Privacy Policy

1. Information We Collect

We collect information that you provide directly to us, including:

• Account information: name, email address, and organization details when you create an account.
• Communication data: messages, emails, and attachments processed through our platform from connected services (e.g., Gmail, Outlook, WhatsApp Business).
• Integration credentials: OAuth tokens and API keys for third-party services you connect, stored encrypted at rest.
• Usage data: log data, device information, and analytics to improve our services.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our platform and services.
• Process and route communications from your connected channels.
• Provide AI-powered features such as suggested replies and contact insights.
• Send you service-related notices and support messages.

3. Analytics & Cookies

This website uses Vercel Web Analytics, a privacy-friendly analytics service provided by Vercel Inc. Vercel Analytics collects anonymous, aggregated page-view data to help us understand how visitors use the site. It does not use cookies, does not collect personal information, does not track you across websites, and is fully compliant with GDPR, CCPA, and PECR without requiring a cookie consent banner.

The MindPath BI application (app.mindpathbi.com) uses only essential session cookies required for authentication. We do not use advertising cookies, cross-site tracking, or fingerprinting on any of our properties.

4. Third-Party Integrations

Our platform integrates with third-party services including Meta (WhatsApp Business), Google (Gmail), Microsoft (Outlook), and others. When you connect these services:

• We only request permissions necessary for the features you use.
• We do not sell or share your data with third parties for advertising purposes.
• You can disconnect any integration at any time from your settings page.

5. Data Security

We implement industry-standard security measures including:

• Encryption of sensitive credentials at rest using Fernet symmetric encryption.
• HTTPS for all data in transit.
• HMAC-SHA256 signature verification for webhook payloads.
• Role-based access control for organization data.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. You can request deletion of your data by contacting us.

7. Your Rights

You have the right to:

• Access, correct, or delete your personal data.
• Disconnect third-party integrations and revoke access tokens.
• Export your data in a standard format.
• Opt out of non-essential data processing.

8. Contact Us

If you have questions about this Privacy Policy, please contact us at mindpathbi@proton.me.