Privacy Policy

1.1 Purpose of Policy

This Privacy Policy ("Policy") governs how MindMax Limited ("MindMax," "us," "our," or "MindMax"), a company registered at 71–75 Shelton Street, London, WC2H 9JQ, collects, processes, stores, and protects personal data when you use our website, mobile application, AI-driven tutor interface, podcast generation tools, and related functionalities (collectively, the "Services"). This Policy outlines our practices to ensure transparency and compliance with applicable data protection laws.

1.2 Scope

This Policy applies to all personal data collected through the Services, whether provided voluntarily by you or automatically collected during your interaction with the Services. By using the Services, you consent to the data practices described herein.

1.3 Global Applicability

MindMax operates globally, and this Policy is designed to comply with international data protection laws, including but not limited to the General Data Protection Regulation (GDPR) for European Union residents, the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian residents, and other applicable jurisdictions.

2.1 Personal Data

We may collect the following personal data that directly or indirectly identifies you:

• Contact information, such as your name, email address, and phone number;
• Account details, including usernames, passwords, and account preferences;
• Payment information, such as credit card details or billing information (if applicable); and
• User-generated content, including prompts, responses, or other inputs provided to the Services.

2.2 Technical Data

We automatically collect technical data about your device and interaction with the Services, including:

• Device type, operating system, and browser type;
• Internet Protocol (IP) address and device identifiers;
• Crash logs and diagnostic data; and
• Geolocation data (if enabled by you).

2.3 Usage Data

We collect data about how you use the Services, including:

• Interaction history, such as pages visited, features used, and AI-generated content accessed;
• Prompt usage and podcast generation activities; and
• Time spent on the Services and frequency of use.

3.1 Lawful Grounds

We process your personal data under the following legal bases, as applicable:

• Consent: Where you have explicitly consented to the processing of your data for specific purposes, such as personalized content delivery;
• Contractual Necessity: To fulfill our obligations under a contract with you, such as providing access to the Services;
• Legal Obligation: To comply with applicable laws, regulations, or legal processes; and
• Legitimate Interests: To pursue our legitimate interests, such as improving the Services, enhancing security, or conducting analytics, provided such interests are not overridden by your rights and freedoms.

3.2 Withdrawal of Consent

Where consent is the basis for processing, you may withdraw your consent at any time by contacting us at support@mindmax.it. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

4.1 Use of Data

We process your personal data for the following purposes:

• To provide, maintain, and operate the Services, including AI-generated educational content and podcast creation;
• To personalize your learning experience, such as tailoring AI tutor responses or podcast recommendations;
• To communicate with you, including sending service-related updates, notifications, or promotional materials (where consented);
• To improve the functionality, performance, and security of the Services;
• To analyze usage trends and conduct research to enhance user experience;
• To process payments and manage subscriptions (if applicable); and
• To comply with legal and regulatory obligations, including responding to legal requests.

4.2 Automated Processing

Certain features of the Services, such as AI-driven content generation, involve automated decision-making to provide personalized outputs. Such processing is necessary to deliver the core functionality of the Services and is conducted in accordance with applicable data protection laws.

5.1 Third-Party Service Providers

We may share your personal data with trusted third-party service providers who assist in operating the Services, including:

• Cloud hosting and storage providers;
• Analytics and crash reporting services;
• Payment processors for subscription or payment-related services; and
• Customer support and communication platforms.

These providers are contractually obligated to protect your data and process it only on our behalf.

5.2 Legal and Regulatory Disclosures

We may disclose your personal data to comply with legal obligations, such as responding to court orders, subpoenas, or requests from government authorities, or to protect the rights, property, or safety of MindMax, its users, or others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred to the acquiring entity, subject to appropriate safeguards and notification where required by law.

5.4 No Sale of Data

MindMax does not sell, rent, or trade your personal data for monetary gain. Any sharing is strictly for operational or legal purposes as outlined herein.

6.1 Global Operations

As a global service provider, MindMax may process or store your personal data in jurisdictions outside your country of residence, including but not limited to the United States, Canada, and the European Union.

6.2 Data Protection Safeguards

We implement appropriate safeguards to ensure that international data transfers comply with applicable data protection laws, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Binding Corporate Rules (where applicable);
• Data protection agreements with third-party processors; and
• Compliance with frameworks such as the EU-U.S. Data Privacy Framework (DPF) or equivalent mechanisms.

6.3 User Notification

Where required by law, we will notify you of international data transfers or provide you with the opportunity to consent to such transfers.

7.1 Use of Cookies

We use cookies and similar tracking technologies (e.g., web beacons, pixel tags) to:

• Store your preferences and login information;
• Facilitate navigation and functionality of the Services;
• Collect analytics data to improve performance; and
• Monitor and report crashes or technical issues.

7.2 Cookie Management

You may manage or disable cookies through your browser settings. However, disabling cookies may affect the functionality of certain features of the Services.

7.3 Third-Party Analytics

We may use third-party analytics tools (e.g., Google Analytics) to collect and analyze usage data. These tools may use cookies or other tracking technologies, subject to their respective privacy policies.

8.1 Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy or to comply with legal obligations. Retention periods vary based on the type of data and applicable laws.

8.2 Data Deletion

Upon request or when data is no longer needed, we will securely delete or anonymize your personal data, subject to any legal retention requirements (e.g., tax or audit purposes).

9.1 User Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Obtain a copy of your personal data held by us;
• Right to Rectification: Correct inaccurate or incomplete personal data;
• Right to Erasure: Request the deletion of your personal data ("right to be forgotten");
• Right to Restrict Processing: Limit the processing of your data under certain circumstances;
• Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format;
• Right to Object: Object to processing based on legitimate interests or direct marketing; and
• Right to Withdraw Consent: Withdraw consent for data processing at any time, without affecting the lawfulness of prior processing.

9.2 Exercising Your Rights

To exercise these rights, contact us at support@mindmax.it. We will respond to your request within the timeframes required by law (e.g., 30 days under GDPR). We may require identity verification to process your request.

9.3 Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your jurisdiction, such as the Information Commissioner's Office (ICO) in the UK or the Office of the Privacy Commissioner in Canada.

10.1 Age Restrictions

The Services are not intended for children under thirteen (13) years of age or the minimum age required by applicable law in your jurisdiction. We do not knowingly collect personal data from children under this age.

10.2 Parental Consent

If we become aware that we have inadvertently collected personal data from a child under the applicable age without verifiable parental consent, we will take steps to delete such data promptly.

11.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest;
• Access controls and authentication protocols;
• Regular security assessments and monitoring; and
• Staff training on data protection practices.

11.2 Limitations

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security and shall not be liable for unauthorized access beyond our reasonable control.

12.1 Policy Updates

We may update this Policy periodically to reflect changes in our practices, legal requirements, or the functionality of the Services. Updates will be posted on our website or within the Services with an updated effective date.

12.2 Notification of Changes

Significant changes to this Policy will be communicated to you via email or prominent notice within the Services, where required by law. Your continued use of the Services after such changes constitutes your acceptance of the updated Policy.

13.1 Inquiries

For questions, concerns, or requests regarding this Policy or our data practices, please contact:

13.2 Data Protection Officer

Our designated Data Protection Officer can be reached at the above email address for matters related to data protection compliance.