Privacy Policy

Last updated: 10 June 2026

This Privacy Policy explains how Think Success ("we", "us") collects, uses, and protects your personal data when you use our Service at https://thinksuccess.app. We are committed to processing your data in accordance with the EU General Data Protection Regulation (GDPR).

1. Data controller

Think Success is the data controller for the personal data collected through this Service. You can reach us via the contact form.

2. What data we collect

When you create an account

• Name — used to personalise your experience
• Email address — used for account identification and sign-in
• Password — stored as a secure one-way hash; we cannot read your password

When you use the Service

• Affirmations — text you write and save to your sessions
• Photos — images you upload to your personal sessions
• Audio files — MP3s you upload to your personal sessions
• Session preferences — speed settings, track choices, and session configuration

When you contact us

• Name, email, and message — submitted via the contact form
• IP address — recorded with contact submissions for spam prevention

Technical data

• Session cookie — essential cookie that keeps you signed in during your browser session
• We do not use tracking cookies, advertising cookies, or third-party analytics

3. Legal basis for processing

• Contract — processing your account data is necessary to provide the Service you have registered for
• Legitimate interest — IP logging on contact submissions to prevent spam
• Consent — for any processing not covered above, we will ask for your explicit consent

4. How we use your data

• To create and manage your account
• To deliver and personalise the slideshow and session features
• To store your uploaded content and session settings
• To respond to contact form messages
• To maintain the security and integrity of the Service

5. Data sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Your data is stored on our own server and is not shared with any external services, analytics platforms, or advertisers.

6. Data retention

We retain your account data for as long as your account is active. Contact form messages are retained until reviewed and deleted by the administrator. You may request deletion of your account and all associated data at any time — see your rights below.

7. Your rights under GDPR

You have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interest
• Right to restrict processing — ask us to limit how we use your data

To exercise any of these rights, please contact us via the contact form. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority if you believe we have not handled your data correctly.

8. Cookies

We use one essential session cookie that is strictly necessary for the sign-in feature to function. This cookie is not used for tracking or advertising and does not require consent under GDPR. No third-party cookies are set by this Service.

9. Security

We take reasonable technical measures to protect your data, including password hashing and HTTPS encryption. However, no internet transmission is completely secure and we cannot guarantee absolute security.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page when changes are made. Continued use of the Service after changes constitutes your acceptance of the revised policy.

11. Contact

For any privacy-related questions or to exercise your GDPR rights, please use our contact form.