MindMaking LogoMindMaking
Sub-ProcessorsBack to home

Privacy Policy

MindMaking, Inc. · Effective Date: February 1, 2026

1. About MindMaking

MindMaking is a conversation intelligence platform that helps businesses analyze their communications using artificial intelligence. Our platform processes audio recordings and emails to generate sentiment analysis, conversation insights, and analytics.

  • Website: https://www.mindmaking.com
  • Contact: privacy@mindmaking.com
  • Status: Beta / Pre-Revenue

2. Who This Policy Applies To

  • Website visitors to www.mindmaking.com
  • Beta participants and prospects evaluating our platform
  • Business customers who use our SaaS platform

Important: If you are an end user whose communications are being analyzed through our platform (e.g., a customer calling a business that uses MindMaking), your data is controlled by that business, not by us. Contact them directly about your privacy rights. We process that data only on their behalf as their service provider.

3. Information We Collect

3.1 Website Visitors

IP address, browser type, pages visited. Cookies for website functionality and analytics (Google Analytics with IP anonymization).

3.2 Beta Participants & Customers

  • Account information (name, email, company name, phone number)
  • Billing information (when we launch paid plans)
  • Usage data (features used, session times, technical logs)

3.3 Communications Data (Processed for Our Customers)

When business customers use the platform, we process:

  • Audio recordings of phone calls, meetings, and voice messages
  • Email content including headers, body text, and metadata
  • Metadata (timestamps, duration, participants, communication type)
  • AI-generated insights (transcripts, sentiment scores, summaries, topics)

We process this data as a service provider on behalf of our customers. Our customers are responsible for obtaining necessary consent from their end users before submitting communications to our platform.

4. How We Use Information

4.1 Website Visitors

  • Operate and improve our website
  • Understand traffic patterns and user interests
  • Respond to inquiries

4.2 Beta Participants & Customers

  • Provide access to our platform
  • Deliver customer support
  • Send product updates and service notifications
  • Process billing (when launched)
  • Improve our platform based on usage patterns

4.3 Communications Data

We process communications data only as instructed by our customers to:

  • Generate AI-powered transcripts and analysis
  • Calculate sentiment scores
  • Extract conversation topics and insights
  • Create analytics and reports
  • Deliver results to the customer

We do NOT:

  • Use customer communications data for our own purposes
  • Share customer data with third parties (except service providers)
  • Use customer data to train AI models (unless separately agreed)
  • Make automated decisions affecting individuals

5. Legal Basis for Processing (GDPR)

5.1 For Website Visitors and Customers

  • Consent: When you sign up for updates or beta access
  • Contract: To provide our platform services
  • Legitimate Interests: Website analytics, security, service improvement

5.2 For Communications Data

We process as a data processor on behalf of our customers under contract. Our customers are the data controllers responsible for establishing legal basis for processing their end users' data.

6. How We Share Information

6.1 Service Providers (Sub-Processors)

We use third-party service providers to operate our platform. A current list of sub-processors can be found on our Sub-Processors page.

All service providers are contractually required to protect data and use it only for providing services to us.

6.2 With Your Business Customers

If your communication was processed through our platform, your data and analysis results are shared with the business customer who submitted it.

6.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our legal rights.

6.4 Business Transfers

If we are acquired or merged, customer data may be transferred. We will notify customers before any such transfer.

7. International Data Transfers

We are based in the United States. If you are in the European Economic Area (EEA), UK, or Switzerland:

  • We will implement Standard Contractual Clauses (SCCs) before processing EU customer data at scale
  • Our service providers may process data in the US and other countries
  • We will document transfer mechanisms before commercial launch

Current beta status: We are implementing appropriate safeguards for international transfers and will update this policy before general availability.

8. Data Retention

8.1 Website Analytics

Retained for 26 months (Google Analytics default).

8.2 Account Information

  • Retained while account is active
  • Terminated accounts: data deleted within 30 days; a copy of your data is provided when you terminate
  • Backups deleted within 90 days
  • Billing records retained per tax law requirements
  • We may retain longer when required by law (e.g. legal hold)

8.3 Communications Data

  • Retention controlled by customers — we store data as long as the customer maintains their account
  • Automatic deletion within 30 days after customer account termination
  • Customer-initiated deletion honored immediately
  • Backups deleted within 90 days

9. Your Rights

9.1 Website Visitors and Customers

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete information (subject to legal requirements)
  • Export your data in machine-readable format (vCon format)
  • Object to certain processing
  • Withdraw consent at any time

To exercise rights: Email privacy@mindmaking.com. We will respond within 30 days (may extend to 60 days for complex requests).

9.2 End Users (People Whose Communications Are Processed)

  1. Contact the business that recorded you — they control your data.
  2. If you cannot reach them, email privacy@mindmaking.com and we will assist.

You also have rights to access, correction, deletion, data portability, objection, and to complain to data protection authorities.

10. Security

We implement industry-standard security measures, including:

  • Encryption in transit (TLS) and at rest
  • Multi-factor authentication
  • Role-based access controls
  • Regular security updates and patches
  • Vendor security assessments
  • Security monitoring and logging

We will notify affected parties within 72 hours of discovering a personal data breach, as required by applicable law.

11. Cookies

We do not use advertising or marketing cookies.

12. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect information from children. If you believe a child has provided us information, contact privacy@mindmaking.com immediately.

13. California Privacy Rights (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect and how it's used
  • Delete personal information (with exceptions)
  • Opt-out of sale (we do not sell personal information)
  • Non-discrimination for exercising these rights

California contact: privacy@mindmaking.com

14. Data Processing for Business Customers

If you are a business customer using our platform:

  • You are the data controller for your end users' communications
  • We are the data processor acting on your instructions

You are responsible for obtaining necessary consent from your end users and for complying with applicable data protection laws. Data Processing Agreement: Available for business customers at [URL to be added].

15. Updates to This Policy

We will notify you of material changes by email to account holders, prominent notice on our website, and in-platform notification (when available).

16. Contact Us

  • Privacy questions: privacy@mindmaking.com
  • General inquiries: contact@mindmaking.com
  • Website: https://www.mindmaking.com
  • Mailing address: MindMaking, 6304 Briarcliff Way, Frederick, MD 21701

Data Protection Inquiries & Complaints

Contact us at privacy@mindmaking.com. End users whose data was processed should contact the business that submitted their data.

Complaints: EU/EEA — https://edpb.europa.eu; UK — https://ico.org.uk; California — California Privacy Protection Agency.

Last updated: February 1, 2026