Privacy Policy

Mindr-ai by Thrucemi B.V. — Last updated 18 March 2026

1. Who We Are

Mindr-ai is a product of Thrucemi B.V., registered in the Netherlands (KVK 96498196). We provide cognitive scoring and adaptive AI coaching through our platform and API.

Contact: admin@mindr-ai.nl

2. What Data We Collect

When you interact with Mindr-ai — directly or via a third-party integration such as a Custom GPT — we may process:

• Message content — the text you send to be scored.
• Session identifiers — an anonymous session ID for conversation continuity.
• Cognitive scores — scores generated by our pipeline (Integrity, Reasoning, Performance, Structure, Complexity, Self-Regulation).
• Behavioral metadata — mode, intent classification, streak count.
• Technical metadata — timestamp, API version, provider used.

3. What We Do NOT Collect

• We do not collect your name, email, IP address, or device fingerprint through the scoring API.
• We do not store OpenAI, Anthropic, or any third-party platform credentials.
• Our PII scrubber actively detects and removes personal information from messages before they enter the scoring pipeline.

4. How We Use Your Data

• Scoring — to generate cognitive engagement scores and adaptive coaching instructions.
• Session continuity — to track conversation streaks and adjust coaching modes.
• Model improvement — anonymised interaction data is used to improve our cognitive scoring models. All personal information is stripped by our PII scrubber before any data enters the training pipeline.

5. Third-Party Integrations & Score Redaction

When Mindr-ai is accessed through third-party platforms (OpenAI Custom GPTs, Claude, Mistral), we apply automatic score redaction:

• Numeric sub-scores, rationale text, and internal system prompts are withheld from API responses.
• Only an opaque engagement tier (high / moderate / developing / low) and a behavioural hint are returned.
• This ensures that your detailed cognitive profile is never stored in OpenAI, Anthropic, or Mistral databases.

Full scoring details are available only on the Mindr-ai dashboard, hosted on EU infrastructure.

6. Data Storage & Security

• All data is stored on Scaleway infrastructure in Amsterdam, the Netherlands (EU).
• Database connections are encrypted (TLS/SSL).
• API access requires authentication via API key or JWT token.
• Cross-origin requests are restricted to our official platform domain only (CORS policy).
• Application containers run under a non-root, unprivileged user to limit the impact of potential exploits.
• Uploaded files are processed in-memory only — they are never written to disk or persisted beyond the duration of the request.
• All personal information is automatically detected and removed by our PII scrubber before data enters the scoring pipeline or is stored.
• We retain your data for as long as your account is active. When you delete your account, all associated data is permanently removed.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access — request a copy of any data we hold about your sessions.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing of your data.

To exercise any of these rights, contact us at admin@mindr-ai.nl.

8. Cookies

The Mindr-ai API does not use cookies. The Mindr-ai website uses only essential cookies required for functionality — no tracking or advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via our website. The “last updated” date at the top reflects the most recent revision.