Privacy Policy
Clear information about what data Mindcro collects, how it is used, and your rights as a user.
Last updated · May 1, 2026
Summary: Mindcro only collects the data needed for the service to work. We never sell your data. You can delete your account and data at any time — follow the steps on the account deletion page.
1. Data Controller
This privacy policy covers the use of the web and mobile applications (the "Service") offered by Mindcro ("we", "Mindcro"). As the data controller, we process data within the framework of Türkiye's Law No. 6698 on the Protection of Personal Data (KVKK) and related legislation.
Contact: privacy@mindcro.app
2. Data We Collect
2.1 Account information
- First and last name
- Email address
- Company name (optional)
- Password (cryptographically hashed, never stored in plain text)
2.2 User-entered content
All data you enter into modules (products, customers, employees, tasks, etc.) is private to your workspace and can only be viewed by users you authorize.
2.3 Chat and voice commands
- Text chat: to generate an AI response, your messages are temporarily processed and logged. We recommend not sending sensitive content.
- Voice command: the microphone is used only while you are actively speaking. Audio is not stored on the server; it is transcribed on the device and only the text is processed.
2.4 Technical data
- IP address (for security and error tracking)
- Device / browser information
- In-app event logs (e.g. module created, error occurred)
2.5 Data we don't collect
- Location data
- Contacts, photos, files (unless you actively upload them)
- Microphone recordings (as explained above, transcribed on the fly, not stored)
- Third-party advertising identifiers
3. How We Use Data
- To provide and improve the Service
- To manage your account and authenticate you
- To run AI-powered features (module generation, querying, analysis)
- Security, fraud prevention, error detection
- To fulfill legal obligations
- To provide the support services you request
Use for marketing: We obtain your explicit consent before using your data for marketing. You can withdraw this consent at any time.
4. Third-Party Services
For the Service to work, we work with processor companies in the following categories. All are bound by data processing agreements:
| Service | Purpose | Location |
|---|---|---|
| Cloud infrastructure | Data storage and servers | EU / Türkiye |
| AI services | Chat and module generation | US / EU |
| Email delivery | Verification and notifications | EU |
| Error tracking | Application stability | EU |
For integrations connected by the user (Slack, GitHub, Google, etc.), the relevant provider's privacy policy applies; only the data the user approves is shared.
5. Data Retention Periods
- Account & module data: As long as your account is active
- Chat logs: 90 days
- System logs (IP, errors): 30 days
- After account deletion: Your data is irreversibly deleted within 30 days; clearing it from backups can take up to 90 days
- Legal obligations: For the period required by applicable law (e.g. 10 years for invoices)
6. Data Security
- All traffic is encrypted with HTTPS / TLS 1.2+
- Passwords are hashed with bcrypt and cannot be reversed
- Database backups are encrypted
- Access is limited by strict role-based authorization
- Regular security audits and updates
No system is 100% secure; in the event of a data breach we notify the KVKK authority and affected users within the legal time frame.
7. Your Rights Under the KVKK
Under Article 11 of the KVKK you have the following rights:
- To learn whether your personal data is being processed
- To request information if it has been processed
- To learn the purpose of processing and whether it is used accordingly
- To know the third parties to whom data is transferred, domestically or abroad
- To request correction of incomplete or incorrectly processed data
- To request deletion or destruction
- To object to the consequences of processing
- To claim compensation if you suffer damages
To exercise these rights, email privacy@mindcro.app. We respond within 30 days.
8. Children's Privacy
Mindcro is not a service directed at people under 18. We do not knowingly collect data from users under 18. If we realize we have collected a child's data, we delete it immediately.
9. Changes to This Policy
When the policy is updated we change the "Last updated" date and notify significant changes to your registered email. Continuing to use the service after an update means you accept the new policy.
10. Contact
- Privacy: privacy@mindcro.app
- General support: mindcro.app/en/support
- Account deletion: mindcro.app/en/account