Logo
← Back to Home

Legal

Privacy Policy

Effective Date: March 1, 2026  ·  Last Updated: March 1, 2026

Myndlayer, Inc. (“Myndlayer,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you access or use our AI-powered pharmaceutical research platform, website, APIs, and related services (collectively, the “Services”). By using the Services, you agree to the practices described in this policy. If you do not agree, please discontinue use immediately.

1. Information We Collect

We collect information in the following categories:

1.1 Account & Registration Data

When you create an account, we collect your name, email address, organization name, job title, and password (stored in hashed form). If you register through a single sign-on (SSO) provider, we receive profile information from that provider as permitted by your settings.

1.2 User-Uploaded Content

The Services allow you to upload documents, files, datasets, and other content (“User Content”) for processing and analysis. We store and process this content solely to provide the Services. You are responsible for ensuring you have the right to upload any content you submit.

1.3 Usage & Interaction Data

We automatically collect information about how you interact with the Services, including query history, agent workflow configurations, feature usage patterns, session duration, and interaction logs. This data helps us improve platform performance and user experience.

1.4 Technical & Device Data

We collect IP addresses, browser type and version, operating system, device identifiers, referring URLs, and crash/error reports. This information is used for security monitoring, debugging, and analytics.

1.5 Communications Data

If you contact us via email, support tickets, or contact forms, we retain those communications and any information you provide within them.

1.6 Payment & Billing Data

Payment transactions are processed by our third-party payment processor (Stripe). We do not store full credit card numbers. We retain billing address, transaction history, and subscription status for accounting and fraud prevention purposes.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services;
  • Process and respond to your queries, documents, and agent workflows;
  • Authenticate your identity and manage your account;
  • Process payments and manage subscriptions;
  • Send transactional communications (account confirmations, security alerts, invoices);
  • Send product updates, newsletters, and marketing communications (with your consent where required);
  • Monitor and analyze usage patterns to improve platform performance and develop new features;
  • Detect, investigate, and prevent fraudulent transactions, abuse, and security incidents;
  • Comply with applicable legal obligations and enforce our Terms of Service;
  • Respond to lawful requests from public authorities, including national security or law enforcement.

We will not use your User Content to train general-purpose AI models or sell your data to third parties for advertising purposes.

3. AI Processing & Document Intelligence

Myndlayer uses large language models (LLMs) and AI inference services to process your documents and generate research outputs. When you submit content for analysis, that content may be transmitted to AI model providers (such as OpenAI, Anthropic, or Google) under strict data processing agreements that prohibit those providers from using your data for model training.

Tenant Isolation: Myndlayer is a multi-tenant platform. Your data is logically isolated from other tenants using access controls and encryption. We do not commingle User Content across organizational accounts.

No Training on Your Data: Your User Content and query history are never used to fine-tune or train AI models that serve other customers. Aggregated, fully de-identified usage metrics (e.g., query volume, feature adoption rates) may be used internally to improve the platform.

Retention of AI Outputs: AI-generated responses, citations, and summaries are stored in your account history and retained for the duration of your subscription plus 90 days, unless you request earlier deletion.

4. Data Storage & Retention

Your data is stored on infrastructure hosted in the United States (AWS us-east-1 and us-west-2 regions). We retain your data as follows:

  • Account data: Retained for the life of your account plus 30 days after deletion;
  • User Content (uploaded documents): Retained for the duration of your subscription plus 90 days;
  • Usage logs and analytics: Retained for up to 24 months in identifiable form, then aggregated or deleted;
  • Support communications: Retained for up to 3 years;
  • Billing records: Retained for 7 years as required by applicable tax and accounting laws.

You may request deletion of your account and associated data at any time by contacting us at privacy@myndlayer.ai. Certain data may be retained longer where required by law or for legitimate business purposes such as fraud prevention.

5. Data Security

We implement industry-standard technical and organizational security measures to protect your information, including:

  • Encryption in transit using TLS 1.2+ for all data communications;
  • Encryption at rest using AES-256 for stored data and documents;
  • Role-based access controls (RBAC) limiting employee access to customer data;
  • Multi-factor authentication (MFA) for all internal systems;
  • Regular third-party penetration testing and vulnerability assessments;
  • SOC 2 Type II audit program (in progress);
  • Incident response procedures with notification timelines compliant with applicable law.

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Services:

Essential Cookies

Required for authentication, session management, and core platform functionality. These cannot be disabled without breaking the Services.

Analytics Cookies

We use Google Analytics to understand aggregate usage patterns. These cookies collect anonymized data about page visits, feature usage, and session duration. You may opt out via the Google Analytics Opt-out Browser Add-on.

Preference Cookies

Used to remember your settings and preferences (e.g., language, display preferences) across sessions.

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect platform functionality.

7. Third-Party Services & Integrations

The Services integrate with or rely on the following categories of third-party providers:

  • AI Model Providers (OpenAI, Anthropic, Google): Process your queries and documents under data processing agreements;
  • Cloud Infrastructure (Amazon Web Services): Hosts platform infrastructure, databases, and file storage;
  • Payment Processing (Stripe): Handles all payment transactions; subject to Stripe’s Privacy Policy;
  • Email Delivery (Resend): Delivers transactional and notification emails;
  • Analytics (Google Analytics): Provides aggregate usage analytics;
  • Authentication Providers: If you use SSO, your identity provider may share profile data with us.

Each third-party provider is bound by contractual data protection obligations. We do not sell your personal information to third parties for their own marketing purposes.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you;
  • Correction: Request correction of inaccurate or incomplete data;
  • Deletion: Request deletion of your personal data, subject to legal retention requirements;
  • Portability: Request your data in a structured, machine-readable format;
  • Objection / Restriction: Object to or request restriction of certain processing activities;
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing;
  • Opt-Out of Marketing: Unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us.

To exercise any of these rights, contact us at privacy@myndlayer.ai. We will respond within 30 days. We may need to verify your identity before processing your request.

9. GDPR & International Data Transfers

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

Legal Basis for Processing: We process your personal data on the following legal bases: (a) performance of a contract (to provide the Services); (b) legitimate interests (security, fraud prevention, product improvement); (c) compliance with legal obligations; and (d) your consent where explicitly obtained.

International Transfers: Your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to legitimize such transfers.

Data Protection Officer: For GDPR-related inquiries, contact us at privacy@myndlayer.ai. You also have the right to lodge a complaint with your local supervisory authority.

10. CCPA / California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you additional rights:

  • The right to know what personal information we collect, use, disclose, and sell;
  • The right to delete personal information we have collected from you;
  • The right to opt out of the sale or sharing of personal information (we do not sell personal information);
  • The right to non-discrimination for exercising your CCPA rights;
  • The right to correct inaccurate personal information.

To submit a CCPA request, contact us at privacy@myndlayer.ai or call us at the number listed on our website. We do not sell personal information to third parties.

11. Children’s Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a minor, please contact us at privacy@myndlayer.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a prominent notice on the platform at least 14 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Myndlayer, Inc.

Privacy & Data Protection

Email: privacy@myndlayer.ai

Website: myndlayer.ai

Terms of Service·Privacy Policy