Mindspeller

Log in
Free Trial

Privacy Policy

Mindspeller BV (“Mindspeller,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring that your data is handled transparently, securely, and in full compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

This Privacy Policy explains how we collect, use, store, and share your personal information when you use our NeuroTech and social-insight platform (the “Platform”), which includes our search engine, research tools, advertising modules, and Premium Profiling / Neuroprofiling Services (together, the “Services”).

By using Mindspeller, you agree to this Privacy Policy and our Terms and Conditions, which describe your rights and obligations when using the Platform.

 

1. Information We Collect

We collect information to operate and improve our Services, personalize experiences, and ensure security.

a. Information You Provide

Category

Example Fields

Purpose

Lawful Basis

Account Data

Name, email address, password

Account creation, authentication

Contract

Payment & Profile Data

Payment details, phone number, optional profile info

Billing and identity verification

Contract

Content Data

Emails, survey responses, uploaded documents

Enable analytics, communication, and insights

Consent / Contract

Special-Category Data (EEG / Neuro features)

Brainwave data, ratios, indexes, timestamps, related comments

Generate Premium or Neuroprofile insights

Explicit Consent (Art. 6(1)(a), 9(2)(a))

b. Information Collected Automatically

  • Device & Browser Data: IP address, device type, operating system, and browser version.

  • Usage Data: Interactions, timestamps, and feature engagement metrics.

  • Location Data: Approximate geographic region inferred from IP.

  • Cookies & Local Storage: Used for session continuity, progress tracking, and consent preferences.

c. Third-Party Information

We may receive data from marketing partners, fraud-prevention services, or publicly available databases for verification and analytics.

 

2. How We Use Your Information

We process personal data to deliver, improve, and secure our Services.

Purpose

Description

Lawful Basis

Service Delivery

Authenticate accounts, process searches, display results

Contract

Feature Development & Analytics

Analyze system performance, optimize models

Legitimate Interest

Personalized Content & Ads

Adapt experience and recommendations

Consent

Security & Fraud Prevention

Detect and respond to suspicious activity

Legitimate Interest

Premium / Neuroprofiling Service

Generate personalized insights based on EEG and text input

Explicit Consent

Research & Model Improvement

Aggregate anonymized metrics for calibration

Legitimate Interest (aggregate, non-identifiable data)

 

2a. Automated Decision-Making and Profiling

We use automated algorithms to analyze EEG and textual data to generate Neuroprofile insights (e.g., cognitive patterns, characteristics fit, motive overlap).

  • Logic Involved: AI-based analysis of EEG features and semantic processing of text inputs.

  • Purpose: To generate human-readable feedback and visualization of inferred preferences.

  • Impact: Outputs are advisory only and have no legal or contractual consequences.

  • Human Oversight: You may request human review, express your viewpoint, or contest an automated outcome (Art. 22 GDPR).

  • Transparency: Each profile report identifies the data sources used and provides “Why this insight?” explanations.

 

3. How We Share Your Information

Mindspeller does not sell or share personal data in an identifiable form.

However, we retain the right to aggregate, anonymize, and where lawfully permitted, broker anonymized or statistical datasets that cannot reasonably be used to identify an individual. These aggregated datasets may be used for research, analytics, benchmarking, or commercial purposes supporting Mindspeller’s mission to advance neuro-insight technologies.

a. EEG Hardware and Processing Partners

  • EEG Hardware Provider: used solely for EEG signal acquisition. The headset transmits encrypted data directly to Mindspeller’s platform. EEG Hardware Provider does not access, store, or retain any EEG or personal data.

  • AI Model Provider: used to generate language-based interpretations of aggregated EEG features and optional user text. Only anonymized, minimal prompt data is transmitted. AI Model Provider does not store or use this data for training or any independent purpose. All processing is governed by Standard Contractual Clauses (SCCs) and a Data-Processing Addendum (DPA).

b. Other Service Providers

We use additional subprocessors, such as:

  • AWS (EU Region) – encrypted data hosting and infrastructure.

  • Stripe – secure payment processing.

  • Analytics and security vendors – system monitoring, fraud prevention, and operational support.

All subprocessors act solely under Mindspeller’s instructions and are contractually prohibited from using data for their own benefit.

c. Aggregation and Anonymization

Mindspeller retains the right to aggregate and analyze anonymized or de-identified data (for example, statistical EEG metrics, engagement patterns, or insight-usage trends).
 These datasets contain no personally identifiable information and may be used for:

  • internal research and product improvement,

  • algorithmic calibration and bias analysis, or

  • creation of commercial or academic insight reports based on anonymized trends.

Such aggregation is conducted under GDPR Recital 26 principles for non-identifiable data, ensuring individuals cannot be re-identified.

d. Legal Disclosures

We may disclose information if required by law or to protect the rights, safety, or property of Mindspeller, our users, or others.

 

4. Your Privacy Controls

You have full control over your data and consents:

  • Review & Update: Edit or correct your data through your account or by contacting contact@mindspeller.com.

  • Consent Management: You can view or withdraw consent for EEG data, comments analysis, or AI profiling at any time via your Profile Settings. Withdrawal stops processing immediately.

  • Data Deletion: Request permanent deletion of your data, including neuroprofile outputs, by emailing contact@mindspeller.com.

  • Export & Portability: Request a structured JSON export of your profile data and provenance metadata.

  • Profiling Objection: You may opt out of further profiling without deleting your entire account.

 

5. Data Retention and Security

  • Retention: Aggregated EEG and profiling data are stored only as long as necessary to provide the service or as required by law. Reports are automatically purged or re-derived after expiration.

  • Minimization: Raw EEG windows are not retained beyond transient processing.

  • Encryption: Data is encrypted at rest and in transit.

  • Pseudonymization: User identifiers are replaced by salted hashes in cache keys and prompts.

  • Access Controls: Role-based access and logging of all profile retrievals.

  • Audits & Testing: Regular penetration tests and DPIA reassessments every 12 months.

 

6. Compliance and International Transfers

Mindspeller complies with GDPR, and other privacy frameworks.

  • Legal Bases:

    • Consent – for EEG and profiling data.

    • Contract – for providing core services and authentication.

    • Legitimate Interest – for caching, analytics, and security logging (with balancing test).

  • Transfers to Third Countries:
     EEG and text data sent to the AI Model Provider are covered by Standard Contractual Clauses (SCCs) with documented risk assessments.
     AI Model Provider acts as a data processor under Mindspeller’s instructions.
     Model version, prompt template hash, and timestamp are logged for audit traceability.

  • No Automated Decision with Legal Effect:
     Profiling is informational only and does not result in legal or significant decisions affecting you.

 

7. User Rights under GDPR

You have the following rights under Articles 12–22 GDPR:

Right

Description

Access

Obtain a copy of your personal data and its processing purposes.

Rectification

Correct inaccurate or incomplete information.

Erasure (“Right to be Forgotten”)

Request deletion of your data at any time.

Restriction

Pause processing while a request is being verified.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to profiling or direct marketing.

Withdrawal of Consent

Stop EEG or AI processing immediately.

To exercise your rights, contact contact@mindspeller.com. We will respond within 30 days.

 

8. Data Protection Impact Assessment (DPIA)

Mindspeller has completed an internal Data Protection Impact Assessment (DPIA) for its MindLink / Neuroprofiling module.
This assessment identifies and mitigates privacy risks associated with neuroprofiling, AI processing, and international transfers.

The DPIA includes controls such as:

  • prompt sanitization,

  • retention and deletion limits

  • pseudonymized caching

  • secure cookie attributes, and

  • user transparency improvements.

The DPIA is an internal compliance document currently under review and is not yet available for public disclosure.

 

9. Changes to This Policy

We may update this Privacy Policy periodically. If we make material changes, we will notify you via email or platform notice before the effective date. Continued use of our Services after updates constitutes acceptance of the revised Policy.

Last Updated: October 08, 2025

 

10. Contact Information

 

Mindspeller BV
Leuven, Belgium
contact@mindspeller.com

Mindspeller © 2025. All rights reserved.