Mindful Software Privacy Policy

Effective Date: August 28, 2025

Key Privacy Points

• We hope you read this entire Privacy Policy for full detail, but here are some key points:
• Our money comes from you, not ads. As a consumer-focused subscription business, we rely on your subscriptions to offer our app.
• Other platforms may sell your sensitive personal information for targeted advertising, but we don't.
• We only ever process data about your use of our content so that we can learn more about what you're most interested in, serve you the best possible experience, and communicate with you.
• We use a small number of trusted online software platforms to help deliver and optimize our website and app.
• We honor all requests to exercise privacy rights.

A. General.

The myDream app (the "app") is owned by Mindful Software, Inc. (the "Company" or "our" or "we"). This Privacy Policy describes the types of information we collect on and through the app, how we use such information and to whom and under what circumstances we may disclose it. This Privacy Policy applies to the app and any other personal information obtained when you call, email, or otherwise communicate with the Company. By accessing the app on any computer, mobile phone, tablet, or other device (collectively, "Device") or otherwise interacting with the Company, you agree that you are subject to the terms of this Privacy Policy. If you do not agree with any part of the Privacy Policy, please do not use the app. We may modify this Privacy Policy at any time, and will post the current version on the app. We encourage you to periodically review our Privacy Policy to stay informed about how we are using the information we collect.

I. Information that You Give Us.

Here are the categories of personal information we may collect, where we got it from, and with whom we have shared it:

Category of Personal Information Collected	Source	Purpose for Collection	Categories of Recipients
Contact information: such as name, email address, business or personal address, or phone number.	From visitors to the app who contact us, and who sign-up for our services, or otherwise interact with us.	To communicate with and respond to visitors and our customers about the services we provide or the work we do for them. We may also utilize targeted micro campaigns and marketing purposes.	We may share this information with marketing companies, or other third party service providers.
Browsing information: such as your IP address, MAC address or other Device identifier, HTTP Referrer information, kind of browser or computer you use, pages and content on the app, what you click on, your state and country, date and time of your visit, and web pages you linked to our app from.	Our app and your interactions with the app, including through the use of cookies and other tracking technologies explained further below.	To evaluate usage of the app and improve its performance; to protect the security and integrity of the app and our business, such as preventing fraud, hacking, and other criminal activity or to meet legal obligations.	We do not sell this data. Our service providers who help us with app security, fraud protection and app analytics have access to this data.
Browsing information: the kind of browser or computer you use, pages and content that you visit the app, what you click on, the state and country from which you access the app, date and time of your visit, and web pages you linked to our app from.	Our app and your interactions with the app, including through the use of cookies and other tracking technologies explained further below.	To store user preferences and information, such as the preferred language and browsing preferences.	We do not sell this data. Our service providers who help us with app security, fraud protection and app analytics have access to this data.

The app and our services are directed to U.S. residents. Nonetheless, you may be viewing the app from outside of the U.S. In some jurisdictions, such as the European Union and United Kingdom, individuals may have the right to opt-in or withdraw consent for certain uses of their personal information. If you reside in such jurisdictions and wish us to withdraw any of your personal information, see "Access, Correction & Deletion" below.

II. Information We Collect Automatically.

When you use the app, we may collect certain information from you, including your Internet Protocol (IP) address, MAC address, browser type, operating system, and Device-identifying information. We may also use non-personal or aggregated information for statistical analysis, research, and other internal purposes.

III. Cookie Policy.

A cookie is a small data text file, which is stored on the hard drive of your Device. Each cookie is unique to your Device. When visiting our website, mydream.io, we may use cookies to store user preferences, maintain sessions, and track user behavior. Cookies, however, are generally "sandboxed" in the website, meaning they are specific just to the website and cannot be shared with other website. Cookies cannot be used to run programs or deliver viruses to your Device. At no time will our cookies collect your personal information.

When you visit any of our websites, we may store certain types of persistent cookies on your Device in order to authorize access to our private content and to facilitate and customize your use of our app. A persistent cookie remembers information, settings, preferences, or sign-on credentials that the user has previously saved.

Essential cookies

Essential cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account.

Functionality cookies

Functionality cookies let us operate the website in accordance with the choices you make. For example, we will recognize your username and remember the choices that you made to your account during future visits.

Analytical cookies

These cookies enable us and third-party service providers to collect aggregated data for statistical purposes on how our visitors use our website. These cookies do not contain or collect personal information and are merely used to help us improve your user experience of the website.

Once you leave any of our websites, our persistent cookies remain on your hard drive, although some expire after 6 months or 1 year. This helps create a convenient and faster app experience.

In addition, we may use cookies to: (1) allow you to use the any of our websites without having to re-enter your user name and password (if applicable); (2) enhance or personalize your website usage and experience; (3) monitor website usage; (4) manage the website; and (5) improve the website and our products and services. We currently do not use your personal information to provide interest-based ads tailored to your Device.

IV. Email.

We typically communicate through email. If you do not wish to receive communications from us, you can opt-out of receiving these communications by following the instructions contained in the messages you receive. Even if you opt-out of receiving these messages, we reserve the right to send you certain communications relating to the services we provide, and we may send you service announcements and administrative messages. We do not offer you the opportunity to opt-out of receiving those communications.

V. Disclosure of Information.

Under our Privacy Policy we may disclose information collected from and about you as follows: (1) to our related companies and service providers, to perform a business, professional or technical support function for us; (2) as necessary if we believe that there has been a violation of the app Terms of Use or of our rights or the rights of any third party; (3) to respond to legal process (such as a search warrant, subpoena or court order) and provide information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law; and (4) in the event that our Company or substantially all of its assets are acquired, or there is a re-structuring, your personal information may be one of the transferred assets. We may also disclose your personal information with your express consent. We have the option to share aggregate, non-personally identifiable information about app users with third parties.

VI. Retention of Personal Information.

We will keep your personal information while we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary:

• To respond to any questions, complaints or claims made by you or on your behalf;
• To show that we treated you fairly; or
• To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this Privacy Policy. Please note that different retention periods apply for different types of personal information.

Once it is no longer necessary to retain your personal information, we will delete or anonymize it.

VII. Security.

We maintain commercially reasonable and appropriate measures designed to maintain information we collect in a secure manner. We have taken certain physical, electronic, and administrative steps to safeguard and secure your personal information that may include limited employee access and two-factor authentication. Even though we follow commercially reasonable procedures to try to protect your information in our possession, no security system is perfectly secure and we cannot guarantee, and you should not expect, that your information will be secure in all circumstances.

VIII. Children.

The app is not directed to children (anyone under 13 years of age), nor do we knowingly solicit or collect any personal information from children without verifiable parental consent. If we discover that we have received any personal information from a child, we will investigate promptly and then delete such information from our system if warranted. If you are a parent or legal guardian of a child and you become aware that your child has provided us with personal information, please contact us promptly using the contact information detailed in the "Contact Us" section below. Parents and legal guardians always have the right to inspect any information that we may have inadvertently collected from their child, and have the right to have us delete it.

IX. Third Party Apps.

The app may contain links to third-party apps, such as social media apps, i.e., Facebook, Google, and X (formerly Twitter), which may have privacy policies that differ from our own. We are not responsible for the activities and practices that take place on these third party apps. Accordingly, we recommend that you review the privacy policies posted on any external app before disclosing any personal information. Please contact those webapps directly if you have any questions about their privacy policies.

Changes to this Privacy Policy.

We may change this Privacy Policy from time to time, including as required to keep current with rules and regulations, new technologies and security standards. When we do, we will post the change(s) on our website. If we change the Privacy Policy in a material and retroactive manner, we will change the Effective Date at the top of this Privacy Policy and attempt to provide appropriate notice to you.

X. Basis for Processing Personal information.

We may process personal information under the following conditions:

• Consent: You have given your consent for processing personal information for one or more specific purposes.
• Performance of a contract: Provision of personal information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations.
• Legal obligations: Processing personal information is necessary for compliance with a legal obligation to which the Company is subject.
• Legitimate interests: Processing personal information is necessary for the purposes of legitimate business or commercial interests pursued by the Company.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and whether the personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your personal information for and our reasons for doing so:

What we use your personal information for	Our reasons
To provide services to you.	For the performance of our contract(s) with you or to take steps at your request before entering into a contract.
To prevent and detect fraud against you or our Company.	For our legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for us and for you.
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory and enforcement bodies.	To comply with our legal and regulatory obligations.
Operational reasons, such as improving efficiency, training and quality control.	For our legitimate interests or those of a third party, i.e., to be as efficient as we can.
Statistical analysis to help us manage our business.	For our legitimate interests or those of a third party, i.e. to be as efficient as we can.
Preventing unauthorized access and modifications to systems	For our legitimate interests or those of a third party, i.e. to prevent and detect unauthorized and/or criminal activity that could be damaging for us and for you. To comply with our legal and regulatory obligations.
Updating and enhancing customer records.	For the performance of our contract(s) with you or to take steps at your request before entering into a contract. To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products.
Marketing our existing and new products and services and those of selected third parties to: existing and former customers; third parties who have previously expressed an interest in our products or services; third parties with whom we have had no previous dealings.	For our legitimate interests or those of a third party, i.e., to promote our business to existing and former customers.

XI. Where Your Personal Information is Held.

Personal information may be held at our offices and in the "Cloud" operated by our third party service providers, representatives and agents as described above (see "Disclosure of Information").

Some of these third parties may be based outside the U.S.A. For more information, including on how we safeguard your personal information when this occurs, see "Transferring Your Personal Information between the U.S. and the EEA" below.

XII. Transferring Your Personal Information between the U.S. and the EEA.

To deliver services to you, it may be necessary for us to share your personal information between the U.S.A. and the European Economic Area (EEA).

As an example, your information, including personal information, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you submit any personal information to us, you expressly acknowledge and consent to this Privacy Policy, including our ability to transfer your personal information between jurisdictions.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

If you would like further information, please contact us or our Data Protection Officer (see "Contact Us" below).

XIII. Access, Correction, & Deletion.

We respect your right to access and correct your personal information. You may exercise your rights, subject to applicable laws, to request that we delete or restrict access to your personal information. The app permits you to delete your personal information. We may need to retain it for legally permitted purposes and this will be explained to you if necessary.

If you need assistance correcting or updating your personal information, or would like to request that we delete your personal information, please contact us using the contact information detailed in the "Contact Us" section below.

XIV. U.S. State Privacy Laws.

a. California Privacy Rights Disclosure

If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), the California Online Privacy Protection Act (CalOPPA), provides you additional rights with respect to your Personal Information. California law permits our customers who are California residents to request certain information about our disclosure of their personal information to third parties for direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. To make such a request, email us at the following address:

If you are a California resident, California law provides you with the following additional rights with respect to your Personal Information:

• The right to know what personal information we have collected, used, disclosed and sold about you. You may submit a request to know by using the contact information detailed in this Section. You also may designate an authorized agent to make a request for access on your behalf.
• The right to request that we delete any personal information we have collected about you. You may submit a request for deletion by using the contact information detailed in this Section. You also may designate an authorized agent to make a request for deletion on your behalf.

b. Connecticut Data Privacy Rights.

If you are a Connecticut resident, (Public Act No. 22-15) An Act Concerning Personal information Privacy and Online Monitoring provides you additional rights with respect to your personal information. The Act grants Connecticut consumers the right to (A) access, correct, delete and obtain a copy of personal information that we collect, and (B) opt out of the processing of personal information for the purposes of (i) targeted advertising, (ii) certain sales of personal information, or (iii) profiling.

c. Utah Consumer Privacy Rights.

If you are a Utah resident, the Utah Consumer Privacy Act (UCPA) (S.B. 227) gives consumers a number of rights related to their personal information, including the right to: (A) access and delete personal information, (B) opt out of the collection and use of personal information for certain purposes, and (C) obtain a copy of their personal information.

d. Virginia Consumer Data Privacy Protection Act.

If you are a Virginia resident, the Virginia Consumer Data Protection Act ("VCDPA") (Va. Code § 59.1-575) allows for consumers to request that the company collecting their personal information: (A) confirm if the company is actually processing their personal information, (B) correct inaccuracies in the consumer's personal information that is collected by the company, (C) delete personal information provided by or obtained about the consumer, (D) obtain copies of the personal information collected by the company, and (E) opt out of the processing of personal information for purposes of targeted advertising, the sale of personal information, or further profiling.

e. Colorado Protect Personal Data Privacy Act.

If you are a Colorado resident, the Protect Personal information Privacy Act (SB21-190) gives consumers a number of rights related to their personal information, including the right to: (A) access and delete personal information, (B) opt out of the collection and use of personal information for certain purposes, and opt out of secondary use of such data.

f. Delaware Personal Data Privacy Act.

If you are a Delaware resident, the Delaware Personal Data Privacy Act (HB-154) gives consumers a number of rights related to their personal information, including the right to: (A) to know what information is being collected about them, (B) see the information, (C) correct any inaccuracies, or (D) request deletion of their personal information that is being maintained by entities or people.

g. Iowa Consumer Data Protection Act.

If you are an Iowa resident, the Iowa Consumer Data Protection Act (ICDPA) gives consumers a number of rights related to their personal information, including the right to: (A) to know what information is being collected about them, (B) see the information, (C) correct any inaccuracies, or (D) request deletion of their personal information that is being maintained by entities or people.

h. Montana Consumer Data Privacy Act.

If you are a Montana resident, the Montana Consumer Data Privacy Act (MCDPA) companies who collect personal information from Montana residents may receive clear consent before processing such personal information. The Act also grants Montana residents the right to (A) access, correct, delete and obtain a copy of personal information that we collect, and (B) opt out of the processing of personal information for the purposes of targeted advertising.

i. Oregon Consumer Privacy Act.

If you are an Oregon resident the Oregon Consumer Privacy Act (SB-619) gives consumers a number of rights related to their personal information, including the right to: (A) access and delete personal information, (B) opt out of the collection and use of personal information for certain purposes, and (C) obtain a copy of their personal information.

j. Texas Data Privacy and Security Act.

If you are a Texas resident the Texas Data Privacy and Security Act (HB-04F) allows for Texas residents to request that the company collecting their personal information: (A) confirm if the company is actually processing their personal information, (B) correct inaccuracies in the consumer's personal information that is collected by the company, (C) delete personal information provided by or obtained about the consumer, (D) obtain copies of the personal information collected by the company, and (E) opt out of the processing of personal information for purposes of targeted advertising, the sale of personal information, or further profiling.

k. Nebraska Data Privacy Act.

If you are a Nebraska resident, (Legislative Bill 1074) the Nebraska Data Privacy Act provides you additional rights with respect to your personal data. The Act grants Nebraska consumers the right to (A) access, correct, delete and obtain a copy of personal data that we collect, and (B) opt out of the processing of personal data for the purposes of (i) targeted advertising, (ii) certain sales of personal data, or (iii) profiling.

l. New Hampshire Expectation of Privacy Act.

If you are a New Hampshire resident, (Senate Bill 255) under the Expectation of Privacy Act, you have the following rights: (1) Confirm whether or not certain businesses are processing your personal data; (2) Obtain Access to your personal data being processed by those businesses; (3) Correct inaccuracies in your personal data being processed by those businesses; (4) Delete personal data provided by, or obtained about, you by those businesses; (5) Obtain a copy of your personal data in a portable format; and (6) Opt-out of the future processing of personal data for purposes of: (a) targeted advertising, (b) the sale of personal data, or (c) certain types of automated profiling.

m. New Jersey Data Privacy Law.

If you are a New Jersey resident, the New Jersey Data Privacy Law P.L. 2023, c. 266 (NJDPL) gives consumers a number of rights related to their personal data, including the right to: (A) know what information is being collected about them, (B) see the information, (C) correct any inaccuracies, or (D) request deletion of their personal data that is being maintained by entities or people.

n. Tennessee Data Privacy Law.

If you are a Tennessee resident, the Tennessee Information Protection Act (TIPA), (HB 1181) allows for consumers to request that the company collecting their personal data: (A) confirm if the company is actually processing their personal data, (B) correct inaccuracies in the consumer's personal data that is collected by the company, (C) delete personal data provided by or obtained about the consumer, (D) obtain copies of the personal data collected by the company, and (E) opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or further profiling.

o. Minnesota Data Privacy Law.

If you are a Minnesota resident, the Minnesota Consumer Data Privacy Act (MCDPA) (H4757-4) gives consumers a number of rights related to their personal data, including the right to: (A) see what data is collected, (B) understand the purpose for its collection, (C) see the third parties that the data is shared with, and (D) opt out of the collection and use of personal data for certain purposes.

p. Maryland Data Privacy Law.

If you are a Maryland resident, the Maryland Online Data Privacy Act (MODPA) aims to protect the privacy and personal data of Maryland residents by regulating its collection, processing, and use. Specifically, MODPA allows Maryland consumers to request that the company collecting their personal data: (A) confirm if the company is actually processing their personal data, (B) correct inaccuracies in the consumer's personal data that is collected by the company, (C) delete personal data provided by or obtained about the consumer, (D) obtain copies of the personal data collected by the company, and (E) opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or further profiling.

XV. Your Rights.

We want you to be in control of how your personal information is used by us. Please note that our ability to access or control your personal information will be limited, as required or permitted by applicable law. Depending on your jurisdiction, you may have the right to be informed of, and request access to, the personal information we process about you; update and correct inaccuracies in that information; have the information restricted or deleted; object or withdraw your consent to certain uses of data; and lodge a complaint with your local data protection authority. You may also have the right not to be subject to automated decision-making, including profiling, where it would have a legal or similarly significant effect on you; and the right to data portability with regard to the data you provided to us. We will not discriminate against you for the exercise of these rights.

If you would like to exercise any of the rights described above, please send us a request by using the contact information in "Contact Us" section below. In your message, please indicate the right you would like to exercise and your jurisdiction. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

XVI. How to Exercise Your Rights.

If you would like to exercise any of your rights as described in this Privacy Policy, please contact us using the contact information detailed in the "Contact Us" section below.

Please be reminded that you may only make a CCPA-related data access or data portability disclosure request once within any 12-month period.

If you choose to contact us directly by phone, email, or in writing, you will need to provide us with:

• Enough information to identify you (e.g., your full name, address and customer or matter reference number);
• Proof of your identity and address (e.g., a copy of your driver's license or passport); and
• A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person's behalf.

Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

XVII. Right to Lodge Complaints.

We are transparent about the ways in which we collect and use personal information, and welcome your questions and concerns. We hope that we or our Data Control Officer can resolve any query or concern you raise about our use of your information.

If you have any concern or complaint about the way we handle your personal information, please contact us using the contact information detailed in the "Contact Us" section below. To the extent you believe we have not addressed your concerns or otherwise choose to do so, you have the right to lodge a complaint with a supervisory authority in the country where you reside.

If you are a United States resident, you may contact the U.S. Federal Trade Commission regarding your concerns. For more information, please see: https://www.ftc.gov/media/71268

IX. Contact Us.

If you have questions or concerns about this Privacy Policy or how we collect and use the information of our customers, you can contact us by sending a letter to us at the appropriate address below: