Privacy Policy

Updated at 2026-02-26

Mind Studios (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Mind Studios.

This Privacy Policy applies to our website and its associated subdomains (collectively, our “Service”). By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

Definitions and key terms

To help explain things as clearly as possible in this Privacy Policy, every time any of the following terms are referenced, they are strictly defined as:

Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or location.
Company: when this policy mentions “Company,” “we,” “us,” or “our,” it refers to Mind Studios, 3828 Chantal Ln, Fairfax, VA 22031, United States, that is responsible for your information under this Privacy Policy.
Country: where Mind Studios or the owners/founders of Mind Studios are based, in this case, the United States
Device: any internet-connected device such as a phone, tablet, computer, or any other device that can be used to visit Mind Studios and use the services.
IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
Personnel: refers to those individuals who are employed by Mind Studios or are under contract to perform a service on behalf of one of the parties.
Personal Data: Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Service: refers to the service provided by Mind Studios as described in the relative terms (if available) and on this platform.
Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
Website: Mind Studios’s site, which can be accessed via this URL: https://themindstudios.com/
You: a person or entity who visits Mind Studios website to use the Services.

Information automatically collected

Certain information — like your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our platform. Other information collected automatically could be an e-mail address, computer and connection information such as browser plug-in types and versions and time zone setting, operating systems and platforms, the full Uniform Resource Locator (URL) clickstream to, through, and from our Website that may include date and time; cookie number; parts of the site you viewed or searched for. During your visits, we may use software tools such as JavaScript to measure and collect session information including page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We may also collect technical information to help us identify your device for diagnostic purposes.

We automatically collect certain information when you visit, use or navigate the platform. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser, and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our platform, and for our internal analytics and reporting purposes.

Sale of Business

We reserve the right to transfer information to a third party in the event of a sale, merger, or other transfer of all or substantially all of the assets of Mind Studios or any of its Corporate Affiliates (as defined herein), or that portion of Mind Studios or any of its Corporate Affiliates to which the Service relates, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Policy.

Affiliates

We may disclose information (including personal information) about you to our Corporate Affiliates. For purposes of this Privacy Policy, "Corporate Affiliate" means any person or entity which directly or indirectly controls, is controlled by or is under common control with Mind Studios, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

Governing Law

This Privacy Policy is governed by the laws of the United States without regard to its conflict of laws provision. You consent to the exclusive jurisdiction of the courts in connection with any action or dispute arising between the parties under or in connection with this Privacy Policy except for those individuals who may have rights to make claims under Privacy Shield or the Swiss-US framework.

The laws of the United States, excluding its conflicts of law rules, shall govern this Agreement and your use of the website. Your use of the website may also be subject to other local, state, national, or international laws.

By using Mind Studios or contacting us directly, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, you should not engage with our website, or use our services. Continued use of the website, direct engagement with us, or following the posting of changes to this Privacy Policy that do not significantly affect the use or disclosure of your personal information will mean that you accept those changes.

Your Consent

We've updated our Privacy Policy to provide you with complete transparency into what is being set when you visit our site and how it's being used. By using our Mind Studios website you hereby consent to our Privacy Policy and agree to its terms.

Links to Other Websites

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by Mind Studios. We are not responsible for the content, accuracy, or opinions expressed on such websites, and such websites are not investigated, monitored, or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction with any other website, including those that have a link on our platform, is subject to that website’s own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

Cookies

Mind Studios uses cookies to identify the areas of our website you have visited. A cookie is a small piece of data stored on your computer or mobile device by your web browser. We use cookies to enhance the performance and functionality of our website. You can opt out of our website using cookies on your browser. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our website correctly or at all. We never place Personally Identifiable Information in Cookies.

More information about our Cookie Policy can be found here.

Blocking and disabling cookies and similar technologies

Wherever you're located you may also set your browser to block cookies and similar technologies, but this action may block our essential cookies and prevent our website from functioning properly, and you may not be able to fully utilize all of its features and services. You should also be aware that you may also lose some saved information (e.g. saved site preferences) if you block cookies in your browser. Different browsers make different controls available to you. Disabling a cookie or category of cookie does not delete the cookie from your browser, you will need to do this yourself from within your browser, you should visit your browser's help menu for more information.

Remarketing Services

We use remarketing services. In digital marketing, remarketing (or retargeting) is the practice of serving ads across the internet to people who have already visited your website. It allows your company to seem like they're “following” people around the internet by serving ads on the websites and platforms they use most.

Kids' Privacy

We do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

Changes To Our Privacy Policy

We may change our Service and policies, and we may need to make changes to this Privacy Policy so that they accurately reflect our Service and policies. Unless otherwise required by law, we will notify you (for example, through our Service) before we make changes to this Privacy Policy and give you an opportunity to review them before they go into effect. Then, if you continue to use the Service, you will be bound by the updated Privacy Policy. If you do not want to agree to this or any updated Privacy Policy, you can leave our website.

Third-Party Services

We may display, include or make available third-party content (including data, information, applications, and other products services) or provide links to third-party websites or services ("Third-Party Services").

You acknowledge and agree that Mind Studios shall not be responsible for any Third-Party Services, including their accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality, or any other aspect thereof. Mind Studios does not assume and shall not have any liability or responsibility to you or any other person or entity for any Third-Party Services.

Third-Party Services and links thereto are provided solely as a convenience to you and you access and use them entirely at your own risk and subject to such third parties terms and conditions.

Facebook Pixel

Facebook Pixel is an analytics tool that allows us to measure the effectiveness of our advertising by understanding the actions people take on our website. We use Facebook Pixel to make sure our ads are shown to the right people. Facebook Pixel may collect information from your device when you use the Service. Facebook Pixel collects information that is held in accordance with its Privacy Policy.

Tracking Technologies

Cookies We use cookies to enhance the performance and functionality of our website. You can opt out of our website using cookies on your browser. However, if you disable cookies, you might not be able to access functionality on our website correctly or at all.
Local Storage Local Storage, sometimes known as DOM storage, provides web apps with methods and protocols for storing client-side data. Web storage supports persistent data storage, similar to cookies but with a greatly enhanced capacity and no information stored in the HTTP request header.
Sessions We use "Sessions" to identify the areas of our website that you have visited. A Session is a small piece of data stored on your computer or mobile device by your web browser.

Information about General Data Protection Regulation (GDPR)

We may be collecting and using information from you if you are from the European Economic Area (EEA), and in this section of our Privacy Policy, we are going to explain exactly how and why this data is collected, and how we maintain this data under protection from being replicated or used in the wrong way.

What is GDPR?

GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have, over their personal data.

The GDPR is relevant to any globally operating company and not just the EU-based businesses and EU residents. Our customers’ data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide.

What is personal data?

Any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical addresses, sexual orientation, and ethnicity.

The Data Protection Principles include requirements such as:

Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
Personal data should only be collected to fulfill a specific company purpose for internal operations and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
Collected personal data:

Data	Retention period
Full name	Employment period + 3 years after termination
Address	Employment period + 3 years after termination
Email	Employment period + 3 years after termination
Phone number	Employment period + 3 years after termination
Taxpayer Identification Number (TIN)	Employment period + 3 years after termination
Photo	Employment period
Online identifiers (cookies, device ID)	Employment period

We also may collect temporary data during our reputational check within recruitment process such as:

Data	Retention period
Information on criminal convictions	1 year
Data on offences	1 year
Court proceedings	1 year

Personal data should be held no longer than necessary to fulfill its purpose.
People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.

Below is the prohibited sensitive data categories we don’t collect:

Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data (for unique identification)
Health data
Data concerning sex life or sexual orientation

Pseudonymised & anonymised data

Pseudonymised data is personal data that is processed in such a way that it cannot be linked to a specific person without additional information. It still remains personal data according to the GDPR.

Anonymised data. If a person cannot be identified in any way, such data is not considered personal and is not covered by the GDPR.

Why is GDPR important?

GDPR adds some new requirements regarding how companies should protect individuals' personal data that they collect and process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. Beyond these facts, it's simply the right thing to do. At Mind Studios, we strongly believe that your data privacy is very important and we already have solid security and privacy practices in place that go beyond the requirements of this new regulation.

Individual Data Subject's Rights - Data Access, Portability, and Deletion

We are committed to helping our customers meet the data subject rights requirements of GDPR. Mind Studios processes or stores all personal data in fully vetted, DPA-compliant vendors. We do store all conversation and personal data for up to 6 years unless your account is deleted. In which case, we dispose of all data in accordance with our Terms of Service and Privacy Policy, but we will not hold it longer than 60 days.

We are aware that if you are working with EU customers, you need to be able to provide them with the ability to access, update, retrieve and remove personal data. We got you! We've been set up as self-service from the start and have always given you access to your data and your customers’ data. Our customer support team is here for you to answer any questions you might have about working with the API.

How we process personal data

Website visitors and marketing communications

We may process:

contact form data (name, email, phone, company name, message);
newsletter subscription details;
browser metadata, cookies, and usage analytics;
IP address and approximate location used for fraud prevention, analytics, and B2B lead identification.

These data are used to:

respond to inquiries and conduct business communications;
provide marketing or informational materials where permitted;
improve website usability, performance, and security;
identify potential business partners.

Processing is based on consent, legitimate interest, or pre-contractual necessity, depending on the interaction.

Clients, partners, and contractual relationships

We process information required to:

negotiate and execute NDAs, SLAs and Statements of Work;
deliver software development, consulting, UX/UI design, QA and related services;
maintain accounting, legal compliance and dispute resolution records.

Client contractual documentation may be stored on a long-term or permanent basis where required for legal protection or regulatory compliance.

Recruitment and candidates

During recruitment we may process:

CVs, contact details and professional history;
correspondence and interview notes;
publicly available professional information (e.g., business networks or references);
background-check information where permitted by law;
language or professional assessment results.

Retention rules:

unsuccessful candidate data — up to 1 year after last interaction;
employee records — duration of employment plus 3 years after termination;
identity, tax, or banking data — retained only as required for employment, accounting, or legal compliance.

Processing is based on consent, contractual necessity, legal obligation or legitimate interest.

Data retention principles

We retain personal data only for the period necessary to achieve the purposes described in this Policy, after which the data are securely deleted, anonymized or archived where legally required.

Retention duration depends on:

contractual or employment obligations;
statutory accounting and tax rules;
dispute-resolution or legal-defense needs;
information-security and fraud-prevention requirements.

Information security and protection measures

We implement organizational, technical and physical safeguards designed to protect personal data from unauthorized access, loss, misuse, or disclosure.

Security practices include:

role-based access control and authentication mechanisms;
encryption of data at rest and in transit;
secure infrastructure, firewalls, endpoint protection, and VPN usage;
monitoring, logging, and incident-response procedures;
employee confidentiality obligations and security awareness training.

Such layered safeguards align with internationally recognized information-security approaches, including ISO-based management practices commonly used in secure software-engineering organizations. Globally recognized standards like ISO 27001 demonstrate structured governance for information security, privacy, and quality management.

Despite safeguards, internet transmission cannot be guaranteed fully secure, and users share information at their own risk.

Sharing personal data with third parties

We may share personal data only where necessary with trusted third-party service providers that support our business operations.

Third-party service providers

Type	Name	Purpose of use
Cloud hosting and infrastructure	AWS, OVH, Hetzner	Hosting of systems, applications, databases, and backups
Communication and collaboration tools	Slack, Google Meet, Zoom, Telegram	Internal and external business communication and coordination
CRM and client management	Copper	Managing leads, clients, and business relationships
Recruitment platforms and HR systems	Djinni, DOU, LinkedIn, Cleverstaff, PeopleForce	Candidate sourcing, recruitment management, and HR administration
Analytics and website tracking	GA4, Clarity	Website analytics, performance monitoring, and marketing insights
Productivity and AI-assistance tools	Grammarly, Claude, GitHub Copilot	Text improvement, development support, and workflow efficiency

We may also disclose data where required by law, regulation or official request.

International data transfers

Where personal data are transferred outside the user’s jurisdiction, we apply contractual, technical and organizational safeguards to ensure an equivalent level of protection consistent with applicable data-protection legislation.

Your data-protection rights

Depending on applicable law, individuals may have the right to:

be informed about data processing;
access their personal data;
correct inaccurate or incomplete information;
request deletion where legally permissible;
restrict or object to certain processing activities;
receive data in a portable, machine-readable format;
withdraw consent at any time;
avoid decisions based solely on automated processing;

If you have any security questions and requests, please contact our security team: [email protected]

California Residents

The California Consumer Privacy Act (CCPA) requires us to disclose the categories of Personal Information we collect and how we use it, the categories of sources from whom we collect Personal Information, and the third parties with whom we share it, which we have explained above.

We are also required to communicate information about rights California residents have under California law. You may exercise the following rights:

Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information we collect, use, or share; (2) purposes for which categories of Personal Information are collected or used by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected about you.
Right to Equal Service. We will not discriminate against you if you exercise your privacy rights.
Right to Delete. You may submit a verifiable request to close your account and we will delete Personal Information about you that we have collected.
Request that a business that sells a consumer's personal data, not sell the consumer's personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

We do not sell the Personal Information of our users.

For more information about these rights, please contact us.

California Online Privacy Protection Act (CalOPPA)

CalOPPA requires us to disclose the categories of Personal Information we collect and how we use it, the categories of sources from whom we collect Personal Information, and the third parties with whom we share it, which we have explained above.

CalOPPA users have the following rights:

Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information we collect, use, or share; (2) purposes for which categories of Personal Information are collected or used by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected about you.
Right to Equal Service. We will not discriminate against you if you exercise your privacy rights.
Right to Delete. You may submit a verifiable request to close your account and we will delete Personal Information about you that we have collected.
Right to request that a business that sells a consumer's personal data, not sell the consumer's personal data.