Legal

GDPR

Our commitments under the EU General Data Protection Regulation (GDPR) and UK GDPR where they apply.

Last updated: July 13, 2026


1. Who we are

MindMesh ("we", "us") provides a local-first productivity assistant that can connect to services such as Google, Microsoft, and Slack. This page supplements our Privacy Policy.

2. Lawful bases for processing

Where GDPR applies, we typically rely on:

  • Contract — to provide the Service you sign up for (account, core product features)
  • Legitimate interests — to secure, maintain, and improve the Service in ways that do not override your rights
  • Consent — when you choose to connect optional integrations (for example Slack, Gmail, or Outlook) or enable AI features that send content to our LLM provider
  • Legal obligation — when we must retain or disclose information to comply with law

3. Your rights

Subject to applicable law, you may have the right to:

  • Access — request a copy of personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Restriction — ask us to limit processing in certain cases
  • Portability — receive data you provided in a structured, commonly used format where technically feasible
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — disconnect integrations or stop optional processing at any time without affecting prior lawful processing
  • Lodge a complaint — contact your local supervisory authority (for example an EU/EEA data protection authority or the UK ICO)

4. How to exercise your rights

Email team@mindmesh.global with the subject line "GDPR request" and describe what you need. You can also disconnect third-party services in product settings, and remove local data by uninstalling MindMesh from your device.

We will respond within the timeframes required by applicable law. We may need to verify your identity before fulfilling a request.

5. International transfers & sub-processors

We use carefully selected service providers (sub-processors) that may process data in the United States or other countries. See our Sub-processors list. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) with those providers.

6. Data retention

Account and token data are retained while your account and connections are active, and deleted or anonymized after disconnect or account deletion as described in our Privacy Policy. Local indexes remain on your device until you clear them or uninstall the app. Soft disconnect may keep local indexes available for reconnect until you remove them.

7. Contact

Privacy / GDPR: team@mindmesh.global

Security: team@mindmesh.global