Privacy Policy

1. Introduction

Altmind (“we”, “our”, or “us”) is committed to protecting your privacy and personal data.

This Privacy Policy explains how Codex Technology LLC, a Wyoming limited liability company (“Company”), collects, uses, discloses, and protects personal data when you access or use the Altmind platform, including our website, applications, integrations, and related services (collectively, the “Service”).

The Service is intended primarily for users located in the European Economic Area (EEA). We do not actively market the Service to users in the United States. However, users located outside the EEA, including in Asia, the Middle East (including the United Arab Emirates), and the United States, may access and use the Service.

For the purposes of the EU General Data Protection Regulation (“GDPR”), Codex Technology LLC acts as the data controller.

By accessing or using the Service, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.

2. Personal Data We Collect

2.1 Information You Provide

We collect personal data that you voluntarily provide, including:

• Account Information: name, email address, and authentication credentials (passwords are stored using secure cryptographic hashing methods).
• Profile Information: optional information you choose to add to your account.
• Communications: messages sent through chat interfaces, integrations, or customer support channels.
• User Content: tasks, notes, reminders, messages, documents, images, voice notes, calendar entries, emails, and other content you create, upload, forward, or submit through the Service.

2.2 Information Collected Automatically

When you use the Service, we may automatically collect:

• Usage Data: interactions with features, timestamps, automation triggers, and performance metrics.
• Device Information: device type, operating system, browser type and version.
• Log Data: IP address, access times, error logs, and referring URLs.
• Approximate Location: inferred from IP address (we do not collect precise GPS location data).

2.3 Information from Third Parties

Where you choose to connect third-party services, we may receive data from:

• Integration Partners: such as email providers, calendar services, messaging platforms, and productivity tools, limited to the permissions you explicitly grant.
• Analytics and Monitoring Providers: aggregated or event-level usage data to help us understand and improve the Service.

3. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

• Performance of a contract (Article 6(1)(b)) – to provide, operate, and maintain the Service.
• Legitimate interests (Article 6(1)(f)) – to improve functionality, develop and secure AI systems, prevent abuse, ensure reliability, and operate the Service efficiently, provided such interests are not overridden by your rights.
• Consent (Article 6(1)(a)) – for marketing communications, non-essential cookies, and certain analytics or AI improvement activities where required by law.
• Legal obligations (Article 6(1)(c)) – to comply with applicable laws and regulatory requirements.

You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. How We Use Personal Data

We use personal data to:

• Provide, operate, and maintain the Service.
• Execute reminders, automations, and integrations you initiate.
• Personalize features and user experience.
• Communicate service-related notices, updates, and support responses.
• Monitor performance, reliability, and usage patterns.
• Detect, prevent, and investigate fraud, abuse, or security incidents.
• Comply with legal, regulatory, and contractual obligations.

Marketing communications are sent only where permitted by law and, where required, based on your consent.

5. Artificial Intelligence and Model Improvement

5.1 Use of Content for AI Improvement

The Service uses probabilistic AI systems. We may use User Content (such as prompts, messages, and interactions) to improve the quality, safety, and performance of our AI systems, including:

• Improving response accuracy and relevance.
• Enhancing contextual understanding.
• Developing safety, reliability, and moderation mechanisms.

Where feasible, we apply technical and organizational safeguards such as data minimization, aggregation, anonymization, or de-identification before using data for AI improvement purposes.

This processing is based on our legitimate interests in improving the Service. Where required by applicable law, we will rely on your consent.

5.2 Opt-Out of AI Training

You may opt out of having your future User Content used for AI model improvement by:

• Adjusting your account settings (where available), or
• Contacting us at hello@altmind.ai.

Opt-out applies prospectively and does not require the deletion of data already processed in aggregated or de-identified form. Opting out may reduce personalization or certain feature quality.

5.3 No Automated Decision-Making

Altmind does not engage in automated decision-making or profiling that produces legal or similarly significant effects on users within the meaning of Article 22 GDPR.

AI outputs may be inaccurate or incomplete and should not be relied upon for legal, medical, financial, or other critical decisions without independent verification.

6. Cookies and Analytics

6.1 Cookies

We use cookies and similar technologies to:

• Ensure essential functionality and security.
• Analyze usage and performance.
• Remember preferences.
• Support marketing activities where consent is provided.

Non-essential cookies and analytics technologies are used only where required consent has been obtained through our cookie consent mechanism. You can manage cookies through your browser or consent preferences. Disabling certain cookies may affect functionality.

6.2 Analytics Providers

We may use analytics tools such as:

• Google Analytics
• PostHog (self-hosted)
• Mixpanel
• Amplitude

These tools help us understand how the Service is used and improve its performance. Data is processed in accordance with applicable data protection laws and contractual safeguards.

7. Data Sharing and Disclosure

We do not sell personal data.

We may share personal data with:

7.1 Service Providers

Trusted third-party vendors providing infrastructure, cloud hosting, analytics, monitoring, communications, and customer support services. These providers act under contractual confidentiality and data protection obligations.

7.2 Legal and Safety Reasons

Where required to comply with applicable law, respond to lawful requests, or protect the rights, safety, and security of users or others.

7.3 Business Transfers

In the event of a merger, acquisition, restructuring, or asset sale, personal data may be transferred as part of the transaction, subject to this Privacy Policy.

8. Data Storage and International Transfers

Personal data is primarily stored in GDPR-compliant data centers located in Frankfurt, Germany.

Because we are a U.S. company and work with service providers and personnel in multiple jurisdictions, personal data may be accessed from or transferred to countries outside the EEA, including the United States.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, monitoring, and security procedures.

No system is entirely secure. While we take reasonable steps to safeguard personal data, we cannot guarantee absolute security.

10. Data Retention

We retain personal data only for as long as necessary to:

• Provide and operate the Service.
• Comply with legal and regulatory obligations.
• Resolve disputes and enforce agreements.

In general:

• Account and User Content is retained for the duration of the active account and deleted upon request, subject to legal or technical limitations.
• Log and security data is retained for limited periods necessary for security, auditing, and compliance.
• Backup data is retained for a limited rolling period and securely deleted thereafter.

11. Your Rights

11.1 EEA Users (GDPR)

You have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Request erasure.
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time.

You also have the right to lodge a complaint with your local supervisory authority.

Requests may be submitted to hello@altmind.ai. We respond within applicable statutory timeframes.

11.2 U.S. Users

Residents of certain U.S. states (including California) may have additional rights to the extent applicable, depending on statutory thresholds and definitions under local laws (such as the CCPA/CPRA).

We do not sell personal information and do not discriminate against users for exercising applicable privacy rights.

11.3 Users Outside the EEA

Users outside the EEA may have rights under their local data protection laws (including, for example, the UAE). We will honor applicable requests in accordance with those laws.

12. Children’s Privacy

The Service is not intended for children under 16 years of age (or a lower age where permitted by local law). We do not knowingly collect personal data from children. If such data is identified, it will be deleted.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or other reasonable means. Continued use of the Service constitutes acceptance of the updated policy.

14. Contact Information

Codex Technology LLC, a Wyoming limited liability company in the United States, acts as the data controller for the purposes of applicable data protection laws. Our primary data processing infrastructure is located in Frankfurt, Germany.

Where required under Article 27 GDPR, we have appointed Euverify Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23 AT2P, Ireland, as our EU representative. The EU representative may be contacted at eurep@euverify.com.

For any questions, requests, or concerns relating to privacy or data protection, you may contact us at hello@altmind.ai.