Legal

Privacy Policy

How MindMesh collects, uses, protects, and stores your information.

See security →

Google API Limited Use Disclosure

MindMesh's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We only request access to data that is necessary for the app to function. We do not use Google user data to serve advertisements, and we do not allow humans to read your data unless you give explicit permission or it is required for security purposes.

For more information, visit: https://developers.google.com/terms/api-services-user-data-policy

Slack Connection

Slack is an optional connected service. When you authorize MindMesh to access your Slack workspace, Slack remains the data controller for Slack content. MindMesh processes Slack data only to provide the features you use, under the OAuth scopes you approve in Slack.

Depending on the scopes you grant, MindMesh may access categories such as: messages (including channel and direct messages you can access), channels and conversations metadata, user and workspace profile information needed for identity and mentions, files and attachments shared in accessible conversations, and reactions and related interaction metadata. We request only the scopes required for the product features you enable, and we do not use Slack data for advertising.

Consistent with our local-first design, Slack content used for search, summaries, and related features is primarily indexed and stored on your device. We keep minimal cloud records needed for authentication and connection state (for example encrypted OAuth tokens and account linkage). We do not permanently store the full content of your Slack messages in MindMesh cloud infrastructure as a substitute for Slack.

LLM processing. When you use AI features that operate on connected work context, relevant Slack content you can access may be sent to our AI provider (OpenAI) to generate insights, answers, or search enrichment. That processing is for providing the Service to you. We do not use your Slack content to train foundation models, and we do not sell Slack data. See OpenAI's privacy practices at openai.com/privacy.

Disconnect, retention, and deletion. You can disconnect Slack at any time in MindMesh settings or by revoking the app in Slack. Disconnecting revokes MindMesh's API access to Slack. Encrypted OAuth tokens for that connection are deleted from our cloud systems when the disconnect completes. Locally indexed Slack-derived data on your device is removed when you clear connected data in the app or uninstall MindMesh. If the product offers a soft-disconnect (for example keeping local index data briefly so you can reconnect without a full re-sync), that retained local data stays on your device only, is not used for new Slack API calls while disconnected, and is deleted when you clear data or uninstall. You may also request deletion of account-related cloud records by contacting us (see Contact Us).

Review Slack's privacy practices at slack.com/trust/privacy/privacy-policy.

Data Encryption & Security

All data transmitted between your device and MindMesh servers is encrypted using TLS 1.2 or higher. Stored data is encrypted at rest using AES-256 encryption.

We do not use your data to train AI or LLM models. Your data is never sold to third parties.

Last updated: 2026-07-10

1. Introduction

Welcome to MindMesh. This Privacy Policy explains how we collect, use, and protect your information when you use our desktop application and related services, including when you connect third-party services such as Slack.

2. Information We Collect

We collect information necessary to provide our services:

  • Account Information: Email address, username, and password (securely hashed)
  • OAuth Credentials: Encrypted tokens for third-party services (Google, Microsoft, Slack, Atlassian)
  • Connected Work Data: Content from connected email, calendar, messaging, and task accounts needed to provide our services
  • Usage Data: How you interact with the application to improve our services
  • Device Information: Operating system and application version

We use AI services (OpenAI) to analyze and enrich your content, extracting insights, action items, and enabling semantic search.

3. How We Store Your Information

MindMesh follows a local-first architecture. Most of your data is stored locally on your device, including emails, calendar events, and vector embeddings for search. This data stays on your device and is not transmitted to our servers.

We maintain minimal cloud storage for account authentication, OAuth tokens, and session data. We do not permanently store the full content of your emails, calendar events, or Slack messages in our cloud infrastructure.

4. How We Use Your Information

We use your information to:

  • Process and organize connected email, calendar, messaging, and task context
  • Generate insights and extract actionable items
  • Provide semantic search capabilities
  • Maintain your account and sync data across devices
  • Improve our services and fix bugs

5. Third-Party Services

When you connect third-party services, you grant us permission to access those services according to the scopes you approve. Supported connections include Google (Gmail, Google Calendar), Microsoft (Outlook Email, Outlook Calendar), Slack, and Atlassian (Jira), as well as SMTP mailbox connections you configure. We comply with their respective API terms and privacy policies.

Slack is described in detail in Slack Connection above. Atlassian (Jira) is a third-party service for task context you choose to connect. Review Atlassian's privacy practices at atlassian.com/legal/privacy-policy.

We use OpenAI's API to process your content, including Slack and other connected work context when AI features require it. Your data is sent to OpenAI according to their privacy policy. You can review OpenAI's privacy practices at openai.com/privacy. Vendors that process customer data on MindMesh's behalf are listed on our Sub-processors page.

6. Data Security

We implement security measures including encryption of data in transit, secure password hashing, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

In support of Google API verification, MindMesh completed a security assessment with TAC Security. That assessment relates to our Google API review package. It is not a GDPR certification, SOC 2 report, or ISO certification, and we do not claim those credentials on this site.

GDPR and Data Subject Rights

Where the EU General Data Protection Regulation (GDPR) or similar laws apply to your use of MindMesh, we honor the rights described below. This section describes our commitments and how to exercise rights. MindMesh does not claim GDPR certification, and we do not publish a separate GDPR certificate URL.

Depending on applicable law, you may have the right to:

  • Access personal data we hold about you in connection with your account
  • Rectification of inaccurate account information
  • Erasure of account-related cloud records, and deletion of local data by clearing connected data or uninstalling the app
  • Restriction of certain processing, including by disconnecting third-party services
  • Portability of account information you provided, where technically feasible
  • Object to processing based on legitimate interests, where that basis applies
  • Withdraw consent for optional connections (for example Slack or Google) by disconnecting them or revoking access in the provider

You can exercise many of these controls in product settings (account updates, disconnect, clear local data). For requests we cannot complete in-app, email team@mindmesh.global with enough detail for us to verify and respond. We may ask for information needed to confirm your identity before fulfilling a request.

You can also reach us through our contact form. A stable link to this section is https://mindmesh.global/privacy#gdpr.

7. Your Rights

You can access, update, or delete your account information at any time through the Service settings. You can disconnect third-party services (including Slack) at any time, which revokes our API access to those services. For Slack-specific disconnect and deletion details, see Slack Connection. For GDPR-oriented rights and how to contact us, see GDPR and Data Subject Rights.

To delete all local data, clear connected data in the app or uninstall the MindMesh application from your device. This removes locally stored content, including indexed Slack-derived data.

8. Data Retention

We retain your account information for as long as your account is active. OAuth tokens are retained while you maintain the connection and deleted when you disconnect. Local data persists on your device until you clear it or uninstall the application. If a soft-disconnect option retains local index data after API access is revoked, that data remains on-device only until you clear it, reconnect, or uninstall, as described in Slack Connection.

9. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service constitutes acceptance of the changes.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: team@mindmesh.global

To report a security vulnerability, email team@mindmesh.global with subject "Security report", or see Report a security issue on our Security page.

Related: Sub-processors · GDPR and data subject rights · Security

Contact form →