MindBreak AI Consulting – Privacy Policy
Effective Date: July 11, 2025
Last Updated: July 11, 2025
1. Introduction
MindBreak AI Consulting (“MindBreak AI,” “we,” “our,” or “us”) is an AI-first consulting firm that designs, builds, and operates AI agents, automations, and related software solutions for clients worldwide. Protecting your privacy and the security of your information are core to our values of transparency and responsible AI. This Privacy Policy explains how we collect, use, share, and safeguard personal data when you:
- visit mindbreak.ai or any site we operate (the “Site”);
- engage us for advisory or technical services;
- use our internal or client-facing AI agents, SaaS dashboards, or APIs; or
- otherwise interact with us online or offline.
This Policy applies to all personal data we process unless a separate contract or notice (e.g., a Data Processing Agreement) states otherwise.
2. Key Definitions
Personal Data / Personal Information: Any information that identifies, relates to, describes, or can reasonably be linked to an individual.
Processing: Any operation performed on personal data (collection, storage, analysis, deletion, etc.).
Controller / Business: The entity that determines the purposes and means of processing personal data.
Processor / Service Provider: The entity that processes data on behalf of the Controller.
AI Providers: Third-party vendors (e.g., OpenAI, Anthropic, Google) whose large-language-model or generative-AI services we may call.
3. What Data We Collect
Identifiers
Examples: Name, email, phone, postal address, job title, employer, account credentials
Source: Directly from you
Commercial info
Examples: Project details, invoices, payment card data (processed by Stripe or similar), transaction history
Source: Directly from you; payment processor
Technical & Usage
Examples: IP address, device type, browser, session metadata, referring URLs, pages visited, interaction logs, prompts sent to our AI agents
Source: Automatically via cookies, SDKs, or server logs
Client Content
Examples: Documents, datasets, code, or prompts you provide for analysis or ingestion by our AI solutions
Source: Direct upload or secure API
Sensitive data (rare)
Examples: Only if explicitly needed for a statement of work (e.g., employee IDs for HR-chatbot proof-of-concept) and always under a DPA
Source: Directly from you
We do not intentionally collect data from children under 16.
4. How We Collect Data
- Direct interactions – forms, email, phone, contracts, in-person events.
- Automated means – cookies, pixel tags, server logs, telemetry from our SaaS dashboards.
- Third-party sources – LinkedIn, public databases, marketing partners, or your authorized integrations (e.g., Google Drive).
- Generated data – analytics summaries, model embeddings, and usage statistics derived from your interactions.
5. Legal Bases / Purposes for Processing
Provide and operate our Site, agents, and services
Legal Basis (GDPR) / Business Purpose (US laws): Contract performance; Legitimate interests
Build, fine-tune, or evaluate AI models on your data
Legal Basis (GDPR) / Business Purpose (US laws): Contract performance; Consent (when required)
Invoicing and payment processing
Legal Basis (GDPR) / Business Purpose (US laws): Contract performance; Legal obligation (tax)
Analytics, service improvement, and security
Legal Basis (GDPR) / Business Purpose (US laws): Legitimate interests
Marketing (newsletters, case studies)
Legal Basis (GDPR) / Business Purpose (US laws): Consent (email opt-in) or Legitimate interests (B2B)
We do not use your personal data for fully-automated decision-making that produces legal or similarly significant effects without human review.
6. How We Use Data
- Deliver services – design, deploy, and maintain AI solutions per statement of work.
- Operate AI agents – route prompts and content to third-party LLM APIs under strict contractual confidentiality.
- Enhance products – aggregate, de-identify usage metrics to improve accuracy and performance.
- Protect security – detect fraud, monitor abuse, and enforce our Terms.
- Marketing & thought leadership – send industry insights, product updates, and event invites (you may opt-out at any time).
7. Sharing & Disclosure
We never sell personal information as defined by the California Consumer Privacy Act (CCPA) and similar state laws. We share data only:
Service Providers (hosting, analytics, payment, email, CRM)
Reason: Perform services on our behalf under confidentiality agreements
AI Providers (LLM APIs)
Reason: Process prompts & content solely to fulfil your request; we disable data retention or opt-out of model training where available
Professional advisers
Reason: Legal, accounting, or insurance purposes
Authorities & law enforcement
Reason: To comply with valid subpoenas, court orders, or legal obligations
Business transferees
Reason: In connection with mergers, financing, or acquisition, with notice to affected users
8. Cookies & Tracking Technologies
We use:
- Essential cookies – site functionality and security.
- Analytics cookies – traffic measurement via Plausible or Google Analytics (IP-masked).
- Marketing pixels – LinkedIn Insight Tag (only on marketing pages).
Cookie banners give you granular control where required by EU, UK, and state laws.
9. Data Retention
We keep personal data only as long as necessary:
- Contracts & billing: 7 years (tax/audit).
- AI prompt & log data: 90 days by default, configurable per client.
- Marketing contacts: until you unsubscribe or two years of inactivity.
- Back-ups: erased within 30 days of scheduled deletion.
10. Security Measures
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Role-based access controls and MFA for all staff.
- Annual penetration tests and continuous vulnerability scans.
- Documented incident-response plan & 72-hour breach-notification commitment (GDPR Art. 33).
11. International Transfers
We are headquartered in Florida, USA. If we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to third countries:
- We rely on EU Standard Contractual Clauses (SCCs) and the UK Addendum.
- We implement supplementary safeguards (encryption, pseudonymization).
- Data may be stored in US-based AWS or GCP regions.
12. Your Privacy Rights
EEA/UK (GDPR)
Rights: Access, Rectification, Erasure, Restriction, Portability, Objection, Lodge complaint with supervisory authority
California (CCPA/CPRA)
Rights: Know, Delete, Correct, Opt-out of “Sale/Share,” Limit use of sensitive data
Colorado, Connecticut, Virginia, Utah
Rights: Access, Delete, Portability, Opt-out of targeted ads/profiling
2025 state laws (Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee)
Rights: Similar rights to access, delete, correct, opt-out; effective dates range Jan 1 – Jul 1 2025 osano.com
To exercise any right, email privacy@mindbreak.ai (subject: “Privacy Request”) or use our self-service portal. We will verify your identity and respond within the timeframe required by law.
13. Automated AI Disclosures
When you send content to our agents, it may be processed by third-party LLMs hosted in the US or EU. We:
- pass only the minimal data required to fulfil your request;
- disable data-logging or model-training flags where offered;
- maintain Data Processing Agreements and audit sub-processors annually.
14. Children’s Privacy
Our services are not directed to children under 16. If we learn we have collected personal data from a child without verifiable parental consent, we will delete it promptly.
15. Changes to This Policy
We may update this Policy to reflect legal, technical, or business changes. We will post the revised version and update the “Last Updated” date. Material changes will be announced via email or in-app notice at least 15 days before they take effect.
16. Contact Us
MindBreak AI Consulting, LLC7005 NW 5th AVE
Boca Raton, FL 33487 USA
Email: privacy@mindbreak.ai
Phone: +1 (561) 350-6736
If you have unresolved concerns, you may lodge a complaint with your local data-protection authority (for EEA/UK residents) or the California Privacy Protection Agency.