Privacy Policy

MINDZIE PRIVACY POLICY

Last revised: March 25, 2025

 

OVERVIEW

mindzie, inc. and mindzie Canada, inc. (collectively, “mindzie”) are committed to safeguarding the personal data of our users and partners. As providers of the “mindzie studio” software, we empower organizations to analyze and improve business processes. This privacy policy outlines how we collect, use, share, and protect information, particularly in relation to the global availability of our software via both cloud and on-premises deployment models. Notably, for on-premises deployments, mindzie does not process or store customer data—such data remains entirely within the customer’s infrastructure.

 

CHANGES TO OUR PRIVACY POLICY

We periodically update our privacy practices to comply with changes in legislation and technology. This policy may change without prior notice, but when material updates occur, we will notify you via our Website, email, or Service login page. Reviewing this policy regularly is recommended. The latest revision date is always displayed at the top of the document.

 

DEPLOYMENT OPTIONS

mindzie provides flexible deployment models to meet diverse client needs. In a cloud-hosted model, user data is stored and processed using secure and compliant infrastructure from Microsoft Azure, Google Cloud, AWS, or Alibaba Cloud (Saudi Ariba), based on regional and regulatory considerations. For on-premises installations, mindzie does not have access to user data. All information remains within the customer’s IT environment, and data privacy regulations regarding processing by mindzie do not apply.

 

USE OF GENERATIVE AI (LLM FEATURES)

mindzie offers optional AI functionality powered by large language models (LLMs) to enhance process insights and recommendations. Clients have the flexibility to:

  • Use mindzie-hosted LLMs, where data is temporarily transmitted for processing.
  • Configure their own AI integration, including cloud or on-premises LLMs.

Users can choose the level of AI engagement and disable this functionality entirely. mindzie does not retain LLM-inputted data after processing.

 

DEFINITIONS

To clarify key terminology in this policy:

  • Account Data refers to information provided during account registration, such as name, email, and billing details.
  • Business Data refers to operational data uploaded or generated during use of the Service.
  • Personal Information includes data that identifies or can reasonably be used to identify a natural person.
  • User Data encompasses both Account and Business Data associated with a user.

 

CONSENT AND LEGAL BASIS

We collect and process personal information under several legal bases, depending on the jurisdiction. Under GDPR, these include: consent, contract performance, compliance with legal obligations, and legitimate interests. In other jurisdictions, such as Canada or the United States, parallel principles apply. By accessing or using our services, you agree to the collection and processing of your information as described.

 

COLLECTION OF PERSONAL INFORMATION

We gather information from users through various interactions, including:

  • Visiting our Website or social channels
  • Registering an account or purchasing services
  • Participating in surveys, events, or webinars
  • Submitting customer support requests
  • Applying for employment

Information collected may include name, contact information, company name, payment details, browser/device data, usage logs, and submitted content. We do not knowingly collect data from individuals under the age of 13.

 

USE AND DISCLOSURE OF INFORMATION

The information collected is used to:

  • Operate, personalize, and improve our Service
  • Communicate administrative and marketing content
  • Provide customer service and technical support
  • Comply with legal obligations and audit requirements

We do not sell personal data. We may share data with trusted service providers and subcontractors who are bound by confidentiality and data processing agreements. Data may be disclosed when required by law or to protect rights, property, or safety.

 

INTERNATIONAL DATA TRANSFER

For users of our cloud-hosted Service, data may be transferred to servers in the United States, Canada, the EU, or other regions as needed. These transfers comply with applicable legal safeguards, such as Standard Contractual Clauses (SCCs) or regional adequacy decisions under GDPR. Users are informed and consent to these international transfers during registration. On-premises customers retain full control over data storage and jurisdiction.

 

DATA RETENTION

We retain personal and User Data only as long as necessary for business purposes or legal obligations. When no longer needed, data is securely deleted or anonymized. If users request deletion of data, it will be honored unless retention is mandated (e.g., for tax, audit, or dispute resolution purposes). Backup archives may store encrypted copies for a limited period.

 

SECURITY

mindzie follows best practices to protect data from unauthorized access, misuse, or loss. Safeguards include:

  • Transport Layer Security (TLS) for data in transit
  • Encryption at rest for stored data
  • Role-based access control and authentication
  • Employee training and access limitation

No system is immune to threats, but we strive to maintain the highest reasonable security standards.

 

THIRD PARTY SERVICE PROVIDERS

To operate our Service, we rely on vetted third parties for services such as:

  • Email and communications delivery
  • Credit card and payment processing
  • Data storage and hosting
  • AI and analytics platforms

Each provider must meet contractual, technical, and regulatory compliance requirements before gaining access to personal or User Data.

 

TRACKING TECHNOLOGIES

Our Website and applications may use cookies, pixels, and similar technologies for performance monitoring, analytics, and personalized content. These tools help us understand how our services are used and improve user experience. Users can control tracking through their browser settings and consent banners. We respect “Do Not Track” signals where applicable.

 

USER RIGHTS

Depending on your jurisdiction, you may have the right to:

  • Access and review your personal data
  • Request correction or deletion
  • Withdraw consent or object to processing
  • Request data export (portability)

To exercise these rights, email us at legal@mindzie.com. We will confirm your identity and respond within the legally mandated period.

 

BUSINESS TRANSFERS

If mindzie is acquired, merged, or undergoes a corporate restructuring, your data may be part of the transferred assets. The new entity will assume data responsibilities under the same or an equivalent privacy policy. Users will be notified in advance when feasible.

 

BREACH NOTIFICATION

In the unlikely event of a security incident affecting your data, mindzie will promptly notify affected users and relevant authorities, as required by law. We maintain an internal breach response protocol to identify, contain, and remedy potential threats.

 

CONTACT INFORMATION

If you have questions about this privacy policy or wish to make a data request, please contact:

mindzie Inc.
2600 E Southlake Blvd, Suite 120 PMB 378
Southlake, Texas 76092
Email: legal@mindzie.com

You may also contact your regional data protection authority:

Contact the United States Federal Trade Commission (FTC)

Contact the Office of the Privacy Commissioner of Canada

Contact data protection authorities in the European Economic Area