Our policy.

Data privacy.

What we collect, why we collect it, and what we do with it. If you ever want a copy or deletion, the contact at the bottom of this page is the right path.

What we collect

Email

Required for account creation. Used for authentication, password reset, and (if you opt in) a weekly digest. Never sold, never shared with marketers.

Handle

Your public identifier across leaderboards. 3–20 lowercase characters; you pick it at signup, you can change it later.

Game performance

For every session: the game, the difficulty config, your score, the timing of your inputs (the “replay envelope”), and the modality you played on (keyboard / mouse / touch / pen). Used to compute your ratings and verify scores against cheating.

Daily question responses

If you answer the daily question: the time you spent reading, every option you weighed, and your final answer. No XP awarded; this is research data. See “Research use” below.

Hashed IP

Hashed against a salt that rotates daily. We never persist your raw IP. Used for rate-limiting and anti-cheat fingerprinting only.

Hardware fingerprint

A coarse hash of your browser + screen + input characteristics. Used to flag accounts that share a fingerprint (signal: same device, multiple accounts). Not used for ad targeting.

What we don’t collect

• We do not run third-party analytics (no Google Analytics, no Mixpanel, no Amplitude).
• We do not embed third-party ad networks. There are no ads on mindlsn.
• We do not sell, rent, or otherwise share your email or handle with anyone outside mindlsn.
• We do not require real names, dates of birth, or any identifying information beyond an email.

Retention

Replay envelopes (the per-session input timing data) are kept for 90 days, then deleted. Aggregate scores and ratings are kept for the lifetime of the account. Daily question responses are kept for the lifetime of the account and may be shared in anonymized form for educational research (see below). Hashed IPs are kept for 30 days and rotated against a daily salt so they cannot be linked back to a stable identifier.

Research use

Daily question responses are the only data we anonymize and aggregate for research purposes. Aggregation happens in batches of at least 50 responses, with the email and handle stripped before analysis. Research outputs may be shared with verified `.edu` partners (DataFest, TestMyBrain, similar) under a research-use agreement. You can opt out of research use without affecting your account - see Account settings.

Deletion and export

You can delete your account from Account settings at any time. Deletion removes your email, handle, scores, replays, and daily question responses within 7 days. Aggregate research outputs generated before deletion remain valid (they’re already anonymized and cannot be reversed); we will not include your data in any future aggregations.

To request an export of your data (JSON of scores + responses), email privacy@mindlsn.com with the email address on your account. We ship the export within 14 days.

Account terms.

By creating an account, you agree to the following. They’re short on purpose.

Account responsibility

You’re responsible for keeping your password reasonable and for any activity on your account. Share-an-account behavior breaks the rating signal; we’ll flag and may suspend shared accounts. Use a real password manager.

Acceptable use

• No automation. Bots, macros, scripts, or solver-tool assistance on rated sessions invalidate the session and may suspend the account. The replay envelope + server re-simulation will catch most attempts.
• No score manipulation. Multiple accounts to seed a leaderboard, traffic from a known cheat ring, or anything that gives the leaderboard a false signal is a suspension trigger.
• No harassment via handles. Your handle is public on leaderboards. Slurs, impersonation, or targeted harassment get renamed without notice.
• No commercial reuse of mindlsn’s game UIs or aggregated data without written permission.

What we don’t claim

For the avoidance of doubt - and because the FTC’s 2016 Lumosity case is the relevant precedent - mindlsn makes no medical, clinical, or therapeutic claims. We do not claim mindlsn raises IQ, delays cognitive decline, treats ADHD or any other condition, improves academic / work / athletic performance, or transfers to anything outside the games themselves. See our methods page for the full breakdown.

Liability

mindlsn is provided as-is. We don’t guarantee uptime, rating accuracy, leaderboard position, or anything else beyond a reasonable best effort. We are not liable for indirect or consequential damages arising from your use of the platform. This is the standard internet-software liability posture; nothing unusual lives here.

Account suspension and closure

We can suspend or close an account that violates the acceptable- use rules above. You can close your own account from Account settings at any time. Either way, the data-retention rules in the Privacy section above apply: most data is removed within 7 days of closure.

Changes to these terms

We’ll bump the version number at the top of this page and stamp the date when these terms change materially. The previous versions stay readable in the changelog. Continuing to use mindlsn after a material change is acceptance of the new terms.

About cookies.

mindlsn sets only the cookies needed to keep you signed in and remember your preferences. No tracking, no advertising, no third-party analytics tags.

session

Auth session token. Set on sign-in; cleared on sign-out. HttpOnly, Secure, SameSite=Lax. Lifetime 30 days, refreshed on use.

mindlsn:theme

Your theme preference (paper / cabinet). LocalStorage, not a true cookie. Set when you toggle the theme switcher.

mindlsn:guest_id

UUID minted on first anonymous visit. Lets you save scores from your anonymous session when you sign up. LocalStorage; cleared on sign-up success.

mindlsn:csrf

CSRF token used on every state-changing form submission. Renewed per session.

That’s the complete list. We do not set any cookies for advertising, analytics, A/B testing, or remarketing. If you find mindlsn setting anything not listed above, that’s a bug; let us know.