregated, anonymized submissions
  • Distress-indicator screening to surface support resources

MindBank does not use AI to identify individuals, score or profile contributors, generate advertising, or share data with third-party AI services. All AI processing occurs in a secure, controlled, Canadian-hosted environment with no third-party data sharing.

10. Breach notification

In the event of a privacy breach affecting personal information:

  • Affected contributors will be notified directly within 72 hours
  • Affected partner organizations will be notified
  • The Office of the Privacy Commissioner of Canada will be notified where required by PIPEDA
  • A public transparency report will follow within 30 days

11. Contact

Privacy questions, concerns, or formal requests:

Privacy Officer

Email: privacy@mindbank.ca

Mail: MindBank Inc., [Address pending], Canada

Response within 7 business days. Formal data requests within 30 days as required by PIPEDA.