Skip to main content

Mindky Privacy Policy

Last updated: 02/10/2025 Effective as of: 02/10/2025

At Mindky ("we", "our", "us"), protecting your personal data is a top priority. This Privacy Policy explains what information we collect, how we process it, and your rights under applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

By using our platform, website, mobile app, APIs, or integrations (collectively the "Service"), you agree to the practices described below.

1. Data Controller & Contact

Data Controller

  • Company: Mindky SAS
  • Registered office: 10 Rue Du Mont Ste Croix, 57600 Forbach, France
  • Country of incorporation: France

Contact for privacy inquiries

You may contact us at any time to exercise your privacy rights or ask questions about this Policy.

2. Scope of this Policy

This Policy applies to all individuals using Mindky, including website visitors, registered users, administrators, and customers.

It covers:

  • Use of our website (www.mindky.com and subdomains)
  • Use of our web and mobile application
  • Access through APIs, integrations, or extensions
  • AI-powered features, including document ingestion and search
  • Analytics and usability tools (including SmartLook)
  • Customer support and communications

3. Data We Collect

3.1 Data you provide directly

  • Name, surname, display name
  • Email address, phone number
  • Account credentials (login, password – stored securely, hashed)
  • Profile information (photo, preferences, settings)
  • Content you upload (documents, files, notes, internal procedures)
  • Contacts you import (if applicable)
  • Payment details (processed via third-party provider)
  • Support requests and communications with our team

3.2 Technical data and metadata

  • IP address, browser type, operating system, device type
  • Session logs, usage metrics, interactions (pages, clicks, time spent)
  • Cookies and similar tracking technologies (see Section 5)
  • Device identifiers, app version, crash/error logs
  • Metadata of uploaded files (e.g. name, size, creation date)

3.3 Data from third-party services

  • If you connect integrations (Google Drive, Microsoft 365, Slack, SharePoint, etc.), we may receive basic account data (name, email, documents)
  • Data from analytics and communication providers (e.g. Mailchimp for email campaigns)

We process personal data for the following purposes:

PurposeLegal Basis
Provide and operate the ServiceContract performance
Authenticate and secure your accountContract performance
Process documents into embeddings for internal search and onboardingContract performance / Legitimate interest
Respond to support requestsContract performance
Send service-related notificationsContract performance / Legal obligation
Improve features and user experienceLegitimate interest
Analyze usage and perform analyticsLegitimate interest / Consent (where required)
Marketing and campaigns (e.g. newsletters)Consent
Comply with legal obligations (e.g. tax, accounting)Legal obligation

Important: Uploaded documents are processed into embeddings for internal search and onboarding features. We do not use your documents to train external AI models (e.g. OpenAI, Mistral).

5. Cookies & Tracking Technologies

5.1 Types of cookies we use

  • Essential cookies – required for login, authentication, security
  • Analytics cookies – measure usage and performance
  • Marketing cookies – track campaigns (if applicable)
  • Session replay tools – analyze usability (SmartLook)

Non-essential cookies (analytics, marketing) require your prior consent. You may manage preferences through our cookie banner or browser settings.

5.3 SmartLook session replay

  • We use SmartLook to record pseudonymized user interactions (navigation, clicks) for UX improvements.
  • Sensitive content (documents, passwords, financial data) is excluded.
  • You may opt out via the cookie banner.

6. Sharing of Data

We may share your personal data with:

  • Hosting & cloud services: AWS Bedrock (EU servers)
  • LLM provider: Mistral (EU) for AI processing
  • Email services: Mailchimp for newsletters and campaigns
  • Analytics & session replay: SmartLook, as described above
  • Authorized third-party integrations: Google Drive, Microsoft 365, Slack, SharePoint (only if you connect them)
  • Legal authorities: where required by law or regulation
  • Corporate transactions: in case of merger, acquisition, or restructuring
  • Aggregated/anonymized data: that cannot identify you

All providers are bound by confidentiality and data processing agreements.

7. International Transfers

Mindky stores and processes data within the European Union.

If data must be transferred outside the EEA, we apply appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Explicit consent, if no other safeguard applies

8. Data Retention

We retain data for as long as necessary to provide the Service or as required by law.

  • Account data: as long as the account is active + 1 year after closure
  • Uploaded documents: retained while account is active, deleted upon closure or request
  • Logs: 6–24 months
  • Marketing data: until you unsubscribe, or max 3 years of inactivity
  • Support communications: 1–5 years depending on legal obligations

When retention expires, data is deleted or irreversibly anonymized.

9. Data Security

We apply technical and organizational measures to protect data, including:

  • TLS encryption in transit, encryption at rest (where applicable)
  • Role-based access controls
  • Multi-factor authentication
  • Activity and audit logs
  • Secure redundancy and backups
  • Vulnerability testing and incident response plan

In case of a data breach posing a high risk, we will notify you and the CNIL (French authority) as required by GDPR.

10. Your Rights (GDPR)

As a data subject in the EU, you have the following rights:

  • Access – obtain a copy of your data
  • Rectification – correct inaccurate or incomplete data
  • Erasure – request deletion ("right to be forgotten")
  • Restriction – limit processing in certain cases
  • Objection – to processing based on legitimate interest or direct marketing
  • Portability – receive your data in machine-readable format
  • Withdraw consent – when processing is based on consent
  • Lodge a complaint – with the CNIL or your local data protection authority

To exercise these rights, contact us at contact@mindky.com.

  • We may verify your identity before processing your request.
  • We will respond within one month (extendable as permitted by law).

11. Children's Privacy

Mindky is not intended for individuals under 18 years old.

We do not knowingly collect data from minors. If such data is found, it will be deleted promptly.

12. Policy Updates

We may update this Privacy Policy periodically.

If material changes occur, we will notify you by email or through the Service.

The "Last Updated" date indicates the latest revision.

13. Contact Us

For privacy-related inquiries:

  • Mindky SAS
  • Email: contact@mindky.com
  • Address: 10 Rue Du Mont Ste Croix, 57600 Forbach, France