MindletMindlet

Privacy Policy

Last updated: February 4, 2026

1. Introduction

Mindlet ("we," "us," or "our") is an AI-powered chatbot platform operated as an individual service based in India. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, chatbot creation platform, and embedded chatbot widgets.

By using Mindlet, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account or use our service, we collect:

  • Account Information: Email address, full name, password (encrypted and hashed via Supabase)
  • Payment Information: Processed securely through Dodo Payments (we do not store credit card details)
  • Optional Contact Information: Phone number (for appointment scheduling features)
  • Profile Data: Organization details, subscription plan, billing preferences (currency, billing period)

2.2 Automatically Collected Information

When you use our service or chatbot widgets, we automatically collect:

  • Browser Metadata: Browser type, browser version, operating system, timezone
  • IP Address and Location: IP address, country detected from IP
  • Usage Analytics: Pages visited, time spent, interactions via Vercel Analytics
  • Session Data: Session IDs stored in browser localStorage for chat continuity
  • Conversation Data: Messages exchanged with chatbots, timestamps, feedback (thumbs up/down)

2.3 Third-Party Integration Data

If you connect third-party services:

  • Google OAuth: Email, profile information for authentication
  • Notion: OAuth credentials, workspace data you choose to connect
  • Calendly/Cal.com: Scheduling links, appointment details, invitee information (name, email, phone)

3. How We Use Your Information

We use collected information for:

  • Service Delivery: Create and maintain your account, process authentication, provide chatbot functionality
  • AI Processing: Generate chatbot responses using OpenAI, Anthropic (Claude), and Groq APIs
  • Payment Processing: Handle subscriptions and billing through Dodo Payments
  • Analytics: Understand usage patterns, improve service quality, track chatbot performance
  • Customer Support: Respond to inquiries, troubleshoot issues, provide assistance
  • Security: Detect fraud, prevent abuse, enforce terms of service
  • Communications: Send service updates, security alerts, billing notifications
  • Integrations: Enable features like web scraping (Firecrawl), appointment booking (Calendly/Cal.com), knowledge base connections (Notion)

4. Third-Party Services

We share your data with the following third-party service providers to operate our platform:

Supabase: Database, authentication, file storage (email, passwords, user data)
OpenAI: AI model processing for chatbot responses (message content)
Anthropic (Claude): AI model processing for chatbot responses (message content)
Groq: Tag analysis and categorization (conversation data)
Dodo Payments: Payment processing (billing information, currently in test mode)
Firecrawl: Web scraping for chatbot knowledge base (URLs you provide)
Notion: Optional integration for knowledge base syncing (OAuth credentials)
Calendly/Cal.com: Appointment scheduling features (invitee contact details)
Vercel Analytics: Anonymous usage tracking and performance monitoring

Each third-party service has its own privacy policy. We recommend reviewing their policies to understand how they handle your data.

5. Cookies and Tracking Technologies

We use the following tracking technologies:

  • Authentication Cookies: Supabase session cookies to keep you logged in
  • Local Storage: Session IDs for chat continuity, lead form data, user preferences
  • Analytics: Vercel Analytics (no third-party tracking pixels like Google Analytics or Facebook Pixel)

You can control cookies through your browser settings, but disabling them may affect functionality.

6. Data Retention and Deletion

We retain your personal data for 14 days after you request deletion or close your account. During this period, you can request data recovery. After 14 days, all personal information is permanently deleted from our systems.

Active account data is retained as long as your account remains active and for legitimate business purposes (e.g., billing records for tax compliance).

7. Data Security

We implement industry-standard security measures to protect your data:

  • Passwords are hashed and encrypted using Supabase's secure authentication system
  • Row-Level Security (RLS) policies in our database to prevent unauthorized access
  • HTTPS encryption for all data transmission
  • Regular security updates and vulnerability patching
  • Access controls limiting who can view your data

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

8. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information through your account settings
  • Deletion: Request deletion of your account and associated data (14-day retention period applies)
  • Export: Download your chatbot data, conversations, and leads
  • Opt-Out: Unsubscribe from marketing emails (service notifications may still be sent)
  • Object: Object to certain data processing activities

To exercise these rights, contact us at hello@mindlet.io

9. GDPR and International Compliance

We are currently working towards full GDPR (European Union) and CCPA (California) compliance. If you are located in the EU, EEA, UK, or California, you have additional rights under those regulations.

Legal Basis for Processing (GDPR): We process your data based on:

  • Consent: You provide explicit consent when creating an account
  • Contract: Processing necessary to provide our service
  • Legitimate Interests: Fraud prevention, security, service improvement

International Data Transfers: Your data may be transferred to and processed in countries outside your jurisdiction, including where our third-party service providers operate (e.g., United States). We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at hello@mindlet.io

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Updating the "Last updated" date at the top of this page
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on our website

Continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: hello@mindlet.io

Service Operator: Individual operator based in India

Jurisdiction: India

We will respond to your inquiry within 30 days.

By using Mindlet, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.