Privacy Policy

Last Updated: August 25, 2025

GuidedMind AI, Inc. ("GuidedMind," "Company," "we," "us," or "our") has prepared this Privacy Policy to explain (1) what personal information we collect, (2) how we use and share that information, and (3) your choices concerning our privacy and information practices.

Applicability of this Privacy Policy

We provide an artificial intelligence platform for developing, deploying, and managing RAG (Retrieval-Augmented Generation) applications, AI agents, knowledge graphs, and workflow automation (the "Services"). This Privacy Policy applies to personal information that we collect in connection with the Services, our website(s), and any other products and/or services that specifically link to this Privacy Policy.

Our Services are designed for businesses and are not intended for personal, family, or household use. Accordingly, we treat all personal information covered by this Privacy Policy as pertaining to individuals acting as business representatives, rather than in their personal capacity.

If you are a customer of GuidedMind, this Privacy Policy does not apply to personal information that we process on your behalf as your service provider. Such personal information shall instead be governed by the terms and conditions of the separate customer agreement or terms of service that you have agreed to with GuidedMind.

1. Personal Information We Collect

1.1 Information You Provide to Us

Account Information: When you create an account to use the Services, we collect information such as your email address, password, and other similar account registration information.

Payment Information: If you are using a paid version of the Services, you may need to provide us with payment information, such as credit card information, banking information, or a billing address. We may use third-party payment providers to process payments on the Services. In particular, credit card information is stored and processed by our payment providers on our behalf.

Business Contact Information: If you are a representative of one of our actual or prospective customers, suppliers or business partners, we may collect personal information about you (such as your name, contact details and role) when entering into an agreement with your company or otherwise during the course of our relationship with your company.

Content and Documents: We collect and process documents you upload (PDFs, text files, CSVs, images), chat messages and conversations with AI agents, custom workflows and chains you create, knowledge graphs and project configurations, and API keys and OAuth connections you establish.

Feedback or Correspondence: Information you provide when you contact us with questions, feedback, reviews, or otherwise correspond with us online.

Usage Information: Information about how you use the Services and interact with us, including service usage patterns and feature interactions.

Marketing Information: Your preferences for receiving communications about our activities, services, newsletters, and publications, and details about how you engage with our communications.

Other Information: We may collect other information that is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

1.2 Information We Obtain from Third Parties

We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources and data providers, for the purposes of marketing products and services that may interest you, delivering personalized communications, and other similar activities.

In addition, we may maintain pages on social media platforms, such as Twitter, LinkedIn, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider's privacy policy will apply to your interactions and their collection, use and processing of your personal information.

1.3 Automatic Data Collection

We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:

Device Data: Your computer's or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.

Online Activity Data: Pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

Email Open/Click Information: We may use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.

Technical Data: Vector embeddings created from your documents, metadata about processed files, system logs and debugging information, integration data from connected third-party services, API call logs and request/response data, and performance metrics and error logs.

We may use the following tools for automatic data collection:

Cookies: Text files that websites store on a visitor's device to uniquely identify the visitor's browser or to store information or settings in the browser
Local Storage Technologies: Like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data
Web Beacons: Also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened

For additional details, please see our Cookie Policy section below.

2. How We Use Your Personal Information

2.1 To Operate Our Services

We use your personal information to:

Provide, operate, maintain, secure and improve our Services
Process and analyze your uploaded documents and generate vector embeddings for RAG functionality
Create knowledge graphs and visualizations
Enable AI chat conversations with document context
Provide information about our Services
Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages
Manage your subscription and billing
Respond to your requests, questions and feedback

2.2 Marketing and Advertising

We may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email. You may opt out of our marketing communications as described in the "Opt out of marketing communications" section below.

2.3 For Research and Development

We may use your personal information for research and development purposes, including to analyze and improve our Services and our business. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.

2.4 Compliance and Protection

We may use personal information to:

Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities
Protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims)
Audit our internal processes for compliance with legal and contractual requirements and internal policies
Enforce the terms and conditions that govern our Services
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft

2.5 Legal Bases for Processing (for United Kingdom and EEA Individuals)

If you are an individual in the United Kingdom or European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable United Kingdom and/or EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests
You give us consent to do so for a specific purpose
We need to process your data to comply with a legal obligation

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

3.1 Service Providers

We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our Services (such as lawyers, bankers, auditors, insurers, and providers that assist with hosting, analytics, email delivery, marketing, and database management services). This includes:

Payment processing (Stripe)
Email delivery (Resend)
Authentication services (Google OAuth)
Cloud hosting and infrastructure
Analytics and monitoring
Customer support tools

3.2 Authorities and Others

We may disclose your personal information to law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

3.3 Business Transfers

We may transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

3.4 Affiliates

We may share personal information with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with us. Our affiliates may use the personal information we share in a manner consistent with this Privacy Policy.

3.5 Cross-Border Processing of Your Personal Information

We are headquartered in the United States. To provide and operate our services, it is necessary for us to process your personal information in the United States. If we transfer personal information across borders such that we are required to apply appropriate safeguards to personal information under applicable data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.

4. Data Processing and AI Training

4.1 Document Processing

When you upload documents, we:

Extract and analyze text content
Create vector embeddings for semantic search
Generate summaries and insights
Build knowledge graph relationships
Enable contextual AI responses

4.2 AI Model Training

We may use aggregated, anonymized usage patterns to improve our AI models
Your specific documents and conversations are not used to train models accessible to other users
We do not use your personal content for general AI training without explicit consent

4.3 Vector Embeddings

Vector representations of your content are created for RAG functionality
These embeddings are stored securely and used only for your projects
Embeddings may be retained after document deletion for technical reasons

5. Data Storage and Security

5.1 Data Storage

Your data is stored on secure cloud infrastructure
Documents and embeddings are stored in PostgreSQL with pgvector extension
Vector data may also be stored in Qdrant vector database
Data is encrypted at rest and in transit

5.2 Security Measures

We implement:

Industry-standard encryption protocols
Secure authentication systems (NextAuth v5)
Regular security audits and monitoring
Access controls and permission management
Secure API endpoints with authentication

5.3 Data Retention

Account data is retained while your account is active
Documents and associated data are retained according to your subscription plan
Usage logs may be retained for up to 2 years for security and analytics
You can request data deletion by contacting us

6. Your Choices

6.1 Personal Information Requests

In certain circumstances (including based on where you are located), you may have the following rights in relation to your personal information:

The right to learn more about what personal information of yours is being processed, how and why such information is processed and the third parties who have access to such personal information. We have made this information available to you without having to request it by including it in this Privacy Policy
The right to access your personal information
The right to rectify/correct your personal information
The right to restrict the use of your personal information where permitted under applicable law
The right to request that your personal information is erased/deleted where permitted under applicable law
The right to data portability (i.e. receive your personal information or have it transferred to another controller in a structured, commonly-used, machine readable format) where permitted under applicable law
The right to object to processing of your personal information or to direct us not to share your personal information with a non-affiliated third party where permitted under applicable law

To make a request, please contact us as provided in the "How to Contact Us" section below. We may ask for specific information from you to help us confirm your identity. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

In addition, where you have provided your consent to processing for the purposes indicated above, you may withdraw your consent at any time by contacting us below.

Please note that in some circumstances, we may not be able to fully comply with your request, for example if we are required to retain certain information about you to comply with applicable laws and regulations or if the information is necessary in order for us to provide the services you requested. We will not discriminate against you for exercising your rights. We will not deny you access to our services, or provide you a lower quality of services if you exercise your rights.

You also have the right to lodge a complaint with the relevant authority or a supervisory authority in the UK or EU member state of your usual residence or place of work or of the place of the alleged breach, if you consider that the processing of your personal information carried out by GuidedMind has breached data protection laws.

6.2 Opt Out of Marketing Communications

You may opt out of email communications by following the opt-out or unsubscribe instructions at the bottom of the email.

6.3 Online Tracking Opt-Out

There are a number of ways to opt out of having your online activity and device data collected through our Services. For additional details please see our Cookie Policy section below.

7.1 What Are Cookies and Similar Technologies?

Cookies are text files that websites store and access on a visitor's device to uniquely identify the visitor's browser or to store information or settings in the browser to allow us distinguish you from other users of our Services for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand activity and patterns, and facilitating online advertising.

Local Storage Technologies, like HTML5, provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.

Web Beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

This section refers to all these technologies, and other types of tracking technologies used through our Services, collectively as "cookies."

7.2 How Do We Use Cookies?

We may use both persistent cookies and session cookies. Persistent cookies stay on your device for a set period of time or until you delete them, while session cookies are deleted once you close your web browser. The cookies placed through your use of our website are either set by us (first-party cookies) or by a third party at our request (third-party cookies).

7.3 What Types of Cookies Do We Use?

Strictly Necessary Cookies: These cookies are necessary for the Services to function and cannot be switched off in our systems. They allow us to enable security, prevent fraud and debug the Services and are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but then some parts of the Services will not work.

Functional Cookies: These cookies are used to recognize you when you return to our Services or to enable the Services to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of the Services may not function properly.

Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Services. They help us to know which pages are the most and least popular and see how visitors move around the Services. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our Services and will not be able to monitor its performance.

7.4 How Can You Control Cookies?

Depending on where you access the Services from, you may be presented with a cookie banner or other tool to provide permissions prior to non-Strictly Necessary cookies being set. In this case, we only set these non-Strictly Necessary cookies with your consent.

You can also limit online tracking by:

Blocking cookies in your browser: Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings.

Using privacy plug-ins or browsers: You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers.

Do Not Track: Some Internet browsers can be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals.

8. Third-Party Integrations

8.1 OAuth Connections

When you connect third-party services through OAuth:

We receive limited data as authorized by you
Each integration has separate privacy practices
You can revoke access at any time
We are not responsible for third-party data practices

8.2 External Services

Our Service may integrate with:

Google services for authentication
Stripe for payment processing
Various APIs through your OAuth connections
Third-party tools and platforms you choose to connect

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during international transfers.

10. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will delete such information.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect and how it's used
Right to delete personal information (subject to certain exceptions)
Right to opt-out of the sale of personal information (we don't sell data)
Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [CONTACT_EMAIL].

12. European Privacy Rights

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Lawful basis for processing (consent, contract performance, legitimate interests)
Right to access, rectify, erase, or restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent

13. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

Notify you within 72 hours of discovery
Provide details about the breach and affected information
Explain steps we're taking to address the issue
Offer guidance on protective measures you can take

14. Privacy Policy Updates

We may update this Privacy Policy from time to time. When we make material changes:

We will notify you by email or through the Service
The updated policy will be posted on our website
Continued use of the Service constitutes acceptance of the updated policy

15. How to Contact Us

For privacy-related questions or to exercise your rights, please use our secure contact form and select "Privacy Request" as your inquiry type.

For general inquiries about our privacy practices or to exercise your rights, please provide:

Your name and email address
Description of your request
Any relevant account information

Mailing Address: GuidedMind AI, Inc., [ADDRESS]

We will respond to privacy requests within 30 days.

15.1 Notice to UK and EU Residents

If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you can contact us through our contact form or submit a complaint to the data protection regulator in your jurisdiction.

UK and EU Representatives: We have appointed representatives in the EU and the UK. Contact information for our data protection representatives is available through our secure contact form by selecting "Data Protection Representative" as your inquiry type.

16. Compliance and Certifications

We are committed to maintaining compliance with:

California Consumer Privacy Act (CCPA)
General Data Protection Regulation (GDPR)
SOC 2 Type II standards (when applicable)
Industry best practices for data protection

This Privacy Policy is effective as of August 25, 2025 and governs your use of the GuidedMind AI platform and services.