Privacy Policy

1.1 Company and Service Terms

• MyMindUp (“we,” “us,” or “our”)
• Service: All features, functionalities, programs, and content available through MyMindUp
• Platform: Our website and related services accessible via any device
• User: Any individual accessing or using our services (“you” or “your”)

1.2 Data and Privacy Terms

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data
• Data Controller: MyMindUp, determining the purposes and means of processing personal data
• Data Processor: Third parties that process personal data on our behalf
• Cookie: Small text file stored on your device containing data about your platform usage

1.3 Security Terms

• Authentication: Process of verifying user identity
• Encryption: Process of encoding information to prevent unauthorized access
• Token: Unique identifier used for secure authentication
• SSL/TLS: Security protocols for encrypted data transmission

2.1 Policy overview

This privacy policy explains how MyMindUp collects, uses, and protects your personal data. It provides detailed information about your privacy rights and how you can exercise them.

2.2 Policy application

This policy applies to:

• All users of MyMindUp globally
• All data collection methods
• All service features and functionalities
• All platform versions and updates

2.3 Policy updates

• We reserve the right to update this policy
• Material changes will be notified via email where we have your address
• Continued use after changes constitutes acceptance where permitted by law

3.1 Account information

A. Essential data

B. Optional data

• Email address (often required for authentication)
• Name (may be collected during payment processing)
• Last sign-in timestamp
• Unique account identifiers
• IP addresses
• Phone number (if provided through payment processors)
• User preferences and settings
• Communication preferences

3.2 Service usage data

A. Test results

B. Interaction data

• Final scores or outcomes presented by the Service
• Completion timestamps
• Performance metrics
• Features accessed
• Time spent on platform
• Navigation patterns
• Device information

Individual item responses may be processed in real time; retention depends on product configuration and legal requirements.

3.3 Payment information and processing

We only receive and store limited payment information where applicable:

• Tokenized payment method identifiers
• Last four digits of payment cards
• First six digits of payment cards
• Card expiration dates

3.4 Technical and device data

A. Device information

B. Connection data

C. Performance data

• Operating system and version
• Browser type and version
• Screen resolution
• Device type and model
• Language preferences
• IP address
• Network information
• Connection type
• Geographic location (derived from IP where used)
• Time zone settings
• Load times
• Error messages
• System performance metrics
• Network latency
• Application response times

4.1 Primary processing purposes

A. Service provision

B. Payment processing

C. Communication

• Account creation and management
• Authentication and security
• Feature access and customization
• Customer support
• Service optimization
• Subscription management
• Payment authorization
• Fraud prevention
• Transaction records
• Billing support
• Service updates and notifications
• Security alerts
• Product information
• Support responses
• Legal notices

4.2 Secondary processing purposes

A. Service improvement

B. Analytics and research

• Usage pattern analysis
• Feature optimization
• Performance monitoring
• User experience enhancement
• Bug identification and resolution
• Aggregate usage statistics
• Trend analysis
• Platform optimization
• Feature development
• Performance benchmarking

4.3 Legal bases for processing

A. Contractual necessity

B. Legal obligations

C. Legitimate interests

D. Consent-based processing

• Account management
• Service provision
• Payment processing
• Feature access
• Support services
• Tax compliance
• Financial records
• Legal requirements
• Regulatory compliance
• Safety and security
• Service improvement
• Fraud prevention
• Security maintenance
• Technical optimization
• Business development
• Marketing communications
• Optional features
• Third-party integrations
• Analytics participation
• Feature testing

5.1 Storage location and data transfers

• Personal data is stored using infrastructure providers and regions we select for security and compliance
• Data may be transmitted globally using encrypted channels
• We employ appropriate safeguards for international data transfers where applicable
• We maintain security measures aligned with industry practice

5.2 Security measures

A. Authentication and access

B. Data protection

C. Payment security

D. Backup and recovery

• Strong authentication options where supported
• Session management with automatic termination where configured
• Role-based access control for internal systems
• Principle of least privilege
• Access logging and monitoring
• Encryption for data at rest and in transit where applicable
• Security protocols for data transmission
• Regular security reviews
• PCI DSS compliant payment processing via qualified providers
• Tokenized payment information storage
• No storage of complete card numbers by MyMindUp
• Encrypted payment data transmission
• Regular automated backups where configured
• Disaster recovery planning
• Business continuity measures

5.3 Data breach notification procedures

A data breach may include unauthorized access, accidental loss or destruction, unauthorized disclosure, or any incident compromising confidentiality, integrity, or availability of personal data.

Upon discovering a potential breach, we will initiate our incident response plan, assess scope, contain the incident, document the incident, and evaluate risks to affected individuals.

Where required by law, we will notify affected users and supervisory authorities within applicable timeframes (for example, without undue delay and within 72 hours where GDPR applies).

Notifications will describe the incident, types of data affected, potential impact, steps taken, recommended user actions, and contact information for questions.

6.1 Analytics and infrastructure partners

We may use analytics, error monitoring, tag management, cloud security, and data warehouse services to monitor and improve our platform. Specific vendors may change over time; this section describes typical categories.

Session recording (if used) should be implemented with safeguards such as:

• Tag management and analytics (for example Google Tag Manager / Google Analytics categories)
• Product analytics (for example event-based analytics platforms)
• Large-scale analysis and reporting (for example data warehouse tooling)
• Error monitoring and performance tooling (which may offer session replay features where enabled)
• CDN and security services (for example DDoS protection and performance analytics)
• Masking sensitive inputs
• Limiting collection to what is needed for debugging and performance
• Restricting access internally

6.2 Advertising partners and data sharing

We may work with advertising partners. Partners may receive identifiers, contact information where used for advertising, usage data, device information, and interaction metrics depending on your settings and applicable law.

• Partners may measure ad performance, optimize targeting where permitted, create audience segments, and analyze campaign effectiveness

6.3 User control over tracking

Users can limit tracking through:

• Browser cookie settings
• Ad-blocker extensions
• Device settings
• Platform-specific controls
• Industry opt-out tools (for example DAA/NAI where available)

Limiting tracking may affect personalization and parts of the experience; core service features should remain usable.

7.1 Universal rights

• Access your personal data
• Correct inaccurate data
• Request data deletion (see Section 8.2 for procedures)
• Object to processing where applicable
• Data portability where applicable
• Withdraw consent where processing is consent-based

7.2 Regional privacy rights

Depending on your location, you may have additional rights under laws such as the GDPR (EU/UK), CCPA/CPRA (California), the Australian Privacy Act, PIPEDA (Canada), and other local frameworks.

7.3 How to exercise your rights

Submit requests through the official contact channels listed in Section 12.

We may require email verification, account authentication, and in some cases identity documentation to protect your privacy.

Standard response timelines often include an initial acknowledgment within 72 hours and a substantive response within 30 days, with possible extensions where permitted by law and communicated to you.

Data exports may be provided in machine-readable formats (such as CSV or JSON) using secure transmission where appropriate.

8.1 Retention periods

• Account data: while the account is active and for a short period thereafter as needed for security and legal compliance
• Payment records: as required by law
• Analytics data: for service improvement, typically in aggregate or minimized form
• Communication records: commonly up to 2 years unless a longer period is required
• Security logs: commonly up to 13 months unless a longer period is required

8.2 Deletion procedures

• Account deletion may follow a multi-step verification process
• Data removal is performed systematically
• Backup removal may take additional time (for example up to 90 days)
• We perform checks consistent with our technical environment

9.1 International data transfers

• For users outside certain regions, we use appropriate safeguards such as standard contractual clauses where applicable
• Technical and organizational measures support protection during transfers
• We monitor regulatory requirements relevant to our operations

9.2 Legal jurisdiction and dispute resolution

Before pursuing legal action, users should follow our escalation procedure using the contact emails in Section 12.

Where our Terms and Conditions specify governing law, arbitration, or venue, those provisions apply in addition to this policy.

If you need the exact dispute resolution terms, please review the MyMindUp Terms and Conditions.

Age restrictions and protections:

• Minimum age: 18 years (or the higher age required in your jurisdiction)
• We do not knowingly collect personal information from minors below the applicable age
• Accounts may be terminated if underage use is discovered

11.1 Modification rights

We reserve the right to modify this privacy policy at any time.

11.2 Types of changes

Material changes are those that significantly affect your rights or our obligations (for example major changes to data sharing, fundamental processing purposes, or core privacy rights).

Non-material changes include clarifications, contact updates, formatting, security enhancements, and descriptions of new features where they do not materially reduce your rights.

11.3 Notice requirements

• Material changes: we will provide notice in line with applicable law (for example email where available)
• Non-material changes: may be posted on the website and effective on the posted date
• Continued use may indicate acceptance where permitted by law

11.4 Your options

• Review the current privacy policy on our website
• Discontinue use if you disagree with changes
• Contact us if you have questions about updates

12.1 Company information

For all inquiries including privacy-related matters:

Email: privacy@mymindup.com

General legal escalations: legal@mymindup.com

Postal inquiries: please contact us by email for the correct mailing address for your request type.

12.2 Response timelines

Inquiries will be handled according to the response timelines described in Section 7, where applicable.