Product

Privacy & Data

Transparency is a core value at Mindr-ai. Here is exactly what data we collect, why we collect it, and how we keep it safe.

Our vision: 100% GDPR compliance.

All data processing is designed to follow the General Data Protection Regulation (EU) 2016/679. Formal certifications are in progress.

Mindr-ai is a product of Thrucemi B.V., registered in the Netherlands (KVK 96498196). We are committed to protecting your data and your privacy. Below, we explain in plain language what happens with your data when you use our platform.

COMPLIANCE VISION

100% GDPR

Built GDPR-first from day one

CERTIFICATIONS

In progress

ISO 27001 & NEN 7510 pathway

DATA RESIDENCY

Amsterdam, NL

Scaleway EU infrastructure

AI MODELS

European-first

Mistral infra + EU LLM options

What data we collect and why

Every piece of data we collect serves a clear purpose. Here is the full picture.

DATA	PURPOSE	RETENTION
Message content	Scored by our cognitive pipeline to generate engagement scores and adaptive coaching. PII is automatically scrubbed before processing. Anonymized interaction data is also used to improve our cognitive scoring models.	Until account deletion
Session identifiers	Anonymous IDs that maintain conversation continuity and streak tracking. Not linked to your identity.	Until account deletion
Cognitive scores	Generated by our scoring pipeline (covering dimensions like Specificity, Cognitive Complexity, and Self-Regulation). Used for your personal dashboard, coaching, and to improve our scoring models.	Until account deletion
Behavioral metadata	Active mode, intent classification, and streak count. Used to calibrate coaching and track your cognitive growth over time.	Until account deletion
Technical metadata	Timestamp, API version, and provider used. Required for system reliability, debugging, and performance monitoring.	Until account deletion

What we do and do not collect

We do not collect your name, email address, IP address, or device fingerprint through the scoring API.
We do not store credentials from any third-party platform (OpenAI, Anthropic, Mistral, or others).
We do not sell, share, or monetize your data in any way.
We do not use tracking cookies or advertising pixels on our platform.
We do use anonymized interaction data to improve our cognitive scoring models. All personal information is stripped by our PII scrubber before any data enters our training pipeline.

How we protect your data

Infrastructure

EU-only hosting — all data is stored on Scaleway infrastructure in Amsterdam, the Netherlands. Your data never leaves the EU.
Encrypted connections — all database connections and API traffic use TLS/SSL encryption.
Non-root containers — our application runs under an unprivileged user inside the container, limiting the impact of any potential exploit.

Access control

Authentication required — API access requires JWT token or API key authentication.
CORS lockdown — cross-origin requests are restricted to our official platform domain only.

Privacy by design

Automatic PII scrubbing — our pipeline actively detects and removes personal information from your messages before they enter the scoring engine or are stored in any database. Personal data never reaches the AI model layer.
In-memory file processing — uploaded files are processed in memory only and are never written to disk.
Score redaction for third parties — when Mindr-ai is accessed through third-party platforms, detailed scores are withheld. Only an opaque engagement tier is returned, ensuring your cognitive profile is never stored in external databases.

AI infrastructure & model sovereignty

We believe AI sovereignty matters. That means choosing infrastructure and models that keep your data inside Europe — with providers that are accountable under European law.

Our own models — Mistral infrastructure

Mindr-ai's proprietary scoring models run on Mistral AI infrastructure — a European AI company headquartered in Paris, France. This means your prompts and scores are processed within EU jurisdiction, not routed to US hyperscalers.
Mistral's infrastructure is purpose-built for European enterprise compliance, with data residency guarantees aligned with GDPR requirements.

European LLM options

We offer access to European-hosted large language models as an alternative to US-based providers like OpenAI or Anthropic. Organizations that require full EU data residency for their AI stack can use Mindr-ai with a fully European LLM provider.
Mindr-ai is LLM-agnostic by design — it layers on top of your existing AI provider. Switching to a European LLM requires no changes to your team's workflow.
Contact us if you need guidance on European LLM providers compatible with your compliance requirements.

Hosted in Amsterdam

All Mindr-ai platform infrastructure is hosted on Scaleway data centers located in Amsterdam, the Netherlands. Your data never leaves the European Union.
Scaleway is a European cloud provider (Iliad Group, France) subject to EU law and GDPR obligations — not the US Cloud Act.

Your GDPR rights

Under the General Data Protection Regulation, you have the following rights regarding your data:

Right of access — request a copy of all data we hold about your sessions.
Right to rectification — correct any inaccurate data.
Right to erasure — request deletion of your data at any time.
Right to data portability — receive your data in a structured, machine-readable format.
Right to object — object to the processing of your data.

To exercise any of these rights, contact us at admin@mindr-ai.nl. We respond to all requests within 30 days, as required by GDPR.

For the full legal privacy policy, see our Privacy Policy page. Last updated: 21 March 2026.

Questions about data or privacy?

We're happy to walk you through our data practices in detail. Reach out and we'll answer any question you have.

Get in Touch

About Team Contact Product Blog FAQ Privacy admin@mindr-ai.nl