Privacy Policy

MindflowAI ("we", "us", "our") operates the website mindflowai.io. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our site, subscribe to our newsletter, or purchase our digital products.

1. Data Controller

MindflowAI is the data controller responsible for your personal data. For privacy inquiries, contact us at [email protected].

2. Information We Collect

We collect only the minimum data necessary to provide our services:

• Newsletter subscription: Email address only
• Product purchases: Email address and name (for delivery and invoicing)
• Automatically collected: IP address, browser type, pages visited, and referring URL (via analytics and server logs)

We do not collect or store payment card details. All payment processing is handled securely by Stripe.

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent: When you subscribe to our newsletter, you give explicit consent. You can withdraw consent at any time by unsubscribing.
• Contract: When you purchase a product, we process your data to fulfill the purchase agreement.
• Legitimate interest: We use analytics to improve our site and content, ensuring minimal impact on your privacy.

4. How We Use Your Information

• To send newsletter emails (only with your consent)
• To deliver purchased digital products
• To send transactional emails (purchase confirmations, download links)
• To improve our content, products, and user experience
• To detect and prevent fraud or abuse

5. Third-Party Services

We share data only with the following service providers, who act as data processors on our behalf:

• Stripe (USA) — Payment processing. Stripe Privacy Policy
• Amazon SES (USA) — Email delivery. AWS Privacy Policy
• Cloudflare (USA) — CDN, DNS, and security. Cloudflare Privacy Policy

We do not sell, rent, or share your personal data with third parties for marketing purposes.

6. International Data Transfers

Some of our service providers are based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

• Newsletter subscribers: We retain your email until you unsubscribe. Upon unsubscription, your data is marked as inactive and permanently deleted within 30 days.
• Customers: We retain purchase records for 7 years to comply with tax and accounting obligations.
• Analytics data: Aggregated, anonymized data is retained indefinitely. Identifiable server logs are deleted after 90 days.

8. Your Rights

Under the GDPR and other applicable privacy laws, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate data
• Erasure — Request deletion of your personal data ("right to be forgotten")
• Restriction — Request that we limit processing of your data
• Portability — Receive your data in a structured, machine-readable format
• Objection — Object to processing based on legitimate interest
• Withdraw consent — Unsubscribe from our newsletter at any time via the link in every email

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe your data has been mishandled.

9. Cookies

We use cookies as follows:

• Essential cookies: Required for site functionality (session management, security). These cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site. These are only set with your consent where required by law.

We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (HTTPS/TLS), secure password hashing, and access controls. However, no method of transmission over the Internet is 100%% secure.

11. Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via our website or email. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions or to exercise your rights:

[email protected]