Mindex logo

Mindex

Privacy Policy

Privacy Policy (Account Creation)

How we collect and safeguard personal data while creating and maintaining your account.

Last updated: 28 Feb 2025 · Version 2025-03

1. Introduction
This Privacy Policy explains how Mindex UG (haftungsbeschränkt) ("Mindex") processes personal data when you create and maintain an account. It supplements our German-language Datenschutzerklärung and applies globally.

2. Data Controller & Contact
Mindex UG (haftungsbeschränkt), [Street, Number], [Postal Code] [City], Germany.
Email: privacy@mindex.app. Contact our Data Protection Officer at dpo@mindex.app.

3. Personal Data We Collect During Account Creation

  • Identification data: first and last name, display name, locale.
  • Contact data: email address, optional secondary email, organisation name.
  • Authentication data: hashed password, OAuth provider tokens, MFA secrets.
  • Device and technical data: IP address, timestamp, referrer, browser/OS metadata captured by Firebase Authentication.
  • Optional onboarding inputs: intended use case, workspace preferences, consent choices.

4. Purpose & Legal Basis
We use this data to create your account, secure sign-in, prevent abuse, communicate onboarding information, and comply with statutory obligations (Art. 6(1)(b), (c), (f) GDPR). Optional marketing or beta invitations rely on consent (Art. 6(1)(a) GDPR / §7 UWG).

5. Sharing & International Transfers
We rely on processors such as Google Firebase (authentication, hosting), Stripe (billing), and Intercom/Zendesk (support). Data may be transferred to the United States under EU Standard Contractual Clauses with supplementary technical measures. We never sell personal data.

6. Retention
Account data is retained as long as your account is active. When you delete your account, usage logs are anonymised within 30 days and profile data is removed within 90 days unless legal retention duties require a longer period.

7. Your Rights
Depending on your jurisdiction, you may request access, rectification, erasure, portability, restriction, object to processing, or withdraw consent. EU/EEA residents may lodge complaints with their supervisory authority. California residents can exercise CCPA/CPRA rights via privacy@mindex.app.

8. Security
We use TLS encryption, salted password hashing, device-based anomaly detection, role-based access controls, and continuous monitoring to protect your data.

9. Updates
Material changes are announced via email or in-app notices at least 30 days before they take effect.

Legal

Legal NoticePrivacy Notice (EU)Terms & ConditionsPrivacy Policy
    Privacy Policy | Mindex