Privacy Policy
Last updated: March 16, 2026
Your privacy is important to MindStack SIA. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable laws.
For the terms governing your use of our platform and website, please refer to our Terms of Service and Terms of Use.
MindStackLLC™ is a trademark used by MindStack SIA. The MindStackLLC™ AI Platform is operated by MindStack SIA.
For details on our intellectual property, please see our Intellectual Property Notice.
SIA (Sabiedrība ar ierobežotu atbildību) is the Latvian equivalent of a limited liability company (LLC).
1. Data Controller and Contact Information
Data Controller: MindStack SIA (registration number: 40203709886), a limited liability company incorporated under the laws of the Republic of Latvia.
Registered Office: MindStack SIA, [Provided upon request], Latvia.
Email: [email protected]
For questions about data protection or to exercise your rights, you may contact our Data Protection Officer at the same email address.
2. What Personal Data We Collect
We collect the following categories of personal data:
- Identity and Contact Data: Name, email address, phone number, username, profile picture.
- Account and Usage Data: IP address, browser type, device information, log data, pages visited, actions taken, session information.
- Transaction and Payment Data: Billing address, payment method details (processed by third‑party payment processors), subscription history.
- Content and Communications: Feedback, support tickets, and support messages are stored beyond session and processing.
- AI Prompts and Instructions: AI prompts, AI instructions, and AI‑generated outputs are processed in real‑time with session‑scoped retention.
- AI Configurations and Instructions: Customer AI configurations and AI instructions created for Customer AI Assistants are encrypted using AES‑256 encryption to prevent unauthorized access and disclosure.
- Technical and Cookie Data: Cookies, tracking pixels, analytics identifiers (see section 7).
- Third‑Party Authentication Data: If you choose to sign‑up or log‑in using a third‑party service (e.g., Google, Apple), we may collect authentication tokens and basic profile information provided by that service.
Sensitive Personal Data: Our Services are not designed or intended to process sensitive personal data (e.g., data revealing racial or ethnic origin, political opinions, religious beliefs, health data, sexuality, citizenship, genetic or biometric data, personal data of children, precise geolocation, or criminal membership). We do not ask for, and you should not provide, sensitive personal data to the Services, whether about yourself or other individuals.
3. Purposes and Legal Bases for Processing
We process your personal data for the following purposes and under the corresponding legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing and managing the MindStackLLC™ AI Platform, including user accounts, authentication, and service delivery | Performance of a contract (Art. 6(1)(b) GDPR) |
| Processing payments and managing subscriptions | Performance of a contract, legal obligation (Art. 6(1)(b), (c)) |
| Improving our services, developing new features, and conducting analytics | Legitimate interest (Art. 6(1)(f) GDPR) – to enhance user experience and platform quality |
| Sending administrative communications, updates, security alerts, and support responses | Performance of a contract, legitimate interest (Art. 6(1)(b), (f)) |
| Complying with legal obligations (e.g., tax, accounting, data protection laws) | Legal obligation (Art. 6(1)(c) GDPR) |
| Marketing and promotional communications (only with your explicit consent) | Consent (Art. 6(1)(a) GDPR) |
4. Data Retention
We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Typical retention periods are:
- Account data: Until you request deletion or the account is inactive for 3 years.
- Transaction records: 7 years for tax and accounting compliance.
- Log data and analytics: Up to 12 months.
- Support tickets and feedback: Retained for 3 years after ticket resolution for customer service purposes.
- Cookies: As specified in our Cookie Policy (see section 7).
AI Messages, prompts, and AI‑generated outputs are processed in real‑time and are not stored beyond the immediate session; therefore no retention period applies.
After the retention period ends, we securely delete or anonymise your data.
5. Data Subject Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request correction of inaccurate or incomplete data.
- Right to erasure (right to be forgotten): You may request deletion of your data under certain conditions.
- Right to restriction of processing: You may request that we temporarily stop processing your data.
- Right to data portability: You may request a machine‑readable copy of your data or its transfer to another controller.
- Right to object: You may object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond within one month, free of charge, unless the request is manifestly unfounded or excessive. Before responding, we may need to verify your identity or authority to act on behalf of someone else.
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. The Latvian supervisory authority is the Data State Inspectorate (www.dvi.gov.lv).
6. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include AES‑256 encryption of data in the database, in transit (SSL/TLS), and at rest, access controls, regular security assessments, and staff training. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where the breach is likely to result in a high risk to you, we will also communicate the breach to you without undue delay.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience, analyse usage, and deliver personalised content. Cookies are small text files stored on your device. You can manage cookie preferences through your browser settings.
The table below provides detailed information about the cookies we use:
| Cookie Name | Purpose | Duration | Category |
|---|---|---|---|
| sessionid | Maintains your session state and authentication across requests. | Session (deleted when browser closes) | Essential |
| csrftoken | Protects against Cross‑Site Request Forgery (CSRF) attacks. | Session or 1 year (depending on settings) | Essential |
| auth_payload | Encrypted authentication payload for secure access to platform features. | Session (deleted when browser closes) | Essential |
| mindstackllc_lang | Stores your language preference for the platform interface. | 1 year | Preferences |
| mindstackllc‑theme | Stores your selected theme (e.g., light, dark, corporate) for consistent appearance. | 1 year | Preferences |
Essential cookies are necessary for the platform to function and cannot be switched off. They are usually set in response to actions you take, such as logging in or setting your privacy preferences. You can set your browser to block or alert you about these cookies, but some parts of the platform may not work as a result.
Preference cookies enable the platform to remember information that changes the way the platform behaves or looks, like your preferred language or theme.
We use Cloudflare Web Analytics (with your consent) to collect anonymous usage data. This service uses cookies such as __cf_bm for security and bot detection. If you do not consent to analytics cookies, these cookies will not be placed on your device.
You can manage your cookie preferences via your browser settings. For more information, please visit AllAboutCookies.org.
8. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure adequate safeguards are in place, such as standard contractual clauses approved by the European Commission, or the recipient's participation in the EU‑U.S. Data Privacy Framework. You may request further details about these safeguards by contacting us.
Primary Data Storage: Our primary servers are located within the European Union. This provides you with enhanced data protection under EU law.
9. How We Share Your Personal Data
We share your personal data in the following limited circumstances:
- Service Providers: We engage trusted service providers (e.g., hosting, payment processing, customer support, analytics) who process data on our behalf under strict contractual data protection obligations.
- Legal Requirements: We may disclose data if required by law, legal process, or governmental request, or to protect the rights, property, or safety of our users, the public, or MindStack SIA.
- Corporate Transactions: In connection with a merger, acquisition, sale of assets, or other corporate transaction, your data may be transferred as part of the business assets, subject to appropriate confidentiality and data protection commitments.
- With Your Consent: We may share data with third parties when you explicitly consent, such as when connecting your account to third‑party services.
10. Data Processors
We engage Fireworks AI as a data processor to provide AI model services. Fireworks AI processes personal data on our behalf under strict contractual data protection obligations that comply with GDPR. For more information about how Fireworks AI handles personal data, please see their privacy policy at https://fireworks.ai/privacy-policy. MindStack SIA (controller) and Fireworks AI (processor) Data Protection and Privacy Policy are fully compliant and aligned with GDPR Acts against Privacy and Data protection.
11. Automated Decision‑Making and AI Accuracy
Our platform uses third‑party AI models to generate responses and recommendations. These processes do not involve automated decision‑making that produces legal or similarly significant effects concerning you. You have the right to obtain human intervention, express your point of view, and contest any automated decision.
AI Accuracy Disclaimer: AI‑generated content (outputs) are produced by third‑party machine learning models. These models generate responses based on patterns in data they were exposed to during their development. These outputs may contain inaccuracies, biases, or factual errors. You should not rely on the factual accuracy of AI‑generated content without independent verification. If you believe AI outputs contain factually inaccurate personal data about you, you may contact us to request correction consideration, subject to technical capabilities and applicable law.
12. Personal Data Relating to Children
Our Services are not directed to children under the age of 16 (or the higher age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data as soon as possible. If you believe we have collected personal data from a child, please contact us immediately at [email protected].
13. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be posted on this page with a new effective date. If we make material changes, we will notify you via email or a prominent notice on the platform before the changes become effective.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
Postal Address: MindStack SIA, [Provided upon request], Latvia