Privacy Policy

Last updated: March 16, 2026

Your privacy is important to MindStack SIA. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable laws.

For the terms governing your use of our platform and website, please refer to our Terms of Service and Terms of Use.

MindStackLLC™ is a trademark used by MindStack SIA. The MindStackLLC™ AI Platform is operated by MindStack SIA.

For details on our intellectual property, please see our Intellectual Property Notice.

SIA (Sabiedrība ar ierobežotu atbildību) is the Latvian equivalent of a limited liability company (LLC).

1. Data Controller and Contact Information

Data Controller: MindStack SIA (registration number: 40203709886), a limited liability company incorporated under the laws of the Republic of Latvia.

Registered Office: MindStack SIA, [Provided upon request], Latvia.

Email: [email protected]

For questions about data protection or to exercise your rights, you may contact our Data Protection Officer at the same email address.

2. What Personal Data We Collect

We collect the following categories of personal data:

Sensitive Personal Data: Our Services are not designed or intended to process sensitive personal data (e.g., data revealing racial or ethnic origin, political opinions, religious beliefs, health data, sexuality, citizenship, genetic or biometric data, personal data of children, precise geolocation, or criminal membership). We do not ask for, and you should not provide, sensitive personal data to the Services, whether about yourself or other individuals.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and under the corresponding legal bases:

Purpose Legal Basis
Providing and managing the MindStackLLC™ AI Platform, including user accounts, authentication, and service delivery Performance of a contract (Art. 6(1)(b) GDPR)
Processing payments and managing subscriptions Performance of a contract, legal obligation (Art. 6(1)(b), (c))
Improving our services, developing new features, and conducting analytics Legitimate interest (Art. 6(1)(f) GDPR) – to enhance user experience and platform quality
Sending administrative communications, updates, security alerts, and support responses Performance of a contract, legitimate interest (Art. 6(1)(b), (f))
Complying with legal obligations (e.g., tax, accounting, data protection laws) Legal obligation (Art. 6(1)(c) GDPR)
Marketing and promotional communications (only with your explicit consent) Consent (Art. 6(1)(a) GDPR)

4. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Typical retention periods are:

AI Messages, prompts, and AI‑generated outputs are processed in real‑time and are not stored beyond the immediate session; therefore no retention period applies.

After the retention period ends, we securely delete or anonymise your data.

5. Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us at [email protected]. We will respond within one month, free of charge, unless the request is manifestly unfounded or excessive. Before responding, we may need to verify your identity or authority to act on behalf of someone else.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. The Latvian supervisory authority is the Data State Inspectorate (www.dvi.gov.lv).

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include AES‑256 encryption of data in the database, in transit (SSL/TLS), and at rest, access controls, regular security assessments, and staff training. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where the breach is likely to result in a high risk to you, we will also communicate the breach to you without undue delay.

We use cookies and similar tracking technologies to enhance your experience, analyse usage, and deliver personalised content. Cookies are small text files stored on your device. You can manage cookie preferences through your browser settings.

The table below provides detailed information about the cookies we use:

Cookie Name Purpose Duration Category
sessionid Maintains your session state and authentication across requests. Session (deleted when browser closes) Essential
csrftoken Protects against Cross‑Site Request Forgery (CSRF) attacks. Session or 1 year (depending on settings) Essential
auth_payload Encrypted authentication payload for secure access to platform features. Session (deleted when browser closes) Essential
mindstackllc_lang Stores your language preference for the platform interface. 1 year Preferences
mindstackllc‑theme Stores your selected theme (e.g., light, dark, corporate) for consistent appearance. 1 year Preferences

Essential cookies are necessary for the platform to function and cannot be switched off. They are usually set in response to actions you take, such as logging in or setting your privacy preferences. You can set your browser to block or alert you about these cookies, but some parts of the platform may not work as a result.

Preference cookies enable the platform to remember information that changes the way the platform behaves or looks, like your preferred language or theme.

We use Cloudflare Web Analytics (with your consent) to collect anonymous usage data. This service uses cookies such as __cf_bm for security and bot detection. If you do not consent to analytics cookies, these cookies will not be placed on your device.

You can manage your cookie preferences via your browser settings. For more information, please visit AllAboutCookies.org.

8. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure adequate safeguards are in place, such as standard contractual clauses approved by the European Commission, or the recipient's participation in the EU‑U.S. Data Privacy Framework. You may request further details about these safeguards by contacting us.

Primary Data Storage: Our primary servers are located within the European Union. This provides you with enhanced data protection under EU law.

9. How We Share Your Personal Data

We share your personal data in the following limited circumstances:

10. Data Processors

We engage Fireworks AI as a data processor to provide AI model services. Fireworks AI processes personal data on our behalf under strict contractual data protection obligations that comply with GDPR. For more information about how Fireworks AI handles personal data, please see their privacy policy at https://fireworks.ai/privacy-policy. MindStack SIA (controller) and Fireworks AI (processor) Data Protection and Privacy Policy are fully compliant and aligned with GDPR Acts against Privacy and Data protection.

11. Automated Decision‑Making and AI Accuracy

Our platform uses third‑party AI models to generate responses and recommendations. These processes do not involve automated decision‑making that produces legal or similarly significant effects concerning you. You have the right to obtain human intervention, express your point of view, and contest any automated decision.

AI Accuracy Disclaimer: AI‑generated content (outputs) are produced by third‑party machine learning models. These models generate responses based on patterns in data they were exposed to during their development. These outputs may contain inaccuracies, biases, or factual errors. You should not rely on the factual accuracy of AI‑generated content without independent verification. If you believe AI outputs contain factually inaccurate personal data about you, you may contact us to request correction consideration, subject to technical capabilities and applicable law.

12. Personal Data Relating to Children

Our Services are not directed to children under the age of 16 (or the higher age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data as soon as possible. If you believe we have collected personal data from a child, please contact us immediately at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with a new effective date. If we make material changes, we will notify you via email or a prominent notice on the platform before the changes become effective.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: [email protected]
Postal Address: MindStack SIA, [Provided upon request], Latvia

We use cookies to enhance your experience. By clicking "Accept All", you consent to our use of all cookies (including preference cookies). Click "Essential Only" to limit cookies to those necessary for the platform to function. For more information, please read our Cookie Policy.