Privacy
This covers mindfulmarkus.com and the two apps — Abundance and Mindful Scroll. They share one account, so they share one policy. Last updated 16 July 2026.
The short version: I don't track you, I don't run ads, and I don't sell anything to anyone. Abundance holds a detailed picture of your money, and I treat it that way. The one thing that leaves my systems is a voice recording or receipt photo, and only if you choose to use those features — that's spelled out below.
Who is responsible
The controller for this data, in the sense of the GDPR, is:
Markus Mehlhorn
Mauthnerstrasse 20
83224 Grassau
Germany
markus.mehlhorn@icloud.com
This is a private project, not a company. Write to me at that address for anything in this policy — it reaches a person, not a ticket queue.
What I hold, and why
Only you can read your own rows. That's enforced by the database itself (Postgres row-level security), not just by the app.
Voice entry and receipt scanning
These are optional, and they are the only features that send your data outside my systems.
If you record a voice entry, the audio goes to OpenAI to be turned into text. If you scan a receipt, the photo goes to OpenAI to be read. The AI Outlook sends projected totals. There is no other way to read them automatically.
Per OpenAI's API terms, this data is not used to train their models and is deleted within about 30 days. I don't store the recording or the photo at all — only the entry you confirm. Legal basis: Art. 6(1)(b), because you asked for that feature. The app tells you this before the first time you use it.
If you'd rather nothing left my systems: type your entries by hand. Everything else in the app works exactly the same.
Who else touches it
These companies process data on my behalf, under a data-processing agreement:
Transfers outside Europe: your entries live in Singapore, and the companies above are US-based. Both are outside the EU/EEA. These transfers rely on the EU Standard Contractual Clauses in each provider's data-processing agreement, and where applicable the EU–US Data Privacy Framework.
What I don't do
No analytics. No advertising. No tracking pixels. No profiling, no automated decision-making. I don't sell or share your data with anyone beyond the processors above. There are no third-party cookies — the app stores a sign-in token and your own settings on your device, and nothing else.
Fonts are served from my own servers rather than Google's, so simply opening the app doesn't announce you to anyone.
How long I keep it
For as long as you have an account. Ask me to delete it and everything goes — profile, entries, sessions — within 30 days, apart from anything I'm legally required to keep.
Being straight with you: there is no “delete my account” button in the app yet. Email me and I'll do it by hand. Building the button is on my list.
Your rights
Under the GDPR you can ask me for a copy of your data (Art. 15), to correct it (16), to delete it (17), to restrict what I do with it (18), to hand it to you in a portable file (20), and to object to processing (21). Where you gave consent — the update or WhatsApp opt-ins — you can withdraw it at any time (Art. 7(3)); that doesn't affect anything done before.
Email me and I'll answer within a month. There is no charge.
You can also complain to a supervisory authority (Art. 77). Mine is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.
Changes
If this changes in a way that matters, I'll say so in the app rather than quietly editing this page. Last updated 16 July 2026.