Privacy Policy
Effective date: June 8, 2026 — Last updated: June 8, 2026
MINDSTK LLC (“Mindstk”, “we”, “us”, or “our”), located at 1704 Llano St, Santa Fe, New Mexico 87505, USA, operates the Mindstk platform at mindstk.io. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website, API, and services.
1. Information We Collect
Account information: When you register, we collect your email address, password (hashed), and optional company name and profile information you choose to provide.
Usage data: We collect logs of API calls, feature usage, session metadata (IP address, browser type, timestamps), and dashboard interactions to operate and improve the service.
Financial queries: Tickers, screener filters, watchlist items, and research queries you submit are stored to provide the service and personalize your experience. We do not store your personal investment portfolio or financial account details.
Payment information: Billing is handled entirely by Stripe, Inc. We do not store your credit card number or full payment details. We receive and store subscription status, plan type, and Stripe customer identifiers.
Communications: If you contact us at support@mindstk.io, we retain the content of your message to respond and improve support.
2. How We Use Your Information
We use the information we collect to:
- Create and maintain your account
- Provide, operate, and improve the Mindstk platform and API
- Process payments and manage your subscription
- Send transactional emails (account confirmation, password reset, billing receipts)
- Monitor usage against your quota and enforce rate limits
- Detect and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your data to train AI models or sell financial query patterns.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area, our legal bases for processing your personal data are:
- Contract performance: Processing necessary to provide the service you signed up for (account management, API access, billing).
- Legitimate interests: Security monitoring, fraud prevention, and product analytics to improve the platform.
- Consent: Where you have explicitly opted in, such as marketing communications or non-essential cookies.
- Legal obligation: Compliance with applicable laws and regulations.
4. Sharing of Information
We share your information only with:
- Stripe, Inc.: For payment processing. Stripe is PCI-DSS certified. See stripe.com/privacy.
- Cloud infrastructure providers: Hosting, database, and storage services (e.g., AWS) used to operate the platform. These providers act as data processors under our instruction.
- Legal authorities: Where required by law, court order, or to protect the rights and safety of Mindstk and its users.
Any data processor we engage is bound by a data processing agreement and is not permitted to use your data for their own purposes.
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (e.g., billing records retained for 7 years as required by US tax law).
API usage logs are retained for 90 days. Anonymized, aggregated analytics data may be retained indefinitely.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data (“right to be forgotten”).
- Portability: Receive your data in a structured, machine-readable format.
- Objection / Restriction: Object to certain processing or request that we restrict processing.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
California residents have additional rights under the CCPA, including the right to know, the right to delete, and the right to opt out of the sale of personal information (we do not sell personal information).
To exercise any of these rights, contact us at privacy@mindstk.io. We will respond within 30 days.
7. Security
We implement industry-standard security measures including TLS encryption in transit, hashed passwords, API key encryption, and access controls. No system is completely secure; if you believe your account has been compromised, contact us immediately at support@mindstk.io.
8. Cookies
We use cookies and similar technologies for authentication (JWT session) and to remember your preferences. For full details, see our Cookie Policy.
9. International Transfers
Mindstk is based in the United States. If you access the service from outside the US, your data may be transferred to and processed in the United States. Where required by applicable law, we rely on appropriate transfer mechanisms (e.g., Standard Contractual Clauses) for transfers from the EEA or UK.
10. Children
The Mindstk platform is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at privacy@mindstk.io and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top. For material changes, we will notify you by email or by a prominent notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact
MINDSTK LLC
1704 Llano St
Santa Fe, New Mexico 87505
USA
Email: privacy@mindstk.io