MindLab Logo

Data Protection

Privacy Policy

Last Updated: April 25, 2026

At MindLab ("we," "us," or "our"), we provide private AI workflow systems for investment and wealth teams. We understand that private-market research, deal materials, portfolio updates, advisor knowledge, and internal notes can be highly sensitive. This Privacy Policy explains how we collect, use, retain, and protect information when you engage with MindLab.

1. Information We Collect

1.1. Institutional and Personal Information

When you engage with our Service, we may collect information including:

  • Contact Information: Name, corporate email address, and direct line.
  • Institutional Details: Firm name, firm type, firm scale, workflow priorities, urgency, and implementation readiness.
  • Account Credentials: Authentication information used to manage secure access to your MindLab workspace.

1.2. Operational Usage Information

We may collect technical telemetry necessary for security, debugging, support, and service improvement:

  • Interaction Data: Workflow activity, session duration, support requests, and usage patterns.
  • Technical Metadata: IP address, device identifiers, and system-level performance metrics.

1.3. Customer Document Data

If you ingest proprietary deal flow or data rooms into our Service:

  • Processed Content: Text and data extracted from PDFs, spreadsheets, websites, notes, decks, and supporting files for the purpose of research workflow execution.
  • No Model Training by Default: We do not use client documents, deal flow, or proprietary outputs to train public models or cross-client systems.
  • Firm Memory: If your workflow stores approved outputs, source references, or review history, that information is retained only to support your instance and agreed use cases.

2. How We Use Your Information

  • Operationalizing Research:
    To deliver private AI workflows, support target research, create reviewable drafts, maintain reusable company memory, and operate approved advisor experiences.
  • Account and Workspace Management:
    Create and manage your workspace, authenticate users, and support interactions within your firm’s approved workflows.
  • Commercial Administration:
    Process implementation scopes, manage subscriptions, and send billing-related communications for your agreed plan.
  • Architectural Support:
    Respond to briefing requests, provide technical support, and communicate system-level updates.
  • High-Signal Analytics:
    Analyze aggregated or de-identified usage trends where appropriate to improve workflows, support, and product reliability.

3. How We Share Your Information

We do not sell institutional or personal information. Disclosure is strictly limited to:

  • Infrastructure and Service Providers:
    We may use reputable cloud, email, analytics, and infrastructure providers to operate the Service. These providers are used only to support delivery, security, monitoring, and administration of MindLab.
  • Regulatory Requirements:
    We may disclose information if required by a valid legal order, though we prioritize firm notification unless legally prohibited.
  • Institutional Transfers:
    In the event of a corporate restructuring or asset sale, your information will be handled under strict confidentiality agreements and you will be notified of any change in stewardship.

4. How We Protect Your Information

MindLab uses commercially reasonable administrative, technical, and organizational safeguards appropriate for early-stage sensitive workflow software. Specific security controls, deployment boundaries, logging, deletion, and data residency commitments are governed by the applicable agreement and may require enterprise scope.

  • Security Safeguards:
    We use practical safeguards to protect customer workspaces, access, and operational systems. Exact control commitments are defined by the applicable agreement.
  • Deployment Boundaries:
    Deployment scope can be discussed based on customer requirements, including more restrictive environments where technically and commercially supported.
  • Access Controls:
    Access to operational systems and support workflows is limited to authorized personnel and should follow practical least-privilege principles.

5. Data Retention and Control

We retain information only as long as necessary to provide the Service, maintain your firm memory, satisfy legal obligations, and support agreed workflows. Customer document data and approved outputs may be retained inside your instance unless deleted, exported, or otherwise governed by your contract. Upon termination, deletion and export timelines should be handled according to the applicable agreement.

6. Your Rights and Controls

Your firm controls its submitted materials and firm-specific outputs. You have the right to:

  • Log and Support Reporting:
    Request available support or operational information related to your workspace. Enterprise audit reporting may require additional scope.
  • Data Portability:
    Request export of agreed customer materials, approved outputs, or workspace artifacts according to the applicable agreement.
  • Deletion Requests:
    Request deletion of active workspace data according to MindLab’s deletion process. Backup deletion may occur on normal backup cycles, and limited records may be retained for legal, billing, security, or dispute purposes.

7. International Stewardship

Data residency requirements can be discussed for enterprise deployments where technically and commercially supported.

8. Changes to This Policy

We may update this Privacy Policy to reflect evolving practices, legal requirements, or service changes. We will provide notice of material updates through reasonable means, such as posting an updated policy or emailing designated customer contacts where appropriate.

9. AI Governance & Safety

MindLab is designed around source-grounded AI workflows and human review.

  • Source-Grounded Execution: Important assertions should be tied back to source material where possible so teams can inspect, challenge, and verify outputs.
  • Human-in-the-Loop Review: AI outputs are assistive drafts unless your team approves them. Your team remains responsible for investment decisions and external communications.
  • Data Separation: Customer confidential data stays private to your workspace and is not reused across customers. Dedicated deployment or stricter isolation can be scoped where technically and commercially supported.
  • Advisor Boundaries: External-facing advisors only answer from approved knowledge and should route sensitive or unapproved topics back to your team.

10. Contact Stewardship

For inquiries regarding privacy, data handling, or security practices:
Email: privacy@mindlab.io