Last Updated: March 06, 2025
Summary: MindPal is an AI-powered tool for resume customization and candidate search that respects your privacy. This policy explains our data practices in compliance with global privacy laws.
MindPal Inc. offers an AI-powered resume customization tool and people search tool to discover and engage with job candidates.
MindPal respects your privacy. This Privacy Policy explains how MindPal collects, uses, and discloses personal information from job candidates and website visitors (including representatives of prospective and current business customers), in compliance with applicable data privacy laws such as the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CPRA”).
This Privacy Policy does not apply to personal information that we process on behalf of our customers, such as information pertaining to our customers’ authorized users of our services.
We process this information as instructed by our customers, in our capacity as a service provider/data processor, in accordance with the terms of our customer agreements.
Summary: MindPal uses AI technology to help customers find and engage talent. We work with providers like OpenAI but protect your data from being used to train their models.
MindPal uses an AI-powered search engine to help customers acquire, engage, and retain talent. Specifically, customers can use MindPal to create search strategies for job applicants who meet certain criteria and generate personalized messages to applicants of interest.
We may use third-party providers such as OpenAI to power parts of our search engine, but we do not allow these providers to train their AI models using your data and we require these providers to delete your data within 30 days unless otherwise required by law.
Summary: We collect information you voluntarily provide when interacting with our services, from creating an account to contacting customer support.
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or contact us.
Categories of Personal Data We Collect:
Category of Personal Data | Examples of Personal Data We Collect | Categories of Third Parties With Whom We Share this Personal Data |
---|---|---|
Profile or Contact Data | First and last name, Address, Email, Phone number, Company name, Unique identifiers (such as passwords for MindPal users) | Service Providers, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Payment Data | Financial account information, Payment card type, Last 4 digits of payment card, Billing name, address, phone number, and email | Service Providers (specifically our payment processing partner, currently Stripe, Inc.) |
Commercial Data | Purchase history, Consumer profiles | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Device/IP Data | IP address, Device ID, Domain server, Type of device/operating system/browser used to access the Services, Hashed identifiers | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Web Analytics | Web page interactions, Referring webpage/source through which you accessed the Services, Non-identifiable request IDs, Statistics associated with the interaction between device or browser and the Services | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Social Network Data | Email, Usernames/user handles | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Professional or Employment-Related Data | Resume/CV, Job title, Industry, Job history | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Geolocation Data | IP-address-based location information | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Categories of Data Considered “Sensitive” Under the California Privacy Rights Act | Inferences reflecting user attributes | Service Providers, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Other Identifying Information that You Voluntarily Choose to Provide | Identifying information in emails, letters, texts, or other communications you send us, Identifying information in survey responses and contest or sweepstakes submissions | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Other | Publicly available professional data | Service Providers, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Summary: We collect your data directly from you, from public records, and from third parties like vendors and social networks.
We collect Personal Data about you from the following categories of sources:
You
Public Records
Third Parties
Summary: We collect publicly available professional information about job candidates to provide to our customers, but we avoid collecting sensitive personal data.
If you have a profile, resume, or CV on a publicly-available website, we may collect public information about your professional qualifications and contact information to provide to our customers. This information may include your name, education, qualifications, work history, work title, contact information, and experience. We do not collect sensitive data (e.g., health or political affiliation) from these public sources. We may infer other characteristics about job candidates based on the information provided on their profiles.
Summary: All candidate data is collected through our secure application process with your explicit consent.
All information collected and processed in connection with our candidates, including the data we retain and its handling procedures, is accessible during the application submission process via the following link:
By selecting the checkbox, you provide consent for the utilization of your data.
We do not utilize any third-party platforms for candidate applications. All job platforms utilized by our company direct applicants exclusively to our internal application forms. If you encounter an application form outside our domain:
kindly report it to:
Summary: We collect usage data and statistical activity information from our customers to improve our services.
We prioritize the protection of our customers’ data. When they utilize our services, we gather certain information to enhance user experience and tailor our services to their needs:
Summary: We collect business contact details, account information, communications, and marketing preferences from website visitors.
When you request information about our services, book a demo, contact our sales team or customer support team, or sign up for a MindPal account, you provide us with certain information, such as:
Summary: When you interact with our social media pages, we may receive information about you from those platforms.
We may maintain pages on social media platforms, such as Twitter, LinkedIn, Facebook, TikTok, Instagram, and Medium. When you visit or interact with our pages on those platforms, you or the platforms may provide us with information about you.
Summary: We may obtain information about business customers or job applicants from third-party sources to enhance our records and services.
We may obtain personal information about business customers or job applicants from third parties, such as marketing partners and data providers, to update, expand, and analyze our records, identify new prospects for sourcing, and provide information or job vacancies that may be of interest to our customers.
Summary: We automatically collect device data and usage information when you interact with our services.
We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our services, such as:
We may collect this information using cookies and other similar technologies. For more information, please visit our cookie policy:
https://mindpal.co/cookie-policy/
Summary: We use candidate information to help our customers discover and engage with talent and analyze workforce attributes.
We use job candidate information to help our customers discover and engage with internal and external job candidates and analyze attributes of existing personnel or internal talent. If a job candidate wishes to change or restrict the use of their information by the services, follow the steps in the Privacy Rights and Choices section below.
Summary: We use visitor information to provide our services, communicate with users, improve our platform, conduct research, and market our products.
To Provide Our Services: We use personal information to operate, maintain, and provide you with our services and to perform our contractual obligations under our Terms and Conditions.
To Communicate About Our Services: We use personal information to respond to your requests, provide customer support, and communicate with you about our services, including by sending announcements, updates, security alerts, and support and administrative messages.
To Improve, Monitor, Personalize, and Protect Our Services: We use personal information to improve and keep our services safe for our users. This includes understanding your needs and interests, personalizing your experience, troubleshooting, testing, and research, and protecting against fraudulent, harmful, unauthorized, or illegal activity.
For Research and Development: We use personal information for research and development purposes, including to analyze and improve the services and our business. This may involve creating or using aggregated, de-identified, or anonymized data.
For Direct Marketing: We may send you direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the Unsubscribe from Direct Marketing Communications section below.
For Compliance and Protection: We use personal information to comply with legal obligations and defend against legal claims or disputes, including to protect rights, privacy, safety, or property, audit internal processes, enforce terms and conditions, prevent fraud, and comply with applicable laws and legal processes.
Summary: We share your information with service providers, advertising partners, analytics partners, and business partners to deliver and improve our services.
We disclose your Personal Data to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Data. For more information, please refer to the state-specific sections below.
Service Providers: These parties help us provide the Services or perform business functions on our behalf, which may be by automated means. They include:
Advertising Partners: These parties help us market our services and provide you with other offers that may be of interest to you. They include:
Analytics Partners: These parties provide analytics on web traffic or usage of the Services. They include:
Business Partners: These parties partner with us in offering various services. They include:
Parties You Authorize, Access, or Authenticate:
Summary: We may share your information when required by law or to protect legal rights.
We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal Data” section above.
Summary: If we undergo a business transition, your data may be transferred to the new entity.
All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
Summary: We may create and share aggregated, de-identified data for our business purposes.
We may create aggregated, de-identified, or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified, or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.
Summary: We use cookies and similar technologies to recognize your browser, improve our services, and personalize your experience.
The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone, or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support “Do Not Track” requests sent from a browser at this time.
We use the following types of Cookies:
You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on the acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work.
Explore what Cookie settings are available to you or modify your preferences with respect to Cookies:
To find out more information about Cookies generally, including information about how to manage and delete Cookies, please visit
http://www.allaboutcookies.org
or
https://ico.org.uk/for-the-public/online/cookies
if you are located in the European Union.
Additionally We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
Summary: We may serve targeted advertisements based on your browsing behavior, and you can opt out of interest-based advertising.
We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors, and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, or derived from the usage patterns of particular users on the Services and/or services of third parties. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research, and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.
We comply with the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising. Through the DAA and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of, and greater control over, ads that are customized based on consumers’ online behavior across different websites and properties. To make choices about Interest-Based Ads from participating third parties, including to opt-out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt-out pages, which are located at:
http://www.networkadvertising.org/choices
or
Users in the European Union should visit the European Interactive Digital Advertising Alliance’s user information website
http://www.youronlinechoices.eu
Summary: We use appropriate physical, technical, and administrative security measures to protect your information.
We seek to protect your Personal Data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanisms; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.
Summary: We retain your data only as long as necessary for legitimate business purposes and legal compliance.
We retain Personal Data about you only for as long as necessary to fulfill the purposes for which it was collected, including to provide you with our Services, comply with legal obligations, resolve disputes, enforce agreements, or as otherwise permitted or required by applicable laws, rules, or regulations. When determining retention periods, we consider the following factors:
Below are specific retention periods for key categories of Personal Data:
Category of Personal Data | Retention Period | Legal or Business Justification |
---|---|---|
Profile or Contact Data | Retained for as long as you have an active account, plus 2 years after account closure. | To provide Services, comply with legal obligations, and resolve disputes. |
Payment Data | Retained for 7 years from the date of the last transaction. | To comply with tax, accounting, and financial regulations (e.g., IRS, GDPR). |
Device/IP Data | Retained for 12 months from the date of collection. | To ensure system functionality, security, and fraud prevention. |
Professional Experience/Resume Data | Retained for 5 years from the date of submission, unless a “Do Not Sell” request is submitted. | To facilitate job matching and comply with employment laws. |
Web Analytics Data | Retained for 36 months from the date of collection. | To analyze and improve our Services, and comply with data minimization principles. |
Social Network Data | Retained for as long as you maintain a connection with the social network, plus 1 year. | To enable social media integrations and improve user experience. |
Geolocation Data | Retained for 6 months from the date of collection. | To provide location-based Services and comply with data minimization principles. |
Sensitive Data | Retained only for as long as necessary to fulfill the specific purpose for which it was collected. | To comply with GDPR Article 9 and CPRA requirements for sensitive data processing. |
Marketing Data | Retained for 3 years from the date of last engagement with our marketing materials. | To comply with marketing regulations and analyze campaign effectiveness. |
Summary: We do not knowingly collect data from children and will delete such information if discovered.
We do not knowingly collect or solicit Personal Data from children below the applicable legal age in their jurisdiction. If you are under 16 in California or under 13–16 in the EU (depending on local regulations), please do not attempt to register for or use our Services or provide us with any Personal Data. If we become aware that we have collected Personal Data from a child below the applicable age, we will delete it as soon as possible. If you believe a child may have provided us with Personal Data, please contact us at:
Summary: California residents have specific rights regarding their personal information, including access, deletion, correction, and opt-out rights.
If you are a California resident, you have the rights set forth in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data.
If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at:
Summary: You can request information about what personal data we’ve collected about you.
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:
Summary: You can request that we delete your personal information, subject to certain exceptions.
You have the right to request that we delete the Personal Data that we have collected about you. Under the CPRA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested, or if deletion of your Personal Data involves disproportionate effort. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Summary: You can request correction of inaccurate personal information.
You have the right to request that we correct any inaccurate Personal Data we have collected about you. Under the CPRA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your Personal Data, that such data is correct. If your correction request is subject to one of these exceptions, we may deny your request.
Summary: You can opt out of the sale of your personal information to third parties.
In this section, we use the term ‘sell’ as it is defined in the CPRA. We sell your Personal Data, subject to your right to opt-out of these sales.
As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third-party Cookies for online advertising may be considered a “sale” of information. You can opt-out of these sales by following the instructions in this section.
We sell your Personal Data to the following categories of third parties:
Over the past 12 months, we have sold the following categories of your Personal Data to categories of third parties listed above:
We have sold the foregoing categories of Personal Data for the following business or commercial purposes:
You have the right to opt-out of the sale of your Personal Data. You can opt-out using the following methods:
Once you have submitted an opt-out request, we will not ask you to reauthorize the sale of your Personal Data for at least 12 months.
To our knowledge, we do not sell the Personal Data of minors under 16 years of age.
Summary: You can opt out of our sharing your data for cross-contextual behavioral advertising.
Under the CPRA, California residents have certain rights when a business “shares” Personal Data with third parties for purposes of cross-contextual behavioral advertising. We have shared the foregoing categories of Personal Data for the purposes of cross-contextual behavioral advertising:
As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third-party Cookies for online advertising may be considered a “sale” of information. You can opt out of data selling and/or sharing by following the instructions in this section.
We share Personal Data with the following categories of third parties:
Over the past 12 months, we have shared the following categories of Personal Data with the categories of third parties listed for the following purposes:
You have the right to opt-out of the sharing of your Personal Data. You can opt-out using the following methods:
Once you have submitted an opt-out request, we will not ask you to reauthorize the sharing of your Personal Data for at least 12 months.
To our knowledge, we do not share the Personal Data of minors under 16 years of age.
We will not discriminate against you for exercising your rights under the CPRA.
Summary: Residents of the EU, UK, and related countries have additional rights under GDPR, including control over the legal basis for processing your data.
If you are a resident of the European Union (“EU”), United Kingdom (“UK”), Liechtenstein, Norway, or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage, and disclosure. MindPal will be the controller of your Personal Data processed in connection with the Services.
If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at:
Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
Summary: See the “Categories of Personal Data We Collect” section for details on what we collect.
The “Categories of Personal Data We Collect” section above details the Personal Data that we collect from you.
Summary: We process your data based on contractual necessity, legitimate interests, consent, and other legal grounds as required.
The “Our Commercial or Business Purposes for Collecting Personal Data” section above explains how we use your Personal Data.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
Summary: See “How We Share Your Personal Data” section for details on third parties we share data with.
The “How We Share Your Personal Data” section above details how we share your Personal Data with third parties.
Summary: Our services are hosted in the US and other regions; your data may be transferred across borders with appropriate safeguards.
The Services are hosted and operated in the United States (“U.S.”) as well as in other regions, including Europe, through MindPal and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to MindPal in the U.S. and will be hosted on U.S. servers, and you authorize MindPal to transfer, store, and process your information to and in the U.S., and possibly other countries. In some circumstances, your Personal Data may be transferred to the U.S. pursuant to a data processing agreement incorporating standard data protection clauses.
Summary: You can control your data through unsubscribe options, tracking opt-outs, and privacy rights requests, subject to certain limitations.
Unsubscribe from Direct Marketing Communications: Opt-out instructions are provided in marketing communications. Service-related and non-marketing communications may still be received.
Online Tracking Opt-Out: Third-party cookies can be opted out by reaching:
Privacy Rights Requests: Depending on your location, you may request access to, correction of, deletion of, or restriction of processing of your personal information. To make a request, please email us or write to us as provided in the How to Contact Us section below.
Limits on Your Privacy Rights and Choices: Your choices may be limited where fulfilling your request would impair others’ rights, our ability to provide services, or comply with legal obligations. Complaints can be submitted to data protection regulators where you live or work.
Summary: We transfer data globally with appropriate safeguards to protect your information.
We may transfer personal information to our affiliates and service providers in the United States and other jurisdictions. Relevant safeguards will be in place to afford adequate protection for personal information. For more information, please contact us as set out in the How to Contact Us section below.
Summary: We keep your data only as long as necessary, based on purpose, sensitivity, risk, and legal requirements.
We retain personal information only as long as necessary for the purposes it was collected and processed, in accordance with retention policies and applicable laws. Retention periods are determined based on the nature and sensitivity of the personal information, risk of harm, and legal and regulatory requirements.
Summary: We’re not responsible for third-party websites or services linked from our platform.
Our services may contain links to third-party websites and services. We are not responsible for their actions. This Privacy Policy does not apply to such third-party sites or services.
Summary: We use strong security measures including AES-256 encryption, but no system is 100% secure.
We employ technical, organizational, and physical safeguards to protect personal information. However, no security measures are failsafe, and we cannot guarantee the security of your personal information.
We use AES-256 encryption for data at rest.
Summary: Our services are not intended for users under 16; we delete any inadvertently collected children’s data.
Our services are not intended for children under 16 years of age. If we learn we have collected personal information from a child under 16 without consent, we will delete it.
Summary: We’ll notify you of material policy changes via email or in-app alerts.
We reserve the right to modify this Privacy Policy at any time. If material changes are made, we will notify you. Methods we may use for notification:
Summary: Contact MindPal Inc. via email or mail with any privacy questions or concerns.
Responsible Entity: MindPal Inc. is the entity responsible for processing personal information under this Privacy Policy.
Contact Information: If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at:
or write to us at:
MindPal, Inc. 415 Mission St, San Francisco, CA 94105
Subscribe to our Newsletter!
Join our newsletter to get newest updates and career guides.
By submitting, you accept our Privacy Policy.
FOR CANDIDATES
FOR RECRUITERS