Privacy Policy

This Privacy Policy (“Privacy Policy”) applies to your access and/or use of the MiroMind services (“Services”)provided by MiroMind, Inc. By accessing and/or using any Services, or clicking "Agree"on the account registration screen, you agree and consent to MiroMind, Inc. and its related corporations (collectively, the "Companies") as well as their respective representatives and agents ("Representatives") (the Companies and Representatives collectively referred to as “we”, “us”,“our” or “MiroMind” hereinafter) collecting, using, disclosing, and/or sharing your personal data, and disclosing your personal data to our authorized service providers and relevant third parties in the manner and for any of the purposes set forth in this Privacy Policy.

When we offer the Services in the European Economic Area (“EEA”), we are subject to the European Union’s General Data Protection Regulation (“GDPR”), which applies across the entire European Union.

If you do not agree with the terms of this Privacy Policy, you must not access or use any Services.

This Privacy Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your personal data, and any consents you may have provided in connection with this Privacy Policy are cumulative and additional to any rights which we may have under applicable law to handle or process your personal data.

Unless otherwise specified, the Privacy Policy does not apply to any products and/or services provided by any third party independently through our Services, such as the products or websites displayed as your search results or other websites linked via our Services. We are not responsible for the privacy practices of third parties. If you access or use any third party products or services, you should check the applicable third party privacy policy to determine how they will handle any personal data you provide to them or which they collect from you. We are not responsible for any third party’s improper use or disclosure of any personal data.

I. Collection of Personal Data

1. Personal Data You Provide Directly

• Account Information: When you create a MiroMind account or request service information, we collect identifiers such as your name, email address, phone number, and system-generated IDs.

• User Content: Inputs you provide ("Inputs") and corresponding AI-generated Outputs ("Outputs")may contain personal data if included in your submissions. This applies equally to integrations with third-party applications.

• User Feedback: Improvement suggestions, and related conversation histories are stored when you provide feedback.

• Communications: Correspondence via support channels is retained, including contact details and message content.

2. Automatically Collected Technical Data

• Device/Connection Metadata: With appropriate permissions, we receive:

  • Device specifications (type, OS, browser)

  • Network information (ISP, mobile carrier, IP-derived approximate location)

  • Unique identifiers (device/advertising IDs)

• Usage Analytics: Service engagement metrics including:

  • Access timestamps

  • Navigation paths (clicked links, viewed pages)

  • Feature utilization patterns

• System Logs: Diagnostic data for troubleshooting:

  • Error reports with timestamps

  • Application state during incidents

  • Related user-provided context

• Tracking Technologies: Cookies and similar tools (see our Cookie Policy) enable:

  • User recognition

  • Experience personalization

  • Service optimization

  • Targeted communications

3. Model Training Data Sources
To develop our AI models, we responsibly aggregate data from:

• Publicly available internet sources

• Commercially licensed third-party datasets

• User-contributed and crowd worker-sourced materials

• Internally generated synthetic data

II. How Do We Use Your Personal Data

We process your personal data for the following purposes:

1. Service Provision & Account Management

• To deliver, maintain, and improve our products and services in accordance with our Terms of Service.

• To create and administer your MiroMind account.

• To facilitate payments for any premium services.

• Legal basis: performance of contract.

2. Communication & Support

• To contact you regarding service updates, security alerts, and promotional materials (where permitted).

• To respond to inquiries, troubleshoot issues, and provide customer support.

• Legal basis: performance of contract; legitimate interests.

3. Security & Compliance

• To detect, prevent, and investigate fraud, abuse, or violations of our policies.

• To comply with legal obligations and enforce our Terms of Service and Acceptable Use Policy.

• To protect the security and integrity of our systems and user data.

• Legal basis: legal obligation; legitimate interests.

4. Service Improvement & Research

• To debug errors, optimize performance, and enhance functionality.

• To conduct research and development for improving our AI models and services.

• Legal basis: legitimate interests.

5. Model Training (Limited Circumstances)
To enhance the performance, accuracy, and safety of our AI models, we may use de-identified Inputs and Outputs to train and refine our services. This processing is based on our legitimate interest in improving our technology.

You have the right to object to this usage at any time. You may exercise your right to opt-out of having your content used for model training by contacting us at legal@MiroMind.ai. Choosing to opt-out will not affect your access to the core features of our Services.

III. How Do We Use Cookies and Similar Technologies

1. Cookies and similar technologies we used

We may use cookies and similar technologies to gather information resulting from access and/or use of our Services. The technologies we use may include:

1.1 Cookies or Browser Cookies

Cookies are small text files stored in your computing or other electronic devices when you visit our website and platforms for record keeping purposes. Cookies can allow us to provide you with a personalised user experience, such as by allowing us to retrieve information which you previously provided us.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies may remain on your personal computer or mobile device across browsing sessions, while Session Cookies are generally deleted as soon as you close your web browser. We may use both Session and Persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies

Type: Session Cookies

Administered by: US

Purpose: These cookies are essential to provide you with our Services. They help to authenticate users and prevent fraudulent use of our Services. Without these cookies, we will not be able to provide you with the Services. We only use these Cookies to provide you with those services.

• Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: US

Purpose: These cookies identify if users have accepted the use of cookies on Services.

• Functionality Cookies

Type: Persistent Cookies

Administered by: US

Purpose: These cookies allow us to remember choices you make when you use our Services, such as remembering your login details or language preference. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use our Services.

In addition, we may also use cookie or similar tracking technologies to analyze trends, manage website, track user behavior on the Services, and better understand how users use our Services. We automatically collect certain information to analyze cumulative trends and manage our website. The aforementioned information may include Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), reference/exit pages, files you view on our website (such as HTML pages, graphics, etc.), operating system, date/time stamp and/or click-stream data.

1.2 Web Beacons.

Certain sections of our services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and understand how our Services are used (for example, to assess the popularity of certain pages and services) and to improve the performance and reliability of our Services.

2. Clear/disable cookies

You can turn on the cookie related functions or perform corresponding operations through methods to manage cookies or set cookie preferences in commonly used browser software disclosed below, and we will strictly follow your decision to use cookies and similar technologies.

Some functions of our services depend on cookies. If you do not consent to our use of cookies and similar technologies, or if you disable or delete cookies, some features of the Services may not operate as intended. You may wish to refer to the documentation provided by your web browser for information about how to manage your cookie preferences. We have included some links to documentation for commonly used browsers below for your convenience only and we disclaim all liability for the accuracy, reliability, and completeness of the information linked:

• Microsoft Internet Explorer

• Microsoft Edge

• Mozilla Firefox

• Google Chrome

• Safari for macOS

• Safari for iOS

3. More information about cookies

For more information about cookie and instructions on how to set up your browser to accept, delete or disable cookies, see www.allaboutcookies.org.

IV. How Do We Disclose Your Personal Data

We may disclose your personal data to the following categories of recipients:

MiroMind may disclose personal data to the following categories of recipients for the purposes outlined in this Policy:

1. Internal & Affiliated Entities

We share personal data within our corporate group and affiliated entities to provide, maintain, and improve our services.

2. Service Providers & Business Partners

We engage trusted third parties to assist with:

• Hosting and infrastructure

• Compliance and auditing

• Research and data processing

• Payment processing

• Customer support

3. Legal & Compliance Disclosures

We may disclose personal data when necessary:

• To comply with legal obligations (e.g., regulatory requests, tax reporting)

• To protect safety, rights, or property (e.g., fraud prevention, litigation)

• To enforce our Terms of Service or Acceptable Use Policy

4. Business Transfers

If MiroMind undergoes a merger, acquisition, or asset sale, personal data may be transferred as part of the transaction.

5. Third-Party Integrations

• Our services may include links or integrations with third-party platforms (e.g., social media, APIs).

• These services operate under their own privacy policies, and we do not control their data practices.

6. With Your Consent

We will share personal data with additional third parties only with your explicit permission.

V. How Your Personal Data May Be Transferred Globally

1. Depending on where you are located and the features of our Services which you access or use, your personal data may be transferred out of and processed outside of the jurisdiction in which you are located, such as to an affiliated company or third located overseas. These countries may have data protection laws that are different from the laws of your jurisdiction (and, in some cases, may not be as protective).

2. We generally provide the Services from Singapore. 

3. We take appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Policy and applicable laws and we only transfer your data overseas in accordance with applicable law and legally valid transfer mechanisms.

VI. How Do We Retain Your Personal Data

We retain personal data only as long as necessary for legitimate business needs or legal compliance, such as providing services, meeting tax/accounting requirements, resolving disputes, or enforcing agreements. In some cases (e.g., court orders or ongoing investigations), we may retain data even after account deletion. Once no longer needed, we securely delete or anonymize the data so it cannot identify you.

VII. How We Protect Your Personal Data

We implement industry-standard technical and organizational security measures to protect your personal data, including encryption (both in transit and at rest), a comprehensive Information Security Program, advanced malware protection, and robust access controls. However, no internet or wireless transmission can be 100% secure. While we employ reasonable safeguards, we cannot guarantee absolute security for your data, account, or devices. You are responsible for maintaining the confidentiality of your account password and any device security. By using our services, you acknowledge these inherent risks in data transmission and storage.

VIII. How Do We Process Children’s Personal Data

Our Services are not directed towards, and we do not knowingly collect, use, disclose, sell, or share any information about, children under the age of 18. If you become aware that a child under the age of 18 has provided any personal data to us while using our Services, please email us at legal@MiroMind.ai and we will investigate the matter and, if appropriate, delete the personal data.

IX. Your Rights to Your Personal Data

1. Depending on the jurisdiction in which you are residing, you may have the right to:

• 1.1 access your Personal Data and information relating to how it is processed;

• 1.2 erasure or delete your Personal Data;

• 1.3 update or correct your Personal Data;

• 1.4 data portability;

• 1.5 restrict or object to how we process your Personal Data;

• 1.6 withdraw your consent; and/or

• 1.7 make a complaint to the data protection agency in your country.

You can exercise some of these rights through your Services account. If you are unable to exercise your rights through your account, please submit your request to legal@MiroMind.ai. We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

X. How to Update the Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, regulatory, technical or business developments. Any changes to this Privacy Policy will be communicated by us updating the Privacy Policy accessible via the Services. The updated Privacy Policy will become immediately effective once updated or at such date as we may specify. We may also in our discretion provide notice to you changes to the Privacy Policy via such means as we deem appropriate, such as by email (sent to the e-mail address specified in your account) or by means of a notice via the Services prior to the change becoming effective. To the maximum extent permissible under applicable law, you agree to be bound by the prevailing terms of the Privacy Policy as modified from time to time. Please check back regularly for updated information on the handling of your personal data.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

XI. How to Contact Us

If you have any questions about this Privacy Policy, or have any questions, complaints or requests regarding your personal data, you can contact us via the contact details set out below:

• E-mail address: legal@MiroMind.ai

Please note that if your personal data has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and access and correction requests to us on your behalf.

You may withdraw your consent as provided for under the applicable law. However, if you withdraw your consent to any or all collection, use, and/or disclosure of your personal data for one or more purposes, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you, administer any contractual relationship already in place, or perform or conclude an existing or prospective agreement. This may also result in the termination of any agreements you have with us and/or you being in breach of your contractual obligations or undertakings. Our legal rights and remedies in such event are expressly reserved.

Data Processing Addendum

Last updated: 27th February 2026

DATA PROCESSING AGREEMENT

Last Updated January 19, 2025

This DPA supplements the Terms of Service and Acceptable Use Policy (the “Terms”) between Miromind, Inc. and its affiliates (the “Company”, “we”, “our” or “us”) and the user that has agreed to the Terms (“user(s),” “you,” or “yours”). Capitalized terms used, but not defined, in this DPA are defined in the Terms of Service.

If you are accessing the Services not for personal use (i.e. in connection with an organization, business, or other legal entity), this DPA will apply to you. If you are accessing the Services for personal use (i.e. not in connection with an organization, business, or other legal entity), or if you use personal data in registering an Account or a Team Member Account (each as defined in the Terms of Service) in accordance with Section 2.4 (User Account) of the Terms of Service, we will process personal data provided by you in accordance with our Privacy Policy. 

1. Nature of the Data and Role of the Parties 

   The rights and obligations in this DPA apply solely to the processing of personal data, “processing” and “personal data” each as defined by applicable privacy laws, for the provision of the Services by the Company on behalf of the user. For the purposes of this DPA, “User Data” shall mean any personal data incorporated in Your Content.

2. Data Processing

   2.1. Instructions. The Terms of Service and this DPA constitute user’s instructions to the Company to process User Data. The Company will use and process User Data as the user instructs in order to deliver the Services and to fulfill the Company’s obligations under the Terms and this DPA. The Company will inform the user of any legal requirement which prevents it from complying with the user’s instructions, unless prohibited from doing so by applicable law or on important grounds of public interest.

   2.2 Processing Activities. The Company, the Company’s personnel, and sub-processors (the “Sub-processors”) will only process User Data to provide the Services and to fulfill the Company's obligations in the Terms. For the avoidance of doubt, and except where prohibited by Section 2.4, such processing includes the use of de-identified or pseudonymized User Data for the purposes of training, improving, and calibrating the Company’s artificial intelligence and machine learning models , subject to the User’s right to opt-out as specified in Section 2.6. The categories of personal data to be processed by the Company and the processing activities to be performed under the Terms are set out in Exhibit A.

   2.3 Personnel. Any personnel of the Company who have access to User Data will be bound by appropriate confidentiality obligations.

   2.4 Standard Contractual Clauses (SCCs). Parties agree that for any transfer of User Data from the EEA/UK to the United States, the Standard Contractual Clauses (Module Two: Controller-to-Processor) approved by the European Commission (Decision 2021/914) are hereby incorporated by reference. 

   2.5 Supplementary Measures. The Company shall ensure that all User Data is encrypted both in transit (TLS 1.2+) and at rest (AES-256) to mitigate risks associated with third-party access in the destination country.

   2.6 AI Model Training and Opt-out. (a) De-identification: Before utilizing User Data for model improvement as described in Section 2.2, the Company shall implement technical and organizational measures to ensure that such data is de-identified or aggregated such that it can no longer be attributed to a specific data subject. (b) User Control: The Company shall provide a clear and accessible technical mechanism allowing Users to opt-out of the use of their User Data for generalized AI training purposes. Such opt-out will be honored without undue delay and will not affect the User’s ability to access the core Services.

3. Security

   3.1 Security Measures. The Company will implement the technical and organizational measures set forth in the Terms for the applicable Services.

   3.2 Security Incidents. The Company will promptly, and without undue delay, notify the user in writing at the email address associated with the Account if a Security Incident, as defined below, occurs, so long as applicable law allows this notice. Without limiting the foregoing, the Company will use commercially reasonable efforts to provide this notice within 72 hours of confirming the existence of a Security Incident. The Company may limit the scope of, or refrain from delivering, any disclosures to the extent reasonably necessary to avoid compromising the integrity of the Company's security, an ongoing investigation, or the data of any user or Team Member. “Security Incident” means any actual unauthorized disclosure of or access to User Data, or compromise of the Company’s systems that the Company determines is reasonably likely to result in such disclosure or access, caused by failure of the Company’s Security Measures and excluding any unauthorized disclosure or access that is caused by the user or its Team Members, including the user or its Team Members’ failure to adequately secure equipment or accounts.

   3.3 Notification. The Company will assist the user in ensuring compliance with its obligations pursuant to applicable privacy laws by providing relevant information which may include: (a) the nature of the Security Incident, including, where possible, the categories and approximate number of personal data records concerned; (b) the likely consequences of the Security Incident; (c) the measures taken or to be taken to address the Security Incident, including, where appropriate, the measures to mitigate its possible adverse effects; (d) the name and contact details of the Company personnel or other contact from whom more information may be obtained; and (e) justifications for any delay in notification. Should it not be feasible for the Company to provide all of the relevant information in its initial notification to the user, the Company will provide further relevant details without undue delay.

4. Sub-Processors 

   4.1.Company Use of Sub-Processors. The user consents to the Company’s appointment of Sub-processor to perform the Services. Where a Sub-processor will process personal data, the Company will ensure that the Sub-processor is subject to substantially similar data protection obligations as those set forth in this DPA regarding personal data and which satisfy the requirements of applicable privacy laws. The Company’s list of its current Sub-processors for the Services will be provided by the Company separately. The Company will remain liable for all acts or omissions of its Sub-processors and for any subcontracted obligations. 
   4.2.User Objections. The Company may add or remove Sub-processors from time to time. The Company will inform the user in advance of new Sub-processors for the applicable Services as described in the list of Sub-processors. If the user objects to a change, it will provide the Company with notice of its objection to legal@MiroMind.ai including reasonable detail supporting the user’s concerns within sixty days of receiving notice of a change from the Company or, if the user has not subscribed to receive this notice, within sixty days of the Company publishing the change. The Company will then use commercially reasonable efforts to review and respond to the user’s objection within thirty days of receipt of the user’s objection. The Company’s response to the user’s objection will include, at a minimum, reasonable accommodations, if any, that the user or the Company can take to limit or prevent a new Sub-processor from acting as a processor of User Data when the user makes use of the Services. If the Company does not respond to a user objection as described above, or cannot reasonably accommodate the user’s objection, the user may terminate the Terms by providing written notice to the Company: (a) within thirty days of receipt of a Company response that does not comply with this Section 4.2; or (b) if the Company fails to respond, within thirty days of the date the Company’s response was due.

   
   

5. Data Subject Rights

   The user is responsible for responding to any request by a data subject to exercise their rights under applicable privacy laws. If the Company receives any such request in relation to the User Data, the Company will direct the applicable data subject to the user to exercise their rights without undue delay after verifying the request pertains to User Data. The Company will provide the user with information or tools that are reasonably designed to enable the user to fulfill its obligations to respond to these requests through the functionality of the Services, taking into account the nature of the processing and insofar as this is possible.

6. Compliance Assistance

   To assist the user with its compliance obligations under applicable privacy laws related to security, data protection impact assessments, and prior consultation with supervisory authorities, the Company will make the following available during the Term: (a) the information contained in Exhibit A and (b) any applicable Security Measures and Security Resources set forth in the Terms. If, after reviewing the aforementioned materials, the user reasonably believes it needs further information in order to meet its compliance obligations, the Company will use commercially reasonable efforts to respond to written questions by the user regarding the materials. Without limiting the foregoing, the Company will comply with valid requests from relevant supervisory authorities to the extent required by applicable privacy laws.

7. Deletion

   The Company will delete stored User Data after the termination or expiration of the Terms and this DPA. Notwithstanding the foregoing, the user acknowledges and agrees that the Company may be a controller with respect to certain Account data and may retain this data in accordance with applicable laws, provided that the Company is solely responsible for its compliance with these laws in connection with its own processing.

8. Inspections

   8.1 User Review of Compliance. If the user reasonably believes it needs further information in order to confirm the Company’s compliance with the provisions of the Terms relating to User Data, the Company will use commercially reasonable efforts to respond to written questions by the user regarding the Company’s compliance.

   8.2 User Inspection. If the user is not satisfied with the Company’s responses to questions provided pursuant to Section 8.1 (User Review of Compliance), the Company will permit the user, or an agreed upon user representative, subject to appropriate confidentiality obligations, to visit the Company’s premises and discuss the Company’s responses with the Company personnel.

   8.3 Process for Inspections. The Company reserves the right to: (a) charge a separate fee for its reasonable costs associated with performing any of its obligations under this Section 8 (Inspections), provided that the Company will provide an estimate of these fees to the user prior to incurring the costs; or (b) object to any user representative participating in an inspection on the basis that they are not qualified, are not bound by an adequate requirement to protect confidential the Company information, or are a competitor of the Company. For user inspections pursuant to this Section 8.3 (Process for Inspections), the Company and the user will first mutually agree on the scope, timing, and duration of the inspection. The Company reserves the right to limit the scope and duration of an inspection to the extent reasonably necessary to avoid compromising the integrity of the Company’s security or any other users or Team Members’ data.

Effect of DPA

If a provision in this DPA conflicts with a provision in the Terms, then this DPA will control with respect to the processing of personal data. The Terms will remain in full force and effect and will be unchanged except as modified by this DPA. This DPA will terminate automatically upon expiration or termination of the Terms.

EXHIBIT A 

DETAILS OF PROCESSING

1. Subject Matter of the Personal Data Processing 

   The provision of the Services by the Company to the user.

2. Duration of the Personal Data Processing

   The duration of the Terms.

3. Nature and Purpose of the Personal Data Processing

   To enable the user to receive and the Company to provide the Services.

4. Categories of Personal Data

   The personal data that will be included in User Data will depend upon the user’s use of the Services. To the extent the User Data contains personal data, it may consist of identifying information of Team Members (such as name, email address, physical address, IP address, or other unique identifier), identifying information of third parties with whom data is shared, organization data, and any other personal data contained in documents, images and other content or data in electronic form stored or transmitted by Team Members via the Services.

5. Data Subjects

   The categories of data subjects will depend upon the user’s use of the Services. To the extent the User Data contains personal data, it may concern the user’s Team Members including employees, contractors, collaborators and customers of the user, any individuals collaborating, sharing, or transacting with these Team Members, or any other individual whose information is stored by the user in the User Data as identified in records maintained by the user acting as controller pursuant to applicable privacy laws.