MystiConnect Privacy Policy

Effective Date: 2/13/2026
Entity: MystiConnect App LLC
Affiliated Entities: MystiConnect Brand LLC
Parent Company: Mystic Holdings LLC
Contact: privacy@mysticonnect.com
Address: 10785 E 28th Pl., Denver, CO 80238

This Privacy Policy explains how MystiConnect collects, uses, stores, and protects information when you use our applications, websites, and related services (collectively, the “Services”).

1. Scope & Who This Covers

This Policy applies to:

• The MystiConnect mobile and web applications

• Our websites and landing pages

• AI-powered features

• Maps, events, subscriptions, and community features

This Policy does not apply to third-party services you access through MystiConnect.

2. Age Restriction

MystiConnect is intended for users 18 years of age or older.

We do not knowingly collect data from minors. If you believe a minor has provided information, contact us and we will promptly delete it.

3. Not Medical Advice / Not HIPAA Covered

MystiConnect is not a medical provider and is not a HIPAA-covered entity.

• Do not upload protected health information (PHI)

• Any wellness or health-related inputs are treated as consumer-provided information, not medical records

• AI responses are informational only and not medical advice

4. Information We Collect

A. Information You Provide

• Name, email, phone number, username

• Account credentials (passwords are hashed)

• Messages, posts, comments, and uploads

• AI conversations (see Section 11)

• Wellness preferences, goals, interests (optional)

• Event submissions or community content

B. Commerce & Subscriptions

• Purchase history

• Shipping details

• Payment tokens (processed by Stripe or processors — we do not store full card numbers)

C. Device & Usage Data

• IP address

• Device identifiers

• App version and diagnostics

• Usage events and interactions

• Approximate location (if enabled)

D. Media & User-Generated Content

• Photos, videos, audio, or other media you upload or consent to share

5. Sensitive Data & Consent

Some information (such as wellness preferences) may be considered sensitive data under certain laws.

We process such data only with your explicit consent, which you may withdraw at any time via:

• App Settings → Privacy

• Emailing privacy@mysticonnect.com

6. How We Use Information

We use information to:

• Operate and secure the Services

• Personalize experiences and recommendations (with consent)

• Provide AI features

• Process payments and subscriptions

• Support events, maps, and community features

• Improve performance, analytics, and reliability

• Comply with legal obligations

• Prevent fraud, abuse, or misuse

7. NovaOps (Internal AI System)

NovaOps is an internal, company-only system.

• It is not user-facing

• It analyzes company-owned data, including:

  • Website analytics

  • Subscription metrics

  • Social media data accessed via company-authorized APIs

  • Internal performance data

Important:

• NovaOps does not scrape personal user accounts

• NovaOps does not sell or share data

• NovaOps does not interact with user private messages

• NovaOps operates under internal access controls

8. AI Training & Federated Learning

• User chat content is not used to train models by default

• Federated or anonymized learning may be used to improve system quality

• Identifiable data is excluded unless you explicitly opt in

• You control AI data preferences in Settings

9. Legal Bases for Processing (GDPR / Global)

We process data based on:

• Consent

• Contract necessity

• Legitimate interests (security, performance, improvement)

• Legal obligations

• User-requested services

10. Data Sharing

We do not sell personal data.
We are not a data broker.

We may share data with:

• Infrastructure providers (hosting, analytics, payments)

• Affiliates (App ↔ Brand ↔ Holdings) for internal operations

• Legal authorities when required by law

• Business successors in mergers or restructuring

All vendors are bound by contractual confidentiality and data protection obligations.

11. Advertising & Tracking

• We may use contextual advertising

• Behavioral or targeted advertising requires opt-in where applicable

• We honor legally required Global Privacy Control (GPC) signals

12. Data Retention

We retain data only as long as necessary:

• Active accounts: for the life of the account

• Inactive accounts: typically up to 2 years

• Legal or compliance data: as required by law

You may request deletion at any time.

13. Security

We use reasonable administrative, technical, and organizational safeguards, including:

• Encryption in transit

• Access controls

• Secure infrastructure environments

No system is 100% secure. Please notify us of suspected issues.

14. Your Privacy Rights

Depending on your location, you may have rights to:

• Access

• Correction

• Deletion

• Portability

• Consent withdrawal

• Opt-out of profiling or targeted ads

• Appeal denied requests (Colorado)

How to exercise rights:
Email privacy@mysticonnect.com

We respond within legally required timeframes.

15. International Transfers

If data is transferred internationally, we use appropriate safeguards such as Standard Contractual Clauses.

16. Payments

Payments are processed by third-party providers (e.g., Stripe). Their privacy policies apply.

17. Children’s Data Removal

If data from a minor is discovered, we will delete it immediately upon notice.

18. Policy Updates

We may update this Policy from time to time.
Material changes will be posted with an updated Effective Date.

19. Contact

📧 privacy@mysticonnect.com
📍 10785 E 28th Pl., Denver, CO 80238