MindLab Logo

Privacy Policy

Effective Date: January 1, 2026

At MindLab ("we," "us," or "our"), we provide a sovereign intelligence layer for high-conviction capital firms. We understand that in private equity and investment management, data privacy is existential. This Privacy Policy explains our commitment to data sovereignty and the rigorous standards we maintain for your information.

1. Information We Collect

1.1. Institutional and Personal Information

When you engage with our Service, we may collect information including:

  • Contact Information: Name, corporate email address, and direct line.
  • Institutional Details: Firm name, Assets Under Management (AUM), and primary strategic mandate.
  • Account Credentials: Encrypted credentials used for secure access to your sovereign instance.

1.2. Operational Usage Information

We log technical telemetry necessary for the security and optimization of the platform:

  • Interaction Data: Workflow execution logs, session duration, and capsule utilization.
  • Technical Metadata: IP address, device identifiers, and system-level performance metrics.

1.3. Sovereign Document Data

If you ingest proprietary deal flow or data rooms into our Service:

  • Encapsulated Content: Text and data extracted from PDFs, Excel sheets, and legal agreements for the purpose of autonomous analysis.
  • Zero-Retention Guarantee: We do not retain, store, or use this data for model training purposes. Your data room analysis is processed in a secure, isolated environment.

2. How We Use Your Information

  • Industrializing Diligence:
    To deliver our sovereign intelligence layer, automate investment triage, and generate citation-backed artifacts for your Investment Committee.
  • Sovereign Account Management:
    Create and manage your institutional instance, authenticate users, and support interactions within your firm’s boundary.
  • Commercial Administration:
    Process mandates, manage subscriptions, and send billing-related communications for your AUM-tiered plan.
  • Architectural Support:
    Respond to briefing requests, provide technical support, and communicate system-level updates.
  • High-Signal Analytics:
    Analyze anonymous usage trends to improve our algorithms and refine the performance of the expert bench.

3. How We Share Your Information

We do not sell institutional or personal information. Disclosure is strictly limited to:

  • Sovereign Service Providers:
    We may utilize high-security third-party infrastructure (e.g., Azure Government, AWS GovCloud) for hosting. These providers are contractually bound to the same zero-retention and data-sovereignty standards we uphold.
  • Regulatory Requirements:
    We may disclose information if required by a valid legal order, though we prioritize firm notification unless legally prohibited.
  • Institutional Transfers:
    In the event of a corporate restructuring or asset sale, your information will be handled under strict confidentiality agreements and you will be notified of any change in stewardship.

4. How We Protect Your Information

We implement the architectural guardrails expected by global financial institutions:

  • End-to-End Encryption:
    Data is encrypted using AES-256 at rest and TLS 1.3 in transit.
  • Sovereign Boundaries:
    Instances can be deployed within your VPC, ensuring that data never leaves your firm's security perimeter.
  • Zero-Trust Access:
    Internal access to support logs is restricted via multi-factor authentication and just-in-time provisioning.

5. Data Retention and Sovereignty

We retain information only as long as necessary to fulfill your firm’s strategic mandates. Upon termination of service, all sovereign document data is purged from our systems within 30 days, or as otherwise dictated by your specific data retention policy.

6. Your Rights and Mandates

Your firm maintains ultimate sovereignty over its data. You have the right to:

  • Audit Access:
    Request logs of all system interactions and data processing activities.
  • Data Portability:
    Extract your firm's proprietary knowledge pool and analytical artifacts at any time.
  • Mandated Deletion:
    Request the immediate purge of specific data rooms or deal-flow histories.

7. International Stewardship

For regional funds, we offer data residency pinning, ensuring that your data remains within specific jurisdictions (e.g., Singapore, EU, or US) to comply with local regulatory frameworks.

8. Changes to This Policy

We may update this Privacy Policy to reflect evolving security standards. We will notify your designated compliance officer of any material changes via corporate email.

9. Contact Stewardship

For inquiries regarding data sovereignty or security architecture:
Email: privacy@mindlab.io