Last updated: June 25, 2026
This Privacy Policy explains how mindyOne ("mindyOne", "we", "us", or "our") collects, uses, shares, and protects personal data when you use our AI-powered business page platform and related websites, applications, and services (collectively, the "Service"). It also describes the rights you have over your personal data and how to exercise them.
Please read this Policy alongside our Terms of Service. By using the Service, you acknowledge the practices described here.
mindyOne is a multi-tenant software-as-a-service platform that gives small and medium-sized businesses an AI-powered, hosted micro-site reachable via a link and QR code. This Policy applies to two groups of people:
/[slug]) who chat with the AI assistant or book appointments without creating an account.If you have questions about this Policy or our data practices, contact us at privacy@mindyone.com.
Our role under data-protection law (such as the EU/UK GDPR) depends on whose data is involved:
Where mindyOne acts as a processor, we process end-customer data only to provide the Service to the business owner and in line with our agreement with them.
a. Information you provide directly
b. End-customer data (collected on behalf of business owners)
c. Billing information
d. Information collected automatically
We use the information described above to:
We do not sell your personal data, and we do not use end-customer chat or booking content for advertising.
If you are in the European Economic Area or the United Kingdom, we process personal data under one or more of the following legal bases:
The Service uses third-party large-language-model and embedding APIs (currently OpenAI) to generate chat responses, classify intent, detect language, and create vector embeddings of knowledge-base content. When the AI answers a customer's question, the relevant message and retrieved business content are sent to the AI provider to generate a response.
Our AI provider processes this data under its API terms and does not use data submitted through its API to train its models. AI-generated answers can be imperfect; they do not constitute professional advice, and business owners are responsible for the information made available through their pages. The AI assistant performs no automated decision-making that produces legal or similarly significant effects about you.
We do not sell personal data. We share data only with service providers ("subprocessors") that help us run the Service, each bound by contractual confidentiality and data-protection obligations:
| Provider | Purpose |
|---|---|
| Supabase | Database hosting, authentication, and file storage |
| OpenAI | AI chat responses, intent/language detection, and embeddings |
| Resend | Transactional email delivery |
| Vercel | Application hosting, deployment, and edge delivery |
| Lemon Squeezy | Subscription billing as Merchant of Record (card processing) |
| Stripe | Customer deposit payments, when enabled by a business |
| Upstash | Redis-based rate limiting and abuse prevention |
We may also disclose data when required by law, to enforce our agreements, to protect the rights, safety, and security of our users or the public, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you of any change in control of your personal data).
Our subprocessors may process data in countries outside your own, including the United States. Where personal data is transferred out of the EEA or the UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or an adequacy decision, so that your data remains protected.
We use only the cookies and local storage strictly necessary to operate the Service. We do not use advertising or cross-site tracking cookies.
mindy_lang_<slug>) and to remember an email's booking-verification trust within the same browser (e.g., mindy_trust_<slug>_<email>) so a verified customer isn't asked to re-verify unnecessarily.We retain personal data for as long as needed to provide the Service and for the purposes described in this Policy. Specific retention windows by data category are defined in our Data Retention Policy. Key windows:
We implement industry-standard technical and organizational measures to protect personal data, including encrypted connections (TLS), row-level security on database tables to isolate each tenant's data, hashed credentials, scoped access controls, and signed, expiring tokens for sensitive customer actions (such as managing a booking). No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work continuously to protect your data.
Depending on where you live, you may have some or all of the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@mindyone.com. We will respond within the timeframe required by applicable law. If you are an end customer of a business that uses mindyOne, please direct your request to that business (the controller of your data); we will assist them as needed. You also have the right to lodge a complaint with your local data-protection authority.
The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
If a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals without undue delay and in accordance with applicable law.
The Service may contain links to third-party websites or services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy policies.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
For privacy questions, data requests, or to exercise your rights, contact us at privacy@mindyone.com. For general support, contact support@mindyone.com.