Mindola
Sign in Start free
legal · privacy

Your knowledge stays yours.

Plain-English summary of how we handle personal data, the contractual DPA, the subprocessor list, and the full cookie disclosure - all on one page so you don't have to bounce between tabs. Last updated 2026-05-23.

1. Who we are

Mindola is the data controller for personal data we collect about you as our customer, and the data processor for personal data about your visitors that flows through your lens. Contact: security@mindola.ai.

2. The legal frameworks we honour

Mindola is built around the EU regulatory baseline: GDPR (EU 2016/679) + UAVG (NL), the EU AI Act (Reg. 2024/1689) - we fall under Article 50 transparency obligations from 2 Aug 2026, the ePrivacy Directive + NL Telecommunications Act, the Digital Services Act (EU 2022/2065), the DSM Copyright Directive (2019/790), the EU Consumer Rights Directive + NL Civil Code Book 6, and the NL Portretrecht (Auteurswet Art. 19-21).

3. What we collect, and why

Account data

  • Identity: email, password hash, name, optional avatar. Legal basis: contract (GDPR Art. 6(1)(b)).
  • Billing: Stripe customer ID, plan, invoice metadata. Legal basis: contract.
  • Usage counters: requests per day for plan limits. Legal basis: legitimate interest (Art. 6(1)(f)).

Your knowledge

  • Captures (text, links, files, voice memos, conversations) and the chunks + embeddings we derive from them. Legal basis: contract - necessary to deliver the service.
  • Voice recordings used to clone the owner's voice are biometric data under GDPR Article 9. We rely on explicit consent (Art. 9(2)(a)) collected via a standalone consent form, never bundled with the general Terms.

Visitor data on your lens

  • Chat messages (text) and the lens replies. Legal basis: contract (necessary for the service).
  • Voice during a call. We stream and process; we don't persist the audio. Transcripts are opt-in and default to 12-month retention.
  • Pseudonymous session identifier + IP + user agent. Legal basis: legitimate interest (security, fraud prevention, basic analytics).

4. Voice as biometric data (Art. 9)

Voice samples used for cloning are special-category biometric data. We treat them with the highest bar GDPR sets:

  • Standalone consent on its own page, not buried in the Terms. Three distinct checkboxes plus a typed legal-name signature.
  • Receipt: timestamp, IP, browser fingerprint, and a SHA-256 hash of the consent text are stored. PDF emailed to the owner.
  • Withdraw as easily as you gave it (Art. 7(3)). The "Revoke my voice" button lives in the dashboard with the same click depth as the consent path; revocation deletes the voice model from ElevenLabs and the original sample within 24 hours.
  • The original 1-min sample is deleted after the voice model trains successfully. Only the model ID is retained.

5. AI disclosure (EU AI Act Article 50)

  • Every visitor sees a persistent "AI version of [Owner]" badge in the chat header - not dismissable. (Art. 50(1).)
  • Voice calls open with an "I'm an AI version of [Owner]" audio cue. (Art. 50(3).)
  • The lens footer carries a deepfake notice when the persona resembles a real person. (Art. 50(4).)
  • If a visitor asks "are you human?" the lens always says it's an AI. This is a platform-level safety layer; owners can't override it.

6. Age gating

The digital-consent age in the Netherlands is 16 (UAVG Art. 5 + GDPR Art. 8). Visitors confirm they are 16 or older on first visit to any lens; under-16 entry is blocked. We do not offer parental-consent flows, so accounts and lenses targeted at minors are out of scope.

7. What we never do

  • Train any model on your data. Not ours, not OpenAI's, not Anthropic's, not anyone's. The "no-training" path is documented with each vendor; details in the DPA section below.
  • Sell your data. No brokers, no ad networks.
  • Share what you wrote. Lenses are scoped to spaces you explicitly attach.

8. Subprocessors

A small list of vendors actually deliver the product. The authoritative, version-tracked list lives in the subprocessors section below with locations and purposes. Material additions are announced 30 days in advance so you can object before they take effect.

9. Your rights (GDPR)

  • Access / rectification - every field is editable in the app. For anything else, mail security@mindola.ai.
  • Article 17 (erasure) - Settings → Danger zone deletes the account, the underlying bytes (sources, blobs, embeddings, sessions), and your voice model.
  • Article 20 (portability) - Settings → Export delivers a JSON archive of every capture and lens transcript.
  • Article 21 (object) - you may object to processing based on legitimate interest.
  • Data-subject requests are answered within 30 days (Art. 12). Internal target: 7 days. Submit one at /contact or via privacy@mindola.ai.

10. International transfers

Hosting and primary processing are in the EU (Vercel + Neon EU regions). Where data leaves the EEA (e.g. for inference at a US LLM provider), transfers are covered by the European Commission's Standard Contractual Clauses and, where applicable, the UK IDTA.

11. Cookies + tracking

A summary lives here; the canonical, per-cookie disclosure (name, purpose, lifetime, party) is in the cookies section below - that's the section linked from the consent banner.

First-party (always set): a session cookie, a CSRF token, a theme preference, and a per-session signed conversation cookie on the visitor lens so a chat persists across refresh - "Start new conversation" wipes it. None of these track you across other sites.

Third-party (only after you accept): Google Analytics 4 (cookies _ga, _ga_*, lifetime up to 2 years) for aggregate site analytics. GA is loaded under Google's Consent Mode v2 with analytics_storage defaulting to denied, IP anonymisation enabled, and is only initialised if you click Accept on the cookie banner. Reject and no GA cookies are set. See the subprocessors section for the legal basis and transfer mechanism. No pre-checked consent boxes - EDPB guidance forbids them.

12. Security + breach notification

See the security page for the technical measures. If we discover a personal-data breach we will notify the Dutch Autoriteit Persoonsgegevens within 72 hours (Art. 33) and the affected individuals without undue delay where the breach is likely to result in high risk (Art. 34).

13. Reporting abuse or illegal content

Notice-and-action under DSA Art. 16: send a report through /report or copyright@mindola.ai for IP claims. We acknowledge within 24 hours and act within 5 business days for valid reports.

14. Changes

When this policy changes materially we'll bump the "last updated" date and email everyone whose account is affected. Older versions are kept in our git history.

15. Complaints

You have the right to lodge a complaint with the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl) or your local supervisory authority.

Data Processing Addendum

The contract that governs how Mindola processes personal data on your behalf - required by GDPR Article 28 for anyone using Mindola in a business capacity.

DPA · 0. Quick read

  • You are the data controller. Mindola is the data processor.
  • We process personal data only on documented instructions from you.
  • Hosting is in the EU (Vercel + Neon EU regions). Where data leaves the EEA, transfers are covered by the European Commission's Standard Contractual Clauses and (where applicable) the UK IDTA.
  • We use a small list of subprocessors and give you 30 days' notice before adding a new one.
  • We assist you with data-subject requests, security incidents, and DPIAs.
  • On termination we delete or return all personal data within 30 days.

DPA · 1. Subject and duration

This DPA forms part of your subscription agreement with Mindola. It applies for as long as we process personal data on your behalf and survives termination for the period needed to delete or return the data.

DPA · 2. Nature, purpose, and categories

We process personal data you submit to the service for the purpose of providing Mindola: hosting, indexing, model inference, voice playback, analytics, and abuse prevention. Categories of data subject include you (the customer), your team members, and the visitors who ask your lenses.

Categories of personal data:

  • Account identifiers (email, name, password hash).
  • Content you upload (captures, files, URLs).
  • Biometric data - voice samples used to clone the owner's voice. Special-category data under GDPR Art. 9.
  • Visitor data - chat messages, optional voice transcripts, pseudonymous session identifiers, IP, user agent.

DPA · 3. Our obligations as processor

  • Process personal data only on your documented instructions.
  • Bind everyone with access to confidentiality obligations.
  • Implement appropriate technical and organisational measures (see the security page).
  • Notify you without undue delay (and in any case within 48 hours) of any personal-data breach. We notify the Dutch Autoriteit Persoonsgegevens within 72 hours where the breach concerns personal data we process as joint controller (Art. 33), and assist you with your own Art. 33 notification where you are the controller.
  • Help you respond to data-subject requests under GDPR Arts. 12-22.
  • On termination, delete or return all personal data within 30 days unless EU or member-state law requires retention.

DPA · 4. Subprocessors

The current list of subprocessors lives in the subprocessors section below and includes Vercel, Neon, OpenAI, Anthropic, ElevenLabs, Stripe, PostHog, and Sentry, with locations and purposes.

We will email you 30 days before adding a new subprocessor. If you object on reasonable, documented grounds, you may terminate the affected service for a pro-rated refund.

DPA · 5. International transfers

Where data leaves the EEA, transfers are covered by:

  • European Commission Standard Contractual Clauses (Module 2 or Module 3, as applicable);
  • UK International Data Transfer Addendum where transfers touch UK data;
  • Supplementary measures where appropriate (encryption in transit and at rest, contractual restrictions on government access).

The "no training on customer data" commitment is contractual with every model vendor (OpenAI, Anthropic, ElevenLabs). Their DPAs are on file.

DPA · 6. Special-category data (Art. 9)

Voice biometric data is processed only when the owner has signed the standalone voice consent form. We do not process health, racial, religious, political, sexual-orientation, or trade-union data as a normal part of the service. If any such data appears in captures, we process it as instructed and delete it on request.

DPA · 7. Retention

  • Account data: for as long as the account is active, plus 30 days post-termination.
  • Captures + derived chunks/embeddings: until you delete them, or 30 days after account closure.
  • Voice samples: deleted after the model is trained; only the model ID is retained.
  • Visitor chat transcripts: configurable per lens. Default 12 months.
  • Voice-call audio: never persisted to disk. Streamed only.
  • Backups: 30-day rolling window, then purged.

DPA · 8. Audits

You can request our latest internal security report once per year. On-site audits are available for enterprise contracts with reasonable notice; remote audits via our compliance lead are available for any customer on request.

DPA · 9. Joint-controller scope (where applicable)

For certain processing - abuse prevention, fraud detection, aggregate analytics - Mindola acts as a joint controller. We rely on legitimate interest (Art. 6(1)(f)) for those purposes and document them in our internal Records of Processing Activities (Art. 30).

DPA · 10. Signing

For most customers, accepting our terms and using the product constitutes acceptance of this DPA. If your procurement requires a countersigned PDF, mail security@mindola.ai and we'll send one.

Subprocessors

The authoritative list of vendors that touch your data. We email customers 30 days before adding a new subprocessor and they can object on documented grounds.

Vendor Purpose Region DPA
Vercel Inc. Application hosting + edge runtime EU (Frankfurt, Paris) Signed; SCC where applicable
Neon, Inc. Managed Postgres + pgvector storage EU (Frankfurt) Signed
OpenAI, L.L.C. LLM inference for chat answers US (no-training-on-input API agreement) Signed; EU SCC Module 2 on file
Anthropic PBC LLM inference for chat answers US (no-training-on-input API agreement) Signed; EU SCC Module 2 on file
ElevenLabs, Inc. Voice cloning + TTS playback US/EU instance Signed; EU SCC Module 2 + UK IDTA on file
Stripe, Inc. Payments, billing, VAT remittance via Stripe Tax US/EU dual-region Signed; EU SCC on file
Google Ireland Limited (Google Analytics 4) Aggregate site analytics, gated by consent (Consent Mode v2); IP anonymisation enabled EU servers; Google may transfer to US under SCCs Google Ads Data Processing Terms on file; EU SCCs apply
Functional Software, Inc. (Sentry) Error monitoring (no message content) EU (Frankfurt) Signed
AWS S3 (via Vercel Blob) Object storage for uploads EU Inherited via Vercel
Resend Transactional email (verifications, receipts) EU + US Signed; SCC on file

What "no training on input" means in practice

Every model vendor on this list (OpenAI, Anthropic, ElevenLabs) has a signed API agreement that excludes customer content from any training corpus. We never use the consumer-facing products. If a vendor changes its training policy in a way that breaks this commitment, they come off the list - and you get 30 days' notice before any replacement.

How to object to a new subprocessor

When we email you about a new subprocessor, you have 30 days to object on documented grounds. If we can't address the objection (e.g. the new vendor is mission-critical), you may terminate the affected service for a pro-rated refund.

Reporting concerns

Mail privacy@mindola.ai with anything you'd like us to look into. We answer in plain English.

Cookie policy

The full cookie disclosure required under the ePrivacy Directive and the NL Telecommunications Act. Linked from the consent banner so the disclosure is one click away.

Cookies · 1. The short version

Mindola sets a small number of strictly necessary first-party cookies that are required for the site and the chat surface to function. Nothing in that category tracks you across other sites and nothing in it requires consent under ePrivacy Art. 5(3) NL Telecommunicatiewet Art. 11.7a.

We additionally load Google Analytics 4 as an optional analytics cookie, and only after you click Accept on the consent banner. If you click Reject, or never interact with the banner, no GA cookies are set.

Cookies · 2. Strictly necessary cookies (always set)

These cookies don't require consent - they're what's needed for the service to work. Removing them via your browser will break sign-in, theme persistence, and conversation continuity.

NamePurposeLifetimeParty
mindola_session Keeps you signed in to the dashboard. Session / 30 days if "remember me" First-party
mindola_csrf Prevents cross-site request forgery on form submissions. Session First-party
mindola_theme Remembers your light/dark theme choice. 1 year First-party
mindola_chat Signed identifier so a visitor's conversation on a lens persists across page refresh. Cleared by "Start new conversation". Session First-party
mindola-consent-v1 (localStorage, not a cookie) Records your choice on the cookie banner so we don't ask again. Until cleared First-party

Cookies · 3. Analytics cookies (only after you accept)

We use Google Analytics 4 to understand which pages people find useful and where they fall off. GA is loaded under Google's Consent Mode v2 with analytics_storage defaulting to denied; it only initialises if you click Accept on the banner. IP anonymisation is enabled.

NamePurposeLifetimeParty
_ga Distinguishes unique users. 2 years Third-party (Google)
_ga_<container> Persists session state for the GA4 property. 2 years Third-party (Google)

Legal basis: consent under ePrivacy Art. 5(3) and GDPR Art. 6(1)(a). Processor: Google Ireland Limited, with EU data residency requested. International transfers to the US are covered by Standard Contractual Clauses; see the subprocessors section for the full chain.

Cookies · 4. What we don't use

  • No advertising cookies. No retargeting, no ad networks, no conversion pixels.
  • No social-media tracking pixels (Meta, LinkedIn, X, TikTok).
  • No fingerprinting beyond the standard request metadata (IP, user agent) we need for security and abuse prevention.
  • No pre-checked consent boxes. EDPB guidance forbids them and so do we.

Cookies · 5. Changing your mind

You can withdraw consent at any time:

  • From the banner: clear the mindola-consent-v1 entry in your browser's site data for mindola.ai; the banner will reappear on next visit.
  • From your browser: delete the _ga and _ga_* cookies, or block third-party cookies for our domain entirely.
  • Browser-level opt-out: most modern browsers offer "Do Not Track" / "Global Privacy Control" signals. We honour GPC where the browser sends it - analytics stays denied even if you previously accepted.

A dedicated in-app "Cookie settings" toggle is on the roadmap; until then the methods above are the canonical paths.

Cookies · 6. Changes to this policy

If we add a new cookie or change a processor, we'll update this section and surface the banner again so you can re-consent. The "last updated" date at the top reflects the most recent material change.

Cookies · 7. Contact

Questions about cookies, GA, or consent: privacy@mindola.ai. You also have the right to lodge a complaint with the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).