Privacy Policy

Effective: May 24, 2026

This Privacy Policy describes how MindMotion, Inc. ("MindMotion," "we," "us," or "our") collects, uses, discloses, and protects information when you visit https://mindmotion.ai (the "Site"). MindMotion, Inc. is a Delaware corporation with its principal place of business in the United States and is the controller of personal data processed through the Site under the EU and UK General Data Protection Regulation ("GDPR" and "UK GDPR").

Information you provide. If you submit our contact form, we collect your name, email address, organization, and the contents of your message. Please do not submit confidential, proprietary, sensitive, regulated, or trade-secret information through the contact form. If you book a meeting with us through a scheduling link shared in correspondence, the scheduling service receives information needed to process the booking, such as your name, email address, and selected time slot.

Information collected automatically. Our hosting provider receives standard request information when you visit the Site, including IP address, browser type, referring page, and timestamps, for technical delivery and security. The Site does not currently use analytics and does not set first-party cookies.

We use the information above to respond to your inquiries, schedule meetings you request, maintain and secure the Site, and comply with applicable law. Under the GDPR and UK GDPR, our legal bases are consent (Art. 6(1)(a)) for information you submit through the contact form or a scheduling link, legitimate interests (Art. 6(1)(f)) for Site security and integrity, and legal obligation (Art. 6(1)(c)) where processing is required by law. You may withdraw consent at any time; withdrawal does not affect processing carried out before withdrawal.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising or for third parties' own marketing purposes.

We use the following providers, each processing information on our behalf under its own privacy practices and our instructions:

• GitHub, Inc. (a Microsoft subsidiary) hosts the Site through GitHub Pages.
• Formspree, Inc. (United States) receives, processes, and stores contact-form submissions in our Formspree account and sends email notifications to our Google Workspace inbox. Formspree acts as a data processor under Standard Contractual Clauses and is SOC 2 Type 2 audited.
• Google LLC provides our business email through Google Workspace and meeting scheduling through Google Calendar.

We and our providers are located in the United States. If you access the Site from outside the United States, your information may be transferred to and processed in the United States. For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, as offered by our providers.

We retain contact-form submissions and meeting-related information no longer than twelve months from the date of last contact, unless a longer period is required to comply with law, resolve disputes, enforce agreements, or maintain appropriate business records. We do not control or directly access GitHub Pages server logs. GitHub logs and retains certain request information, including visitor IP addresses, for security purposes under its own privacy practices.

We maintain reasonable technical and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction, including transport encryption (HTTPS) and least-privilege access controls. These measures are appropriate to the nature of the Site and the limited information we collect. No Internet transmission is fully secure, however, and we cannot guarantee absolute security. In the event of a personal data breach affecting your information, we will notify you and the relevant supervisory authority where required by applicable law.

The Site sets no first-party tracking cookies and uses no third-party analytics. Because no consent is required for the Site's strictly necessary operation, no cookie banner is displayed. If we add features that set non-essential cookies, we will introduce a consent mechanism at that time. Our Site does not currently respond to Do Not Track or Global Privacy Control signals, because we do not engage in the tracking or sharing practices those signals are designed to limit.

We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects concerning you.

European Economic Area, United Kingdom, and Switzerland. Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to processing of your personal data; to data portability; to withdraw consent where processing is based on consent; and to lodge a complaint with your local supervisory authority.

California and other US states. Residents of California and other US states with comprehensive consumer privacy laws may have rights, subject to applicable law, to request access to, correction of, or deletion of personal information, and to opt out of certain processing activities. We do not sell personal information, share personal information for cross-context behavioral advertising, process personal information for targeted advertising, or use personal information for profiling that produces legal or similarly significant effects. We do not collect or process sensitive personal information as defined under the CCPA/CPRA.

Exercising your rights. Submit requests through our contact form, which is our canonical channel for privacy requests. We will verify your request as required by applicable law and respond within the time period prescribed by that law. You may authorize an agent to act on your behalf, subject to reasonable verification.

Appeals. If we decline to act on a privacy request, you may appeal that decision by replying to our response or by submitting a new request through the contact form noting "Appeal" in the message. We will review the appeal and respond within the time period prescribed by applicable law. Where required, we will provide information on how to contact the relevant state attorney general if you remain dissatisfied with the outcome.

The Site is not directed to minors under 18, and we do not knowingly collect personal information from minors. If we learn that we have collected personal information from a minor, we will delete it promptly.

For privacy-related inquiries, including inquiries that would typically be directed to a Data Protection Officer, please contact us through our contact form with "Privacy" noted in the message.

We may update this Policy from time to time. When we do, we will update the effective date at the top of this page. Where applicable law requires additional notice of changes, we will provide it.