Privacy Policy

INSIGHT DYNAMICS LLC — PRIVACY POLICY

Effective Date: January 2025
Applies To: MindPilot™ websites, applications, and related services

Insight Dynamics LLC (“Insight Dynamics,” “we,” “us,” “our”) is committed to protecting your privacy and maintaining your trust. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the MindPilot™ platform, including websites, mobile interfaces, APIs, reports, and related services (collectively, the “Service”).

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue your use of the Service.

1. Overview

MindPilot™ is a reasoning-analysis and educational platform that processes text submitted by users to generate structured AI-assisted insights. This Privacy Policy describes:

• What information we collect
• How we use and protect it
• How long we retain it
• When we share it
• Your choices and rights
• How to contact us

This Policy should be read in conjunction with our Terms of Service, which includes mandatory arbitration and governs your use of all MindPilot services.

2. Scope of This Policy

This Privacy Policy applies to information collected through:

• mind-pilot.ai
• Any Insight Dynamics landing pages
• MindPilot report-generation APIs
• MindPilot embedded or third-party tools
• Customer support communication
• Forms, surveys, or feedback channels
• Marketing or promotional interactions

It does not apply to:

• Third-party websites linked from MindPilot
• Third-party platforms you use to access the Service
• Services controlled by other companies or providers

Your use of third-party systems (OpenAI, xAI, Stripe, hosting providers, etc.) is governed by their respective policies.

3. Information We Collect

MindPilot collects limited information necessary to operate, secure, and improve the Service. This includes the following categories:

3.1 Information You Provide Directly

a) User Content

Text, prompts, transcripts, URLs, articles, or other data submitted for analysis (collectively, “User Content”).

User Content is processed only to:

• Provide the requested analysis
• Generate Output
• Support security, abuse detection, and system diagnostics

b) Account Information

If accounts become available, we may collect:

• Name (optional)
• Username
• Email address
• Authentication credentials
• Account preferences

c) Payment Information

Payment information is handled exclusively by Stripe. We do not store full credit card or banking details.

We may receive limited metadata from Stripe (e.g., subscription status or failure reason).

d) Customer Support Communications

Emails, messages, or support inquiries sent to us directly, along with any information you choose to provide when you contact us.

3.2 Information Collected Automatically

We automatically collect certain technical information when you use the Service. This may include:

• IP address (coarse, non-identifying)
• Browser type and version
• Device type, operating system, and settings
• Time zone
• Referring URLs
• Error logs
• Timestamped usage metadata
• Actions taken within the Service
• API request volume and frequency

This information is used for:

• System analytics
• Security
• Abuse detection
• Service improvement

3.3 Cookies & Tracking Technologies

We use minimal tracking technologies, primarily for:

• Site functionality
• Load balancing
• Session management
• Abuse detection
• Security

We do not use advertising cookies, behavioral tracking cookies, or third-party ad networks.

Types of cookies/tools we may use:

• Essential Cookies: Login, security, rate-limiting
• Functional Cookies: Saving simple preferences
• Analytics Cookies: Limited, anonymized usage metrics
• Session Storage: Short-term user state

You can control or delete cookies through your browser settings.

4. How We Use Information

We use the collected information to:

a) Provide and Operate the Service

• Process User Content
• Generate Output
• Maintain Service functionality
• Provide support

b) Improve and Develop the Service

• Debug errors
• Analyze usage trends
• Enhance AI capabilities and reliability
• Build new features

c) Maintain Security and Prevent Abuse

• Detect malicious activity
• Enforce rate limits
• Investigate suspicious requests
• Protect infrastructure integrity

d) Communicate With You

• Respond to support requests
• Provide updates about the Service
• Deliver important notices

e) Comply With Legal Obligations

• Respond to law enforcement requests
• Respond to court orders
• Meet applicable regulatory obligations

5. Data Retention

5.1 General Retention Framework (Hybrid Model)

We retain data only as long as reasonably necessary to:

• Provide the Service
• Secure the system
• Meet legal obligations

Typically:

• Operational logs: 30–90 days
• Error logs: 30–90 days
• Security flags: Up to 12 months when associated with abuse prevention
• Support communications: Retained as needed for service continuity
• User Content: Retained temporarily only to generate Output (unless user explicitly saves it, which is not currently offered)

5.2 Deletion Requests

You may request deletion of specific information by contacting: privacy@mind-pilot.ai.

We may retain certain data when required by law or for legitimate security reasons.

6. How We Share Information

We do not sell your personal information. We do not share your information for advertising. We do not allow third parties to repurpose your data.

We only share information with the following categories of subprocessors as necessary:

6.1 Service Providers

a) AI Processing Providers

We may use providers such as:

• OpenAI
• xAI (Grok)

Purpose: text analysis, enrichment, and output generation. User Content may be transmitted temporarily to these providers for processing, consistent with their privacy commitments.

We do not permit training on User Content.

6.2 Hosting & Infrastructure

We use hosting and delivery providers such as:

• Railway (backend hosting)
• Netlify (frontend hosting)
• GitHub (asset delivery)

These providers receive only operational logs and request metadata necessary to operate the Service.

6.3 Payment Processing

For payments, we use:

• Stripe

Stripe receives payment credentials and transaction details. We receive limited payment metadata (no full card numbers).

6.4 Security & Abuse Mitigation

We may share limited information (e.g., IP address, timestamps) with:

• Anti-abuse services
• Fraud detection tools

Only when necessary for legal or security purposes.

6.5 Legal & Compliance

We may disclose information:

• To comply with applicable laws
• To respond to subpoenas or lawful requests
• To protect the rights or safety of Insight Dynamics, users, or the public

We review all requests carefully.

7. Your Choices & Rights

MindPilot is designed to collect minimal personal information. Even so, we provide clear rights and controls over how your information is handled.

7.1 Access and Correction

You may request:

• Confirmation of whether we hold personal information about you
• A copy of your information
• Corrections to inaccurate information

These requests can be sent to privacy@mind-pilot.ai.

7.2 Deletion Requests

You may request deletion of:

• User Content (if stored — typically transient)
• Support correspondence
• Account information (if accounts are activated)
• Certain logs, to the extent feasible

We may retain information as required by:

• Law
• Security obligations
• Fraud prevention
• Abuse investigations
• Transaction records

7.3 Opt-Out of Marketing

If Insight Dynamics sends email updates or announcements, you may opt out via:

• Unsubscribe link in the email
• Email to privacy@mind-pilot.ai

We do not run behavioral advertising or sell personal information.

7.4 Cookies

You can disable cookies in your browser settings.

Essential cookies are required for site functionality.

7.5 AI Transparency

We disclose that AI providers process User Content solely to operate the Service. We do not use personal data to train our own models, and we do not permit partners to do so.

You acknowledge that disabling certain tracking technologies (e.g., cookies, local storage) may limit functionality.

8. Children’s Privacy

MindPilot is not intended for children under 13 years of age.

We do not knowingly collect information from children under 13. If we learn that a child has provided information, we will:

• Remove the information
• Terminate related accounts (if any)
• Block further access

Parents or guardians who believe a child has accessed the Service may contact: privacy@mind-pilot.ai.

9. International Users

Although Insight Dynamics LLC is a U.S.-based company, users worldwide may access the Service.

9.1 Cross-Border Processing

By using the Service, international users acknowledge and agree that:

• Information may be transferred to, stored in, and processed in the U.S.
• U.S. privacy laws may differ from those in their home jurisdiction
• Insight Dynamics operates primarily under U.S. legal frameworks

9.2 International Transfers

We rely on:

• Contractual agreements
• Hosting providers committed to international security standards

We do not provide GDPR-specific rights unless required by law or unless this Policy is updated to do so in the future.

10. Data Security

We employ reasonable, industry-aligned security measures to protect information from unauthorized access, alteration, disclosure, or destruction.

These include:

• HTTPS/TLS encryption
• Network segmentation
• Infrastructure isolation
• Access controls
• Rate limiting
• Automatic scaling and circuit breakers
• Regular security reviews
• Abuse and anomaly detection
• Subprocessor security requirements

10.1 No Absolute Guarantee

Despite safeguards, no system is perfectly secure. You acknowledge that:

• Internet transmissions involve inherent risks
• No method of storage is 100% secure
• You use the Service at your own risk

If a breach occurs, we will notify you when required by applicable law.

11. Data Transfers to Service Providers

To deliver the Service, we may transfer information to subprocessors, including:

• AI providers (e.g., OpenAI, xAI/Grok)
• Hosting providers (e.g., Railway, Netlify, GitHub)
• Payment processor (Stripe)

Each provider is contractually obligated to comply with applicable data-protection standards.

We do not allow providers to repurpose or sell information.

12. Dispute Resolution & Arbitration

This Privacy Policy mirrors the same arbitration structure as the Terms of Service.

12.1 Mandatory Arbitration

You and Insight Dynamics LLC agree that any disputes relating to privacy or data handling, including any claims based on this Privacy Policy, shall be resolved exclusively through binding arbitration, except for claims eligible for small claims court.

12.2 Arbitration Forum

Arbitration will be conducted by:

• JAMS, or
• AAA (American Arbitration Association)

in accordance with their applicable rules.

Proceedings may be held:

• Remotely, or
• In Chicago, Illinois

12.3 Class Action Waiver

You agree not to:

• Participate in a class action
• Act as a class representative
• Join class claims

Any class-based proceeding is prohibited.

12.4 Arbitration Opt-Out

You may opt out within 30 days of accepting this Policy by emailing legal@mind-pilot.ai with the subject line “Arbitration Opt-Out — Privacy Policy”.

13. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time.

If we make material changes, we will:

• Post the updated version on the MindPilot website
• Update the “Effective Date” at the top of the policy
• Provide additional notice when required (e.g., email if accounts exist)

Your continued use of the Service after changes become effective constitutes acceptance of the revised terms. If you disagree with any changes, you must stop using the Service.

14. Limited Regional Disclosures

This Privacy Policy is designed for primary U.S. compliance. We include only minimal disclosures for international users.

14.1 California Residents (CCPA Light Disclosure)

Although Insight Dynamics LLC is not currently subject to CCPA obligations (e.g., due to revenue threshold and user-volume criteria), we voluntarily disclose the following principles for transparency:

• We do not sell personal information
• We do not share personal information for advertising
• You may request access or deletion of your information
• Identity verification may be required

If, in the future, MindPilot becomes legally subject to CCPA/CPRA, we will update this Policy accordingly.

14.2 European Union, UK, Switzerland

MindPilot does not currently offer region-specific GDPR rights. Users in these regions acknowledge:

• The Service is operated in the United States
• Data may be transferred to and processed in the U.S.
• U.S. privacy laws may not provide the same level of protection as European laws

We will revise this Policy if our international operations materially expand or if we become subject to region-specific legal requirements.

14.3 International Users (General)

By accessing MindPilot from outside the United States, you consent to:

• U.S.-based processing
• Data transfer to service providers in the U.S.
• Application of U.S. law and arbitration provisions

15. Corporate Data Protection Commitments

Even though MindPilot is an early-stage product, Insight Dynamics LLC voluntarily adheres to strong privacy and security principles.

15.1 Minimal Data Collection

We collect only what is necessary to operate and secure the Service.

15.2 No Sale of Data

We do not sell personal information under any circumstances.

15.3 No Behavioral Advertising

We do not use ad-tracking networks or targeted advertising technologies.

15.4 No Model Training on User Content

We do not use User Content to train any machine learning models.

15.5 Reasonable Security Standards

We adopt commercially reasonable technical and organizational measures.

15.6 Subprocessor Accountability

We vet subprocessors for:

• Security certifications
• Data handling commitments
• Compliance with industry standards

15.7 Transparency

We maintain open communication on:

• Subprocessors
• Retention periods
• Material policy changes
• Security incidents (if legally required)

16. Enforcement & Complaints

If you believe your privacy rights have been violated or have concerns about our practices, you may contact us at: privacy@mind-pilot.ai.

We will investigate and respond promptly.

17. Governing Law

This Privacy Policy is governed by the laws of the State of Illinois, without regard to conflict-of-law principles.

Except as otherwise stated, disputes are subject to our mandatory arbitration provision (Section 12).

18. Contact Information

For privacy questions, data requests, or legal notices:

Insight Dynamics LLC
Attn: Privacy Office
5611 Rosinweed Lane
Naperville, IL 60564
United States

Email: privacy@mind-pilot.ai
Website: https://mind-pilot.ai

19. Effective Date & Versioning

Effective Date: January 2025
Version: 1.0 (Initial release)

We may publish later versions and maintain an archive of changes as the Service and legal requirements evolve.