MindPal Privacy Policy
Last Updated: March 06, 2025
Disclaimer
Summary: MindPal is an AI-powered tool for resume customization and candidate search that respects your privacy. This policy explains our data practices in compliance with global privacy laws.
MindPal Inc. offers an AI-powered resume customization tool and people search tool to discover and engage with job candidates.
MindPal respects your privacy. This Privacy Policy explains how MindPal collects, uses, and discloses personal information from job candidates and website visitors (including representatives of prospective and current business customers), in compliance with applicable data privacy laws such as the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CPRA”).
This Privacy Policy does not apply to personal information that we process on behalf of our customers, such as information pertaining to our customers’ authorized users of our services.
We process this information as instructed by our customers, in our capacity as a service provider/data processor, in accordance with the terms of our customer agreements.
Our Use of MindPal
Summary: MindPal uses AI technology to help customers find and engage talent. We work with providers like OpenAI but protect your data from being used to train their models.
MindPal uses an AI-powered search engine to help customers acquire, engage, and retain talent. Specifically, customers can use MindPal to create search strategies for job applicants who meet certain criteria and generate personalized messages to applicants of interest.
We may use third-party providers such as OpenAI to power parts of our search engine, but we do not allow these providers to train their AI models using your data and we require these providers to delete your data within 30 days unless otherwise required by law.
Information We Collect
Personal Information You Disclose to Us
Summary: We collect information you voluntarily provide when interacting with our services, from creating an account to contacting customer support.
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or contact us.
Categories of Personal Data We Collect:
| Category of Personal Data | Examples of Personal Data We Collect | Categories of Third Parties With Whom We Share this Personal Data |
|---|---|---|
| Profile or Contact Data | First and last name, Address, Email, Phone number, Company name, Unique identifiers (such as passwords for MindPal users) | Service Providers, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Payment Data | Financial account information, Payment card type, Last 4 digits of payment card, Billing name, address, phone number, and email | Service Providers (specifically our payment processing partner, currently Stripe, Inc.) |
| Commercial Data | Purchase history, Consumer profiles | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Device/IP Data | IP address, Device ID, Domain server, Type of device/operating system/browser used to access the Services, Hashed identifiers | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Web Analytics | Web page interactions, Referring webpage/source through which you accessed the Services, Non-identifiable request IDs, Statistics associated with the interaction between device or browser and the Services | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Social Network Data | Email, Usernames/user handles | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Professional or Employment-Related Data | Resume/CV, Job title, Industry, Job history | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Geolocation Data | IP-address-based location information | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Categories of Data Considered “Sensitive” Under the California Privacy Rights Act | Inferences reflecting user attributes | Service Providers, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Other Identifying Information that You Voluntarily Choose to Provide | Identifying information in emails, letters, texts, or other communications you send us, Identifying information in survey responses and contest or sweepstakes submissions | Service Providers, Advertising Partners, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
| Other | Publicly available professional data | Service Providers, Analytics Partners, Business Partners, Parties You Authorize, Access or Authenticate |
Categories of Sources of Personal Data
Summary: We collect your data directly from you, from public records, and from third parties like vendors and social networks.
We collect Personal Data about you from the following categories of sources:
You
- When you provide such information directly to us:
- When you create an account or use our interactive tools and Services.
- When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys or questionnaires.
- When you send us an email or otherwise contact us.
- When you use the Services and such information is collected automatically:
- Through Cookies (defined in the “Tracking Tools, Advertising and Opt-Out” section below).
- If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable.
- If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices.
Public Records
- From the government or other sources.
Third Parties
- Vendors:
- We may use analytics providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
- We may use vendors, including data brokers, to obtain information to generate leads and create user profiles.
- Advertising Partners:
- We receive information about you from some of our vendors who assist us with marketing or promotional services related to how you interact with our websites, applications, products, Services, advertisements, or communications.
- Social Networks:
- If you provide your social network account credentials to us or otherwise sign in to the Services through a third-party site or service, some content and/or information in those accounts may be transmitted into your account with us.
- Other:
- We also scrape the public internet for publicly-available professional data.
Public Information We Collect About Job Candidates
Summary: We collect publicly available professional information about job candidates to provide to our customers, but we avoid collecting sensitive personal data.
If you have a profile, resume, or CV on a publicly-available website, we may collect public information about your professional qualifications and contact information to provide to our customers. This information may include your name, education, qualifications, work history, work title, contact information, and experience. We do not collect sensitive data (e.g., health or political affiliation) from these public sources. We may infer other characteristics about job candidates based on the information provided on their profiles.
Information We Collect from Our Candidates
Summary: All candidate data is collected through our secure application process with your explicit consent.
All information collected and processed in connection with our candidates, including the data we retain and its handling procedures, is accessible during the application submission process via the following link:
By selecting the checkbox, you provide consent for the utilization of your data.
We do not utilize any third-party platforms for candidate applications. All job platforms utilized by our company direct applicants exclusively to our internal application forms. If you encounter an application form outside our domain:
kindly report it to:
Information We Collect from Our Customers
Summary: We collect usage data and statistical activity information from our customers to improve our services.
We prioritize the protection of our customers’ data. When they utilize our services, we gather certain information to enhance user experience and tailor our services to their needs:
- Usage of Our Services: We collect data regarding how customers utilize our services. This includes browsing pages, utilizing features, interacting with content, and other actions taken on our platforms. This information remains fully anonymous unless explicitly provided by the customer.
- Statistical Activity Data: We gather statistical data determining each customer’s activity, such as the date and time of the last activity and the total number of activities on the account. These insights help us understand user behaviors and tailor our services accordingly.
Information We Collect from Our Visitors
Summary: We collect business contact details, account information, communications, and marketing preferences from website visitors.
When you request information about our services, book a demo, contact our sales team or customer support team, or sign up for a MindPal account, you provide us with certain information, such as:
- Business contact details, including your name, job title, email address, and phone number
- Account information, such as your account credentials, billing information, payment information, and other information used to administer your account
- Communications exchanged with us, including questions, feedback, or otherwise
- Marketing information, such as your preferences for receiving communications about our services and publications, and details about how you engage with our communications
- Other information collected in accordance with this Privacy Policy or as disclosed at the time of collection
Social Media Information
Summary: When you interact with our social media pages, we may receive information about you from those platforms.
We may maintain pages on social media platforms, such as Twitter, LinkedIn, Facebook, TikTok, Instagram, and Medium. When you visit or interact with our pages on those platforms, you or the platforms may provide us with information about you.
Information We May Collect from Other Sources
Summary: We may obtain information about business customers or job applicants from third-party sources to enhance our records and services.
We may obtain personal information about business customers or job applicants from third parties, such as marketing partners and data providers, to update, expand, and analyze our records, identify new prospects for sourcing, and provide information or job vacancies that may be of interest to our customers.
Automatic Data Collection
Summary: We automatically collect device data and usage information when you interact with our services.
We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our services, such as:
- Device data, such as your computer’s or mobile device’s operating system, manufacturer and model, browser type, IP address, unique identifiers, language settings, mobile device carrier, and general location information
- Usage data, such as pages or screens viewed, time spent on a page, browsing history, and access times
We may collect this information using cookies and other similar technologies. For more information, please visit our cookie policy:
https://mindpal.co/cookie-policy/
How We Use Personal Information
Use of Job Candidate Information
Summary: We use candidate information to help our customers discover and engage with talent and analyze workforce attributes.
We use job candidate information to help our customers discover and engage with internal and external job candidates and analyze attributes of existing personnel or internal talent. If a job candidate wishes to change or restrict the use of their information by the services, follow the steps in the Privacy Rights and Choices section below.
Use of Information About Website Visitors
Summary: We use visitor information to provide our services, communicate with users, improve our platform, conduct research, and market our products.
To Provide Our Services: We use personal information to operate, maintain, and provide you with our services and to perform our contractual obligations under our Terms and Conditions.
To Communicate About Our Services: We use personal information to respond to your requests, provide customer support, and communicate with you about our services, including by sending announcements, updates, security alerts, and support and administrative messages.
To Improve, Monitor, Personalize, and Protect Our Services: We use personal information to improve and keep our services safe for our users. This includes understanding your needs and interests, personalizing your experience, troubleshooting, testing, and research, and protecting against fraudulent, harmful, unauthorized, or illegal activity.
For Research and Development: We use personal information for research and development purposes, including to analyze and improve the services and our business. This may involve creating or using aggregated, de-identified, or anonymized data.
For Direct Marketing: We may send you direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the Unsubscribe from Direct Marketing Communications section below.
For Compliance and Protection: We use personal information to comply with legal obligations and defend against legal claims or disputes, including to protect rights, privacy, safety, or property, audit internal processes, enforce terms and conditions, prevent fraud, and comply with applicable laws and legal processes.
How We Disclose Personal Information
Summary: We share your information with service providers, advertising partners, analytics partners, and business partners to deliver and improve our services.
We disclose your Personal Data to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Data. For more information, please refer to the state-specific sections below.
Service Providers: These parties help us provide the Services or perform business functions on our behalf, which may be by automated means. They include:
- Hosting, technology, and communication providers.
- Providers of generative AI products integrated into our Services.
- Security and fraud prevention consultants like TrustCloud for compliance and auditing purposes.
- Payment processors, such as our payment processing partner, Stripe, Inc., which collects your voluntarily-provided payment card information necessary to process your payment. Please see Stripe’s terms of service and privacy policy for information on its use and storage of your Personal Data. Stripe complies with PCI DSS standards.
Advertising Partners: These parties help us market our services and provide you with other offers that may be of interest to you. They include:
- Ad networks.
- Data brokers.
- Marketing providers.
Analytics Partners: These parties provide analytics on web traffic or usage of the Services. They include:
- Companies that track how users found or were referred to the Services.
- Companies that track how users interact with the Services.
Business Partners: These parties partner with us in offering various services. They include:
- Businesses that you have a relationship with.
- Companies that we partner with to offer joint promotional offers or opportunities.
Parties You Authorize, Access, or Authenticate:
- Third parties you access through the services.
- Social media services.
- Other users.
Legal Obligations
Summary: We may share your information when required by law or to protect legal rights.
We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal Data” section above.
Business Transfers
Summary: If we undergo a business transition, your data may be transferred to the new entity.
All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
Data that is Not Personal Data
Summary: We may create and share aggregated, de-identified data for our business purposes.
We may create aggregated, de-identified, or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified, or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.
Tracking Tools, Advertising, and Opt-Out
Summary: We use cookies and similar technologies to recognize your browser, improve our services, and personalize your experience.
The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone, or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support “Do Not Track” requests sent from a browser at this time.
We use the following types of Cookies:
- Necessary/Essential Cookies: Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
- Functional Cookies: Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
- Performance/Analytical Cookies: Performance/Analytical Cookies allow us to understand how visitors use our Services. They do this by collecting information about the number of visitors to the Services, what pages visitors view on our Services, and how long visitors are viewing pages on the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google LLC (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.
- Retargeting/Advertising Cookies: Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you. For more information about this, please see the section below titled “Information about Interest-Based Advertisements.”
You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on the acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work.
Explore what Cookie settings are available to you or modify your preferences with respect to Cookies:
- You can change your cookie preferences through the third-party provider (Clickio) banner on our website.
To find out more information about Cookies generally, including information about how to manage and delete Cookies, please visit
http://www.allaboutcookies.org
or
https://ico.org.uk/for-the-public/online/cookies
if you are located in the European Union.
Additionally We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
Information about Interest-based Advertisements
Summary: We may serve targeted advertisements based on your browsing behavior, and you can opt out of interest-based advertising.
We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors, and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, or derived from the usage patterns of particular users on the Services and/or services of third parties. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research, and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.
We comply with the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising. Through the DAA and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of, and greater control over, ads that are customized based on consumers’ online behavior across different websites and properties. To make choices about Interest-Based Ads from participating third parties, including to opt-out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt-out pages, which are located at:
http://www.networkadvertising.org/choices
or
Users in the European Union should visit the European Interactive Digital Advertising Alliance’s user information website
http://www.youronlinechoices.eu
Data Security
Summary: We use appropriate physical, technical, and administrative security measures to protect your information.
We seek to protect your Personal Data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanisms; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.
Data Retention
Summary: We retain your data only as long as necessary for legitimate business purposes and legal compliance.
We retain Personal Data about you only for as long as necessary to fulfill the purposes for which it was collected, including to provide you with our Services, comply with legal obligations, resolve disputes, enforce agreements, or as otherwise permitted or required by applicable laws, rules, or regulations. When determining retention periods, we consider the following factors:
- The nature and sensitivity of the Personal Data.
- The purposes for which the data was collected and processed.
- Legal, contractual, or regulatory obligations that require us to retain the data.
- The potential risk of harm from unauthorized use or disclosure of the data.
- Whether the data is needed for legitimate business purposes (e.g., improving our Services, fraud prevention).
Below are specific retention periods for key categories of Personal Data:
| Category of Personal Data | Retention Period | Legal or Business Justification |
|---|---|---|
| Profile or Contact Data | Retained for as long as you have an active account, plus 2 years after account closure. | To provide Services, comply with legal obligations, and resolve disputes. |
| Payment Data | Retained for 7 years from the date of the last transaction. | To comply with tax, accounting, and financial regulations (e.g., IRS, GDPR). |
| Device/IP Data | Retained for 12 months from the date of collection. | To ensure system functionality, security, and fraud prevention. |
| Professional Experience/Resume Data | Retained for 5 years from the date of submission, unless a “Do Not Sell” request is submitted. | To facilitate job matching and comply with employment laws. |
| Web Analytics Data | Retained for 36 months from the date of collection. | To analyze and improve our Services, and comply with data minimization principles. |
| Social Network Data | Retained for as long as you maintain a connection with the social network, plus 1 year. | To enable social media integrations and improve user experience. |
| Geolocation Data | Retained for 6 months from the date of collection. | To provide location-based Services and comply with data minimization principles. |
| Sensitive Data | Retained only for as long as necessary to fulfill the specific purpose for which it was collected. | To comply with GDPR Article 9 and CPRA requirements for sensitive data processing. |
| Marketing Data | Retained for 3 years from the date of last engagement with our marketing materials. | To comply with marketing regulations and analyze campaign effectiveness. |
Personal Data of Children
Summary: We do not knowingly collect data from children and will delete such information if discovered.
We do not knowingly collect or solicit Personal Data from children below the applicable legal age in their jurisdiction. If you are under 16 in California or under 13–16 in the EU (depending on local regulations), please do not attempt to register for or use our Services or provide us with any Personal Data. If we become aware that we have collected Personal Data from a child below the applicable age, we will delete it as soon as possible. If you believe a child may have provided us with Personal Data, please contact us at:
California Resident Rights
Summary: California residents have specific rights regarding their personal information, including access, deletion, correction, and opt-out rights.
If you are a California resident, you have the rights set forth in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data.
If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at:
Access
Summary: You can request information about what personal data we’ve collected about you.
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:
- The categories of Personal Data that we have collected about you.
- The categories of sources from which that Personal Data was collected.
- The business or commercial purpose for collecting or selling your Personal Data.
- The categories of third parties with whom we have shared your Personal Data.
- The specific pieces of Personal Data that we have collected about you.
- If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third-party recipient.
Deletion
Summary: You can request that we delete your personal information, subject to certain exceptions.
You have the right to request that we delete the Personal Data that we have collected about you. Under the CPRA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested, or if deletion of your Personal Data involves disproportionate effort. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Correction
Summary: You can request correction of inaccurate personal information.
You have the right to request that we correct any inaccurate Personal Data we have collected about you. Under the CPRA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your Personal Data, that such data is correct. If your correction request is subject to one of these exceptions, we may deny your request.
Personal Data Sales Opt-Out and Opt-In
Summary: You can opt out of the sale of your personal information to third parties.
In this section, we use the term ‘sell’ as it is defined in the CPRA. We sell your Personal Data, subject to your right to opt-out of these sales.
As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third-party Cookies for online advertising may be considered a “sale” of information. You can opt-out of these sales by following the instructions in this section.
We sell your Personal Data to the following categories of third parties:
- Ad Networks.
- Marketing providers.
Over the past 12 months, we have sold the following categories of your Personal Data to categories of third parties listed above:
- Profile or Contact Data
- Commercial Data
- Device/IP Data
- Web Analytics
- Social Network Data
- Consumer Demographic Data
- Professional or Employment-Related Data
- Geolocation Data
- Categories of Data Considered “Sensitive” Under the California Privacy Rights Act
- Inferences Drawn From Other Personal Data Collected
- Other
We have sold the foregoing categories of Personal Data for the following business or commercial purposes:
- Improving the Services, including testing, research, internal analytics, and product development.
- Personalizing the Services, website content, and communications based on your preferences.
- Doing fraud protection, security, and debugging.
- Marketing and selling the Services.
- Showing you advertisements, including interest-based or online behavioral advertising.
You have the right to opt-out of the sale of your Personal Data. You can opt-out using the following methods:
- Email us at optout@mindpal.co
- By implementing the Global Privacy Control or similar control that is legally recognized by a government agency or industry standard. Please note this does not include Do Not Track signals.
Once you have submitted an opt-out request, we will not ask you to reauthorize the sale of your Personal Data for at least 12 months.
To our knowledge, we do not sell the Personal Data of minors under 16 years of age.
Personal Data Sharing Opt-Out and Opt-In
Summary: You can opt out of our sharing your data for cross-contextual behavioral advertising.
Under the CPRA, California residents have certain rights when a business “shares” Personal Data with third parties for purposes of cross-contextual behavioral advertising. We have shared the foregoing categories of Personal Data for the purposes of cross-contextual behavioral advertising:
- Profile or Contact Data
- Commercial Data
- Device/IP Data
- Web Analytics
- Social Network Data
- Consumer Demographic Data
- Professional or Employment-Related Data
- Geolocation Data
- Categories of Data Considered “Sensitive” Under the California Privacy Rights Act
- Inferences Drawn From Other Personal Data Collected
- Other
As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third-party Cookies for online advertising may be considered a “sale” of information. You can opt out of data selling and/or sharing by following the instructions in this section.
We share Personal Data with the following categories of third parties:
- Ad Networks.
- Marketing providers (including for cross-contextual behavioral advertising purposes).
Over the past 12 months, we have shared the following categories of Personal Data with the categories of third parties listed for the following purposes:
- Marketing and selling the Services.
- Showing you advertisements, including interest-based or online behavioral advertising.
You have the right to opt-out of the sharing of your Personal Data. You can opt-out using the following methods:
- You can email us at optout@mindpal.co
Once you have submitted an opt-out request, we will not ask you to reauthorize the sharing of your Personal Data for at least 12 months.
To our knowledge, we do not share the Personal Data of minors under 16 years of age.
We will not discriminate against you for exercising your rights under the CPRA.
EU and UK Residents
Summary: Residents of the EU, UK, and related countries have additional rights under GDPR, including control over the legal basis for processing your data.
If you are a resident of the European Union (“EU”), United Kingdom (“UK”), Liechtenstein, Norway, or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage, and disclosure. MindPal will be the controller of your Personal Data processed in connection with the Services.
If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at:
Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
Personal Data We Collect
Summary: See the “Categories of Personal Data We Collect” section for details on what we collect.
The “Categories of Personal Data We Collect” section above details the Personal Data that we collect from you.
Personal Data Use and Processing Grounds
Summary: We process your data based on contractual necessity, legitimate interests, consent, and other legal grounds as required.
The “Our Commercial or Business Purposes for Collecting Personal Data” section above explains how we use your Personal Data.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
- Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity,” meaning that we need to process the data to perform under our Terms and Conditions with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data. Profile or Contact Data, Payment Data, Commercial Data.
- Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties: Profile or Contact Data, Payment Data, Commercial Data, Device/IP Data, Web Analytics, Social Network Data, Consumer Demographic Data, Professional or Employment-Related Data, Geolocation Data, Categories of Data Considered “Sensitive” Under the California Privacy Rights Act Inferences Drawn From Other Personal Data Collected, Other Identifying Information that You Voluntarily Choose to Provide, Other. We may also de-identify or anonymize Personal Data to further our legitimate interests.
- Examples of these legitimate interests include (as described in more detail above): Providing, customizing, and improving the Services; Marketing the Services; Corresponding with you; Meeting legal requirements and enforcing legal terms; Completing corporate transactions.
- Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
- Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
Sharing Personal Data
Summary: See “How We Share Your Personal Data” section for details on third parties we share data with.
The “How We Share Your Personal Data” section above details how we share your Personal Data with third parties.
Transfers of Personal Data
Summary: Our services are hosted in the US and other regions; your data may be transferred across borders with appropriate safeguards.
The Services are hosted and operated in the United States (“U.S.”) as well as in other regions, including Europe, through MindPal and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to MindPal in the U.S. and will be hosted on U.S. servers, and you authorize MindPal to transfer, store, and process your information to and in the U.S., and possibly other countries. In some circumstances, your Personal Data may be transferred to the U.S. pursuant to a data processing agreement incorporating standard data protection clauses.
Privacy Rights and Choices
Summary: You can control your data through unsubscribe options, tracking opt-outs, and privacy rights requests, subject to certain limitations.
Unsubscribe from Direct Marketing Communications: Opt-out instructions are provided in marketing communications. Service-related and non-marketing communications may still be received.
Online Tracking Opt-Out: Third-party cookies can be opted out by reaching:
Privacy Rights Requests: Depending on your location, you may request access to, correction of, deletion of, or restriction of processing of your personal information. To make a request, please email us or write to us as provided in the How to Contact Us section below.
Limits on Your Privacy Rights and Choices: Your choices may be limited where fulfilling your request would impair others’ rights, our ability to provide services, or comply with legal obligations. Complaints can be submitted to data protection regulators where you live or work.
International Data Transfers
Summary: We transfer data globally with appropriate safeguards to protect your information.
We may transfer personal information to our affiliates and service providers in the United States and other jurisdictions. Relevant safeguards will be in place to afford adequate protection for personal information. For more information, please contact us as set out in the How to Contact Us section below.
Retention of Personal Information
Summary: We keep your data only as long as necessary, based on purpose, sensitivity, risk, and legal requirements.
We retain personal information only as long as necessary for the purposes it was collected and processed, in accordance with retention policies and applicable laws. Retention periods are determined based on the nature and sensitivity of the personal information, risk of harm, and legal and regulatory requirements.
Other Sites and Services
Summary: We’re not responsible for third-party websites or services linked from our platform.
Our services may contain links to third-party websites and services. We are not responsible for their actions. This Privacy Policy does not apply to such third-party sites or services.
Data Security
Summary: We use strong security measures including AES-256 encryption, but no system is 100% secure.
We employ technical, organizational, and physical safeguards to protect personal information. However, no security measures are failsafe, and we cannot guarantee the security of your personal information.
We use AES-256 encryption for data at rest.
Children
Summary: Our services are not intended for users under 16; we delete any inadvertently collected children’s data.
Our services are not intended for children under 16 years of age. If we learn we have collected personal information from a child under 16 without consent, we will delete it.
Changes to This Privacy Policy
Summary: We’ll notify you of material policy changes via email or in-app alerts.
We reserve the right to modify this Privacy Policy at any time. If material changes are made, we will notify you. Methods we may use for notification:
- in-app alerts
How to Contact Us
Summary: Contact MindPal Inc. via email or mail with any privacy questions or concerns.
Responsible Entity: MindPal Inc. is the entity responsible for processing personal information under this Privacy Policy.
Contact Information: If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at:
or write to us at:
MindPal, Inc. 415 Mission St, San Francisco, CA 94105
