This notice describes how MindPath BI (“we,” “us”) collects, uses, and shares personal information when you use our customer-service platform, and explains your privacy rights.
For privacy questions or to exercise your rights, email josef@mindpathbi.com.
Depending on how you use the service, we may process:
- Conversation and thread data — messages, subjects, channels, timestamps, and related metadata associated with customer conversations (email, chat, or messaging threads).
- Contact and account information — names, email addresses, phone numbers, job titles, channel identifiers, tags, and similar fields used to identify and serve customers.
- Usage data — information about how the product is used (feature usage, session and audit events needed for security and operations), consistent with your organization’s configuration.
- AI interaction data — content submitted to AI-assisted features (Copilot, summaries, suggested replies, classification), plus technical metadata needed to run those features safely and improve quality where permitted by contract and law.
- Integration credentials — OAuth tokens and API keys for third-party services you connect, stored encrypted at rest.
We collect this data from you, your organization, connected integrations you or your admin authorize, and automated systems (message ingestion and AI processing pipelines).
We use personal information to:
- Deliver the service — operate accounts, routing, inbox, Client 360, workflows, notifications, and integrations.
- Provide AI-assisted customer service — generate summaries, drafts, routing hints, and similar assistive outputs grounded in your organization’s data and settings.
- Analytics and improvement — understand product usage and reliability in aggregate or per-tenant ways as configured.
- Send service-related notices — deliver transactional emails, support messages, and security alerts.
- Comply with legal obligations — respond to lawful requests, enforce our terms, and protect rights and safety.
We do not use your data to run third-party advertising for unrelated companies. We process data as described in our agreements with your organization and as required by applicable law.
For users in the European Economic Area, United Kingdom, and Switzerland, we process personal data on the following legal bases:
| Activity | Legal basis | GDPR art. |
|---|---|---|
| Service delivery (inbox, Client 360, workflows) | Performance of contract | Art. 6(1)(b) |
| AI-assisted features (Copilot, classification, summaries) | Performance of contract | Art. 6(1)(b) |
| Account and billing management | Performance of contract | Art. 6(1)(b) |
| Security monitoring and audit logs | Legitimate interest (security) | Art. 6(1)(f) |
| Product analytics (aggregate) | Legitimate interest (improvement) | Art. 6(1)(f) |
| Tax, legal, and regulatory compliance | Legal obligation | Art. 6(1)(c) |
| Marketing communications (if applicable) | Consent | Art. 6(1)(a) |
- We do not sell your personal information.
- We may use subprocessors (hosting, email delivery, AI providers, observability tools) strictly to provide the service. Categories are disclosed on our Subprocessors page; the detailed list is shared under NDA with customers under contract.
- We do not share your data with third parties for advertising purposes.
- We may disclose information if required by law or to protect rights, safety, and security.
- Primary processing: application data is hosted in the European Union.
- US subprocessors: where a subprocessor is located in the United States, transfers are governed by the EU Standard Contractual Clauses.
- AI processing: AI inference may be processed in the US or EU; the provider’s data-processing terms apply.
- We do not currently participate in the EU-US Data Privacy Framework (DPF). This section will be updated if certification is obtained.
- For full transfer details, see our DPA.
This website uses privacy-friendly, anonymous analytics. It does not use advertising cookies, does not collect personal information, and does not track you across websites.
The MindPath BI application uses only essential session cookies required for authentication. We do not use advertising cookies, cross-site tracking, or fingerprinting on any of our properties.
Do Not Track: we do not respond to “Do Not Track” browser signals because no uniform standard for processing these signals has been adopted. Regardless, our tracking practices are minimal as described above.
Depending on where you live, you may have the following rights:
| Right | GDPR | Description |
|---|---|---|
| Access | Art. 15 | Understand what data we hold about you. |
| Rectification | Art. 16 | Request correction of inaccurate personal data. |
| Erasure | Art. 17 | Request deletion, subject to legal and contractual limits. |
| Restriction | Art. 18 | Request restriction of processing in certain circumstances. |
| Portability | Art. 20 | Receive certain data in a structured, machine-readable form. |
| Object | Art. 21 | Object to processing based on legitimate interest. |
To exercise your rights, email josef@mindpathbi.com or use the in-product privacy tools your organization enables. We may need to verify your identity and coordinate with your organization’s administrator.
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides additional rights.
| Category | Sources | Business purpose | Sold? |
|---|---|---|---|
| Identifiers (name, email, phone) | You, your organization, integrations | Service delivery, account management | No |
| Commercial information (orders, invoices via ERP sync) | Connected integrations | Client 360, business context for support | No |
| Internet / electronic activity (usage, audit logs) | Automated collection | Security, operations, analytics | No |
| Inferences (classification, sentiment, urgency) | AI processing pipelines | AI-assisted customer service | No |
Your California rights include:
- Right to know — request the categories and specific pieces of personal information we hold.
- Right to delete — request deletion, subject to legal and contractual exceptions.
- Right to correct — request correction of inaccurate personal information.
- Right to opt-out of sale — we do not sell personal information.
- Right to limit use of sensitive information — we use sensitive information only as needed to provide the service.
- Non-discrimination — we will not discriminate against you for exercising any of these rights.
- Authorized agent — you may designate an authorized agent to make requests on your behalf; we may require verification.
The service is not directed to persons under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have, we will take steps to delete it promptly.
Our platform integrates with third-party services (email, messaging, ERP, and similar). When you connect these services:
- We only request permissions necessary for the features you use.
- You can disconnect any integration at any time from your settings page.
- Your use of those integrations is also subject to the respective third-party terms of service.
We implement industry-standard security measures including:
- Encryption of sensitive credentials at rest.
- HTTPS for all data in transit.
- Signature verification for inbound webhook payloads.
- Role-based access control and multi-tenant data isolation.
We retain your data for as long as your account is active or as needed to provide services. Upon termination the data enters a staged deletion lifecycle. Full schedules are documented in our DPA.
You may submit a data subject access request (DSAR) for access, deletion, rectification, or portability. Our response targets:
- Acknowledgment: within 3 business days.
- Completion: within 30 days for standard requests.
- If an extension is needed, we will communicate before day 30 where legally allowed.
We may update this notice from time to time. The “Last updated” date at the top will change when we do; material changes may be communicated through the product or your organization.
Questions about this notice go to josef@mindpathbi.com.