Privacy policy

Mindmesh is built from the ground up with privacy and security in mind.

Justpot Inc's (Mindmesh) use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.🔐

JustSpot Inc (Mindmesh) is SOC2 Type II certified since January 2022. 

JustSpot, Inc. ("Mindmesh", "we", "our", "us")  implements all industry-standard security protocols to secure your data.
🔐 Your data is secure, encrypted, always available and backed up.
🔐 Access control is preserved from your tools: employees only access what they are allowed to.

What data does Mindmesh collect ?

Personal data
When creating an account, Mindmesh collects your first and last name, email address, and profile picture if applicable. Your personal data, including your email, is safely stored and used only on a per-need basis to make Mindmesh function optimally for you and your team.In particular, your email is only used to identify you across the various software connected to Mindmesh, and to send you updates relevant to your Mindmesh account. We will never communicate your email (or any of your personal data) to third parties for commercial purposes. See below ("How does Mindmesh use personal data?") for additional information. When connecting integrations, Mindmesh may collect additional personal data in the form of content (tasks, issues, documents, ...) and user information (see exhaustive details below in Data from Integrations). When visiting the Mindmesh Website and App, Mindmesh collects usage data (which may include browser and device information) which is sent to our partners Mixpanel and Hotjar for analytics purposes (it allows us to understand the usage of Mindmesh and improve the platform). We will never sell your data or let it be used by other companies, people or entities except Mindmesh.

Data from Integrations
When you add an integration, Mindmesh will collect additional data from the third party service you are connecting. This will vary by integration, will be detailed when creating the integration, and your authorization will be requested to access this specific data in accordance with the authorization rules provided by that service. As a rule of thumb, Mindmesh will request read-only access rights to collect:The users, user groups, documents, or other pieces of content stored within the software you are connecting and which you have authorized to. This allows to populate Mindmesh with the content you need to access from within Mindmesh. The access rights for documents by users and groups - this allows us to ensure that the only people able to access documents within Mindmesh are those who actually have access to them.Note that whenever possible, Mindmesh will ask for your authorization while connecting your tool (OAuth 2.0 scopes) so that you are certain of the scope of data and actions we are accessing. Mindmesh will never ask for more than what it needs to function correctly. Data collected through third party software integrations is encrypted and stored on our secure infrastructure until you decide to disconnect said integration or delete your account. See "Which steps does Mindmesh follow to ensure data security" and "How long does Mindmesh retain data?" for more details on this.


Which steps does Mindmesh follow to ensure data security and integrity ?

Data security
All data ingested and exchanged within Mindmesh and between Mindmesh and your services is encrypted in transit (SSL) and at rest (AES-256) - these are industry standards.The databases on which your data is secured are situated on a private network within our virtual private cloud and not directly accessible from the internet - only from Mindmesh's servers.Aside from our analytics processors (Mixpanel, Hotjar), all of the data collected is stored on AWS.All data is stored and remains within the European Union, except for the anonymized data sent to our analytics processors (Mixpanel, Hotjar). Should this be an issue, contact your customer support representative to have these third party services disabled for your account.Please refer to the corresponding services' privacy policies for more information Mixpanel: https://mixpanel.com/legal/privacy-policy/Hotjar: https://www.hotjar.com/legal/policies/privacy/

All cloud storage and networking used is compliant with PCI, HIPAA, SOC 1,2,3 as well as ISO/IEC 27001:2013, 27017:2015, 27018:2019, 9001:2015 among others. Mindmesh is compliant with GDPR (for further details on this compliance, read the sections below).
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.In the event that personal information is compromised as a result of a security breach, we will promptly notify the affected parties.

Data access by Mindmesh employees
A Mindmesh employee will never try to access non-anonymized personal data unless they have requested explicit consent for support or debugging purposes from a relevant member of your organization, and will provide proof of said consent if requested. The following employees at Mindmesh have potential access to your personal data (authorized refers to a small subset of the listed employees who have the credentials required to access the data in question, not the procedure above which remains required for authorized employees):
Authorized software engineers may have access to all data stored in Mindmesh.
Authorized customer success or support representatives may have access to all data stored in Mindmesh, aside from the contents of documents imported from integrations.
Mindmesh software engineers, data analysts or product managers may have access to anonymized data for debugging or product improvement purposes.

Data integrity and availability
Mindmesh performs regular backups of all stored data. These backups are retained for a short period (7 days at most), to be used in case of disruption of service leading to data corruption or unavailability. All Mindmesh infrastructure components (databases, servers ...) are replicated and configured to automatically failover in the event of failure.

How does Mindmesh use personal data ?

Mindmesh uses the data collected to:
- Make the product's features function, in particular allow you to find, view, modify or delete content you have created, or imported from other sources.
- Ensure data privacy within your Mindmesh account through respect of externally set permissions
-Promote, analyze, modify and improve our products, systems, and tools, and develop new products and services through the use of collected usage statistics.
- Respond to inquiries, send service notices and provide customer support.

How does Mindmesh disclose personal data ?

We don't. We do not sell your data and we do not share it with third parties - except those outlined above, for analytics or web hosting purposes.

How long does Mindmesh retain data ?

Mindmesh will retain data as long as the account is active. Should the account become inactive for more than 12 months, as defined by the absence of any user activity, the data will be deleted (you will be warned several times before that).Upon deletion of an integration, all data imported through that integration is deleted. Some data which is deleted through the UI of the Mindmesh app may not be actually deleted from our servers, but kept for reversal purposes, or to ensure consistency (for example, archiving a document will not delete it fully from Mindmesh, otherwise it would be reimported during the next synchronization). Upon deletion of an account, all data within that account is deleted.

How may I request deletion of my data ?

To delete your data, in the app, go to your User Settings, open the "Danger Zone" panel, and delete your account. This will delete all of your data from your servers. We may retain backups of your data for an additional 7 days for restoration and investigation purposes - no data will be retained beyond 7 days.
To delete the data related to an integration but not your all of your account, you may delete this particular integration from the integration settings.


What are my rights concerning my data ?

If you would like to review, correct, or update personal data that you have previously disclosed to us, you may do so by signing in to your Mindmesh account or by contacting us.Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether Mindmesh processes personal data relating to you, and if so, to request a copy of that personal data;
- The right to request that Mindmesh rectifies or updates your personal data that is inaccurate, incomplete or outdated;
- The right to request that Mindmesh erase your personal data in certain circumstances provided by law;
- The right to request that Mindmesh restrict the use of your personal data
- The right to request that we export to another company, where technically feasible, your personal data that we hold in order to provide services to you.

Where the processing of your personal data is based on your previously given consent, you have the right to withdraw your consent at any time.To exercise your rights, contact us at dpo@mindmesh.com (DPO). 
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file.

Opting out of receiving electronic communications from us

If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with Mindmesh's services.

Note: we may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices or relevant laws.
The “Last updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Services. We may provide you with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website.

Whistleblower private channel : if you see or hear about any information which may constitute a security risk, illegal activity or any other type of inappropriate behavior, you may leave an anonymous report at the following URL:
https://docs.google.com/forms/d/e/1FAIpQLSfrSRsmKRtCpXUbkbt3x_dJNOVp7-8LtaoWW-fnfVLsOpfmKg/viewform?usp=sf_link