Legal Terms

Privacy Policy

1. Who we are

Mindfuel (“Mindfuel”, “we”, “us”, or “our”) is responsible for the processing of personal data described in this Privacy Notice where we determine the purposes and means of the processing.

Mindfuel AG
Vogelsangstrasse 92
8618 Oetwil am See
Switzerland
privacy@mindfuel.ai

Mindfuel AG is the main customer-facing entity for the Mindfuel services. Other Mindfuel group companies (Mindfuel GmbH & Mindfuel Austria GmbH) may support the provision of services as processors or subprocessors acting on behalf of Mindfuel AG or, where applicable, on behalf of our customers.

2. When this notice applies

This Privacy Notice applies when you interact with Mindfuel in the following contexts:

• as a visitor to our websites;
• as a prospective customer or other business contact;
• as a representative, employee, oradministrator of one of our customers or partners;
• as an end user invited to use acustomer workspace or account;
• as a support contact;
• as a recipient of marketing ornewsletter communications;
• when you otherwise communicate with us in a business context.

This notice does not apply to third-party websites,apps, or services that may be linked from our website or service. Those are governed by their own privacy notices.

3. Controller vs. processor roles

When Mindfuel acts as controller

Mindfuel AG acts as a controller when we process personal data for our own business purposes, for example when we:

• operate and secure our websites;
• respond to contact requests, demos, and sales inquiries;
• manage customer and partnerrelationships;
• send service-relatedcommunications;
• provide support for our own businessrelationship with customers;
• send marketing communications wherepermitted;
• analyse the performance, security,and use of our websites and services for our own purposes.

Other Mindfuel group companies may be involved inproviding the services. Where they process personal data, they do so only as processors or subprocessors and not as independent controllers.

When Mindfuel acts as processor

Mindfuel AG acts as a processor when we process personal data within the Mindfuel product on behalf of our business customers.

This includes personal data that a customer or itsusers enter into, upload to, or otherwise process within the Mindfuel service. In that case, our customer is usually the primary controller and Mindfuel processes the data on the customer’s documented instructions and subject to the applicable contract and data processing agreement.

Important note for end users of customer accounts

If you use Mindfuel through your employer or another organisation that is our customer, that organisation generally controls how your personal data is used in the service. For requestsrelating to data processed in that context, please contact your organisation first.

4. Categories of data we collect

The categories of personal data we collect depend on how you interact with us.

Website and contact data

If you visit our website or contact us, we may collect:

• name;
• business email address;
• company name;
•  job title;
• phone number, where provided;
• message content and correspondence;
• information about your request or interest in our services;
• IP address and browser/device-related information;
• website interaction data, subject to your cookie preferences where required.

Customer account and business administration data

If you represent a customer, partner, or supplier, we may collect:

• name;
• business contact details;
• company name;
• role or function;
• contract, billing, and account administration details;
• communication history;
• records relating to account setup, renewals, and support.

Product usage and support data

If you use the service or contact support, we may collect:

• account identifiers;
• profile information such as language or time zone;
• authentication data or login credentials information, stored securely and in hashed or similarly protected form where applicable;
• usage events and feature interaction data;
• support request content and attachments;
• diagnostic, error, and troubleshooting data;
• device, browser, IP, and similar technical metadata.

Marketing and CRM data

If you interact with our marketing activities, we may collect:

• business contact details;
• company and role information;
• records of event attendance, webinar participation, or content downloads;
• subscription and consent preferences;
• outreach history and campaign interaction data, such as opens, clicks, or form submissions where applicable.

Security and log data

To protect our website and services, we may collect:

• IP address;
• timestamps;
• login attempts and authentication events;
• audit and security event logs;
• device/browser metadata;
• error logs and system activity records.

Data from third parties and public sources

In some cases, we may also receive personal data from third parties, for example:

• business contact details from referral partners;
• information from service providers that help us run our website, support, CRM, analytics, or communications;
• publicly available professional contact details from company websites, LinkedIn, prospecting tools, or similar business sources to enrich, sync and confirm data for B2B outreach and relationship management.

We do not use these sources in an open-ended or unlimited way; we use them only where relevant to our business activities and permitted by applicable law.

5. Purposes and legal bases

We process personal data only where we have a valid legal basis under applicable law. The legal basis depends on the specific processing activity.

Website operation and responding to inquiries

We process website, contact, and communications data to:

• operate our website;
• respond to contact forms, demo requests, and sales inquiries;
• communicate with you about your request.

Legal basis: pre-contractual steps where you request information or a demo; otherwise our legitimate interests in handling business communications and inquiries.

Customer account administration

We process customer and account administration data to:

• onboard customers;
• manage contracts and accounts;
• provide customer communications;
• administer subscriptions, renewals,and billing-related matters.

Legal basis: performance of a contract; where relevant, compliance with legal obligations; and our legitimate interests in administering customer relationships.

Providing and supporting the service

We process product usage, support, and technical data to:

• provide the service;
• authenticate users;
• maintain functionality;
• troubleshoot issues;
• provide customer support;
• improve reliability and usability.

Legal basis: performance of a contract with the customer.

Security, fraud prevention, and abuse detection

We process technical, authentication, and log data to:

• secure our website, systems, and services;
• detect misuse, suspicious activity, and fraud;
• investigate incidents;
• maintain business continuity.

Legal basis: our legitimate interests in protecting our systems, users, and business; and where applicable, compliance with legal obligations.

Product and website analytics

We process analytics and usage data to understand how our website and service are used, measure performance, and improve functionality and user experience.

Legal basis: for non-essential cookies or similar technologies, consent where required; otherwise our legitimate interests inimproving our website and services.

Marketing communications

We process marketing and CRM data to send newsletters, event invitations, product updates, and other business communications.

Legal basis: consent where required by law; otherwise our legitimate interests in B2B marketing and customer relationship management, including soft opt-in where permitted.

You can unsubscribe from marketing communications at any time.

Compliance and legal matters

We process relevant data to:

• comply with legal, accounting, tax, and regulatory obligations;
• establish, exercise, or defend legal claims;
• maintain records required by law.

Legal basis: compliance with legal obligations and our legitimate interests in protecting our legal position.

6. Cookies

We use cookies and similar technologies on our website and, where relevant, in our services. Some cookies are necessary for the operation and security of the website or service. Other cookies help usunderstand usage, measure performance, or support marketing activities.

Where required by law, we will ask for your consent before using non-essential cookies or similar technologies.

Further details, including categories of cookies, retention periods, and how to manage your choices, are set out in our separate Cookie Policy.

7. Sharing with service providers and subprocessors

We share personal data only where necessary and appropriate, including with:

• hosting and infrastructure providers;
• authentication providers;
• analytics and product experience providers;
• customer relationship management and marketing providers;
• email delivery providers;
• support, monitoring, and security providers;
• professional advisers such as legal, tax, audit, or insurance advisers;
• authorities or other third parties where required by law.

Where Mindfuel AG acts as a controller, these providers process personal data on our behalf under appropriate contractual safeguards.

Where Mindfuel AG acts as a processor for customer data in the Mindfuel product, some of these providers act as our subprocessors for the relevant customer data.

Some of the providers listed below may process personal data outside the EEA, UK, or Switzerland under relevant safeguards. Further information about the safeguards we use for such transfers is set outin the “International Transfers” section below.

We also use other Mindfuel group companies (Mindfuel GmbH and Mindfuel Austria GmbH) to support service delivery, administration, support, or operational functions. Where this occurs, such entities act only as processors or subprocessors under appropriate intra-group arrangements.

Third-Party Data Processors – Mindfuel Website

PostHog

We use PostHog (PostHog Inc., 965 Mission St, San Francisco, CA 94103, USA) for website analytics. PostHog helps us understand how visitors use our website, such as which pages are visited andhow users interact with content. To the extent this involves non-essential cookies or similar technologies, the legal basis is your consent where requiredby law. Otherwise, the legal basis is our legitimate interests in understanding website usage and improving our website. PostHog is configured to process usage data (e.g., visited pages and interactions) in the EU.

More information: https://posthog.com/privacy.

Usercentrics

We use Usercentrics (Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, Germany) as our consent management platform tocollect, manage, and document user consent for cookies and similar technologies on our website, and to control the activation of non-essential tags and services based on the user’s preferences. Depending on the implementation, Usercentrics may process consent records, device/browser information, IP address, consent status, timestamps, and related technical metadata. The legal basis is our legal compliance obligations where applicable and our legitimate interests in managing consent preferences and documenting compliance. Further information is available in the provider’s privacy policy.

HubSpot

We use HubSpot (HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA) to manage sales inquiries, lead generation, marketing automation, customer relationship management, and related analytics. The legal basis depends on the activity concerned: pre-contractual steps where your equest information or a demo, consent where required for marketing communications or non-essential tracking, and otherwise our legitimate interests in managing business relationships and marketing our services. The provider processes data in the EU. Further information is available in the provider’s privacy policy at https://legal.hubspot.com/de/privacy-policy.

LinkedIn

We maintain a profile on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). If you interact with our LinkedIn presence or contact us through LinkedIn, we may process your personal data in connection with that interaction. The legal basis is ourlegitimate interests in presenting our business and communicating with prospective customers and other business contacts.

The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy

XING

We maintain a profile on XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany). If you interact with our XING presence or contact us through XING, we may process your personal data inconnection with that interaction. The legal basis is our legitimate interestsin presenting our business and communicating with prospective customers and other business contacts.

The privacy policy is available here: https://privacy.xing.com/de/datenschutzerklaerung

Third-Party Data Processors – Mindfuel Outreach & Prospecting

In addition to the above, we also use dedicated tools for outreach and prospecting to enrich and validate information on prospective customers.

LaGrowthMachine

We use LaGrowthMachine (14 avenue du Général de Gaulle, 94160 Saint-Mandé, France), a multichannel sales automation and prospecting tool, to manage and automate B2B outreach activities, enrich lead records, and sync relevant prospect and communication data with our CRM systems. Depending on the workflow, LaGrowthMachine may process professional profile data, contact details, enrichment data, and records of outreach interactions across channels such as LinkedIn and email. The legal basis is our legitimate interests in conducting B2B outreach, maintaining accurate CRM records, and managing sales and relationship processes efficiently. Further information is available in the provider’s privacy policy: https://lagrowthmachine.com/privacy-policy/

Hublead

We use Hublead (108 Avenue de Tarascon, 84000 Avignon, France), a LinkedIn and HubSpot integration tool, to import business contact details from LinkedIn into HubSpot, enrich CRM records, and synccertain LinkedIn interaction data relevant to sales and relationship management. Depending on the workflow, Hublead may process professional profiledata such as name, LinkedIn URL, job title, company-related information, location, and, where available, business email address and phone number. The legal basis is our legitimate interests in maintaining accurate CRM records, managing B2B outreach, and improving sales and relationship management processes. Further information is available in the provider’s privacy policy: https://www.hublead.io/legal/privacy-policy

GoExtrovert

We use GoExtrovert, a LinkedIn engagement and relationship management tool, to track relevant LinkedIn activity, identify posts from prospects or other business contacts, and support our teams with AI-assisted suggestions for comments and direct messages. Depending on the workflow, GoExtrovert may process professional profile data, publicly visible LinkedIn activity, and related engagement information. The legal basis is our legitimate interests in conducting B2B outreach, strengthening business relationships, and managing relevant prospect interactions efficiently. Further information is available in the provider’s privacy policy: https://www.goextrovert.com/privacy

Anthropic

We use Claude, an AI-based productivity andassistance tool provided by Anthropic (548 Market Street, PMB 90375, SanFrancisco, CA 94104, USA) to support internal business operations, notably outreach to prospective customers. The legal basis is our legitimate interests in operating our business efficiently. Where Claude is used in a context that involves customer data, employees may use it only in accordance with applicable internal policies, contractual restrictions, and data protection requirements. Personal data processed in connection with Claude may be transferred to and processed in the United States or other countries outside the EEA, UK, or Switzerland. Where required, such transfers are safeguarded through appropriate transfer mechanisms under applicable law, such as the European Commission’s Standard Contractual Clauses.

Further information is available in Anthropic’s Privacy Policy: https://www.anthropic.com/legal/privacy

Third-Party Data Processors / Subprocessors – Mindfuel Product

We use the following providers to operate and support the Mindfuel product. To the extent these providers process personal data contained in or generated through customer use of the service, they do so as subprocessors engaged by Mindfuel, and Mindfuel processes that data on behalf of its customers. The applicable legal basis for such in-product processing is determined by the relevant customer as controller.

GoogleCloud

Our SaaS software is hosted using Google Cloud (Google Ireland Limited, Gordon House, Barrow Street 4, Dublin Ireland) infrastructure. Google Cloud supports the hosting and operation of the Mindfuel product and may process personal data transmitted via the SaaS software, such as content data, usage data, meta/communication data, or contact data, to the extent necessary to provide the hosting environment. The provider is configured to host and process data in the EU.

More information can be found in the provider’s privacy policy at https://policies.google.com/privacy

Auth0

We use Auth0 (Auth0 Inc., 10900 NE 8th Street Suite 700, Bellevue, WA 98004, USA) to manage authentication and access to the Mindfuel product. Auth0 may process authentication-related and account-related data, such as email addresses, login metadata, device information, and IP addresses, to enable secure sign-in and account access. The provider is configured to process data in the EU.

More information is available in the provider’s privacy policy at https://auth0.com/privacy.

Jimo

We use Jimo (JIMO SAS, 11 rue de la Pléiade, 94230 Cachan, France), a digital adoption and in-app experience platform, to provide contextual onboarding features within the application, such as product tours, checklists, announcements, hints, changelog banners, and in-app feedback tools including surveys and NPS features. Jimo may process usage data, feedback or response data, and technical metadata to deliver these functions inside the product.

More information is available in Jimo’s privacy policy at https://jimo.ai/privacy.

Sentry

We use Sentry (Functional Software Inc. 45 Fremont Street, 8th Floor San Francisco, California 94105) for application monitoring, error detection, and troubleshooting. Sentry may process technical and diagnostic data, such as application errors and related runtime information, to help us identify and resolve issues affecting the service. Relevant monitoring data may be processed in the United States. Where required, transfers are safeguarded through the European Commission’s Standard Contractual Clauses.

More information is available in the provider’s privacy policy at https://sentry.io/legal/privacy/3.3.1/in-app/.

Datadog

We use Datadog (Datadog, Inc., 620 8th Avenue, 45th Floor, New York, NY 10018, USA) for application performance monitoring andlog management. Datadog may process technical and operational data, such as device information, IP addresses, access times, logs, and related usage data, to help us operate, secure, and troubleshoot the service environment. Relevant monitoring and log data may be processed in the United States. Where required, transfers are safeguarded through the European Commission’s Standard Contractual Clauses.

More information is available in Datadog’s privacy policy at https://www.datadoghq.com/legal/privacy.

Mailjet

We use Mailjet (Mailjet GmbH, Friedrichstraße 68, 10117 Berlin, Germany) to send service-related and transactional emails from the Mindfuel product, such as invitations, access-related communications, and similar operational messages. Mailjet may process contact data such as nameand email address and related message delivery metadata to provide these communications.

More information is available in the provider’s privacy policy at https://www.mailjet.com/legal/privacy-policy/

n8n

We use n8n (n8n GmbH, Novalisstr. 10, 10115 Berlin, Germany) to automate processes and connect Mindfuel to other systems and applications. Depending on the workflow, n8n may process business information and personal data contained in workflow inputs, outputs, logs, API payloads, and related technical metadata. The legal basis is our legitimate interests in operating our business efficiently, reducing manual effort, andmanaging internal processes and system integrations effectively.

Further information is available in n8n’s Privacy Policy: https://n8n.io/legal/privacy/

8. International transfers

Some of our service providers or subprocessors may process personal data outside the EEA, UK, or Switzerland, including in the United States.

Where personal data is transferred internationally, we rely on an appropriate transfer mechanism under applicable law, such as:

• an adequacy decision;
• the EU-U.S. Data Privacy Framework, where applicable;
• the European Commission’s Standard Contractual Clauses and, where relevant, the UK Addendum;
• other valid safeguards permitted by applicable law.

The transfer mechanism used may differ by provider and by service configuration.

9. Retention

We keep personal data only for as long as necessary for the relevant purpose, unless a longer retention period is required or permitted by law.

Examples of our typical retention approach include:

• technical and security logs: typically around 90 days, unless longer retention is needed for security investigations, incident handling, or legal reasons;
• sales inquiries and contact requests: for the period needed to respond to the request and follow up, andthen for a limited period consistent with our business records practices or until opt-out;
• CRM and marketing records: until you opt out, object, or the data is no longer relevant for the relationship; after opt-out, we may retain limited suppression data so we can respect your preferences;
• trial or evaluation data: typically deleted within a limited period after the trial ends based on the specifictrial contract, unless converted into a paid customer relationship or retentionis otherwise required;
• customer account and service relationship data: for the duration of the contract and for a limited periodafterwards based on the specific customer contract for account administration, legal, security, or evidentiary purposes;
• support records: for as long as needed to resolve the support matter;
• contracts, invoices, and statutory business records: for the retention periods required under applicable commercial, tax, and accounting law.

Where deletion is not immediately possible, we may restrict processing and retain the data only for permitted purposes such as legal compliance or the establishment, exercise, or defence of claims.

10. Your rights

Depending on your location and the applicable law, you may have the following rights:

• Right of access – you can ask us what personal data we hold about you and obtain a copy.
• Right to rectification – you can ask us to correct inaccurate or incomplete personal data.
• Right to erasure – you can ask us to delete your personal data in certain circumstances.
• Right to restriction – you can ask us to limit how we use your data in certain cases.
• Right to data portability – you can ask for certain data in a structured, commonly used, machine-readable format.
• Right to object – you can object to processing based on legitimate interests, especially for direct marketing.
• Right to withdraw consent – where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect processing carried out before the withdrawal.
• Right to complain – you can complain to the supervisory authority applicable for you, including in the EU/EEA, the UK, or Switzerland or contact Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, which is Mindfuel AG’s supervisory body.

These rights are not absolute and may be limited by law or by the specific processing context. For example, where Mindfuel processes data only as a processor on behalf of a customer, we may need to refer your request to that customer.

To exercise your rights, contact us at privacy@mindfuel.ai.

11. Contact details

If you have questions about this Privacy Notice or about how we process personal data, please contact our Data Protection Officer:

privacy@mindfuel.ai
Mindfuel AG
Vogelsangstrasse92
8618 Oetwil am See

If you use Mindfuel through a customer organisation and your request relates to data processed in that customer account, please contact your organisation first.

12. Changes to this notice

We may update this Privacy Notice from time to time to reflect changes in our services, legal requirements, or business practices.

Where required by applicable law, we will provide notice of such changes. The latest version will always be made available on our website and will show its effective date.

Additional information

Children

Our services are not directed to children, and we do not knowingly collect personal data from children.

Automated decision-making

We do not currently make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. Ift hat changes, we will provide the information required by applicable law.

Accessibility‍

Website Accessibility Statement‍

Headquarters

‍Switzerland

Mindfuel AG

Vogelsangstrasse 92

8618 Oetwil am See

Switzerland

Germany (Physical Office Location)

Mindfuel GmbH

Franz-Joseph Strasse 18

80801 Munich

Germany

Where to find us

Austria

Mindfuel Austria GmbH

Hermann-Löns-Str 4

5020 Salzburg

Austria