Privacy policy

Mindmesh is built from the ground up with privacy and security in mind.

🔐 JustSpot, Inc. ("Mindmesh", "we", "our", "us")  implements all industry-standard security protocols to secure your data.
🔐 Your data is secure, encrypted, always available and backed up.
🔐 Access control is preserved from your tools: employees only access what they are allowed to.

What data does Mindmesh collect ?

Personal data
When creating an account, Mindmesh collects your first and last name, email address, and profile picture if applicable.Your personal data, including your email, is safely stored and used only on a per-need basis to make Mindmesh function optimally for you and your team.In particular, your email is only used to identify you across the various software connected to Mindmesh, and to send you updates relevant to your Mindmesh account. We will never communicate your email (or any of your personal data) to third parties for commercial purposes. See below ("How does Mindmesh use personal data?") for additional information.When connecting integrations, Mindmesh may collect additional personal data in the form of written documents and user information (see exhaustive details below in Data from Integrations).When visiting the Mindmesh Website and App, Mindmesh collects usage data (which may include browser and device information) which is sent to our partners Mixpanel and Hotjar for analytics purposes (it allows us to understand the usage of Mindmesh and improve the platform). We will never sell your data or let it be used by other companies, people or entities except Mindmesh. Additionally, Mindmesh will collect any data you enter into the app through the Q&A feature.

Data from Integrations
When you add an integration, Mindmesh will collect additional data from the third party service you are connecting. This will vary by integration, will be detailed when creating the integration, and your authorization will be requested to access this specific data in accordance with the authorization rules provided by that service. As a rule of thumb, Mindmesh will request read-only access rights to collect:The users, user groups, documents, or other pieces of knowledge stored within the software you are connecting and which you have authorized to. This allows to populate Mindmesh with searchable colleagues and documents, as well as understand who is working on what.The access rights for documents by users and groups - this allows us to ensure that the only people able to access documents within Mindmesh are those who actually have access to them.Note that for all integrations, Mindmesh will ask for your authorization while connecting your tool (OAuth 2.0 scopes) so that you are certain of the scope of data and actions we are accessing. The only exception to this is the Notion integration, which until a public API is released, will request full access to the integrating user's account. We will not, however, attempt to access anything other than the data mentioned above (pages, users, user groups, user permissions); and will not perform any actions which may modify the contents of your synchronized workplaces.The Slack and Microsoft Teams integrations will request some level of write access (join channels, compose messages).Mindmesh will never ask for more than what it needs to function correctly & allow you to find documents or people within the right permissions.Data collected through third party software integrations is encrypted and stored on our secure infrastructure until you decide to disconnect said integration or delete your account. See "Which steps does Mindmesh follow to ensure data security" and "How long does Mindmesh retain data?" for more details on this.

Which documents does a Mindmesh user have access to ?

Mindmesh only lets users search and access documents and messages which are accessible to them within the original software, unless a person with share rights for that document has explicitly overriden these permissions within Mindmesh. This means if a document hasn't been shared with me in the original software, it won't appear in any of my searches, or when I look at its owners documents, for instance.


Which steps does Mindmesh follow to ensure data security and integrity ?

Data security
All data ingested and exchanged within Mindmesh and between Mindmesh and your services is encrypted in transit (SSL) and at rest (AES-256) - these are industry standards.The databases on which your data is secured are situated on a private network within our virtual private cloud and not directly accessible from the internet - only from Mindmesh's servers.Aside from our analytics processors (Mixpanel, Hotjar), all of the data collected is stored on AWS.All data is stored and remains within the European Union, except for the anonymized data sent to our analytics processors (Mixpanel, Hotjar). Should this be an issue, contact your customer support representative to have these third party services disabled for your account.Please refer to the corresponding services' privacy policies for more information Mixpanel: https://mixpanel.com/legal/privacy-policy/Hotjar: https://www.hotjar.com/legal/policies/privacy/

All cloud storage and networking used is compliant with PCI, HIPAA, SOC 1,2,3 as well as ISO/IEC 27001:2013, 27017:2015, 27018:2019, 9001:2015 among others. Mindmesh is compliant with GDPR (for further details on this compliance, read the sections below).
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.In the event that personal information is compromised as a result of a security breach, we will promptly notify the affected parties.

Data access by Mindmesh employees
A Mindmesh employee will never try to access non-anonymized personal data unless they have requested explicit consent for support or debugging purposes from a relevant member of your organization, and will provide proof of said consent if requested. The following employees at Mindmesh have potential access to your personal data (authorized refers to a small subset of the listed employees who have the credentials required to access the data in question, not the procedure above which remains required for authorized employees):
Authorized software engineers may have access to all data stored in Mindmesh.
Authorized customer success or support representatives may have access to all data stored in Mindmesh, aside from the contents of documents imported from integrations.
Mindmesh software engineers, data analysts or product managers may have access to anonymized data for debugging or product improvement purposes.

Data integrity and availability
Mindmesh performs regular backups of all stored data. These backups are retained for a short period (7-14 days at most), to be used in case of disruption of service leading to data corruption or unavailability. All Mindmesh infrastructure components (databases, servers ...) are replicated and configured to automatically failover in the event of failure.

How does Mindmesh use personal data ?

Mindmesh uses the data collected to:
- Make the product's features function, including:
    - Allow documents and conversations to be searched
    - Determine the owner of documents
    - Determine the best contacts or topics related to a query
    - Notify users of a question
    - Give insights into the state of knowledge at your company
- Ensure data privacy within your Mindmesh account through respect of externally set permissions
-Promote, analyze, modify and improve our products, systems, and tools, and develop new products and services through the use of collected usage statistics.
- Respond to inquiries, send service notices and provide customer support.

How does Mindmesh disclose personal data ?

We don't. We do not sell your data and we do not share it with third parties - except those outlined above, for analytics or web hosting purposes.

How long does Mindmesh retain data ?

Mindmesh will retain data as long as the account is active. Should the account become inactive for more than 12 months, as defined by the absence of any user activity, the data will be deleted (you will be warned several times before that).Upon deletion of an integration, all data imported through that integration is deleted.Some data which is deleted through the UI of the Mindmesh app may not be actually deleted from our servers, but kept for reversal purposes, or to ensure consistency (for example, archiving a document will not delete it fully from Mindmesh, otherwise it would be reimported during the next synchronization). Upon deletion of an account, all data within that account is deleted.

What are my rights concerning my data ?

Opting out of receiving electronic communications from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with Mindmesh's services.If you would like to review, correct, or update personal data that you have previously disclosed to us, you may do so by signing in to your Mindmesh account or by contacting us.Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether Mindmesh processes personal data relating to you, and if so, to request a copy of that personal data;
- The right to request that Mindmesh rectifies or updates your personal data that is inaccurate, incomplete or outdated;
- The right to request that Mindmesh erase your personal data in certain circumstances provided by law;
- The right to request that Mindmesh restrict the use of your personal data
- The right to request that we export to another company, where technically feasible, your personal data that we hold in order to provide services to you.

Where the processing of your personal data is based on your previously given consent, you have the right to withdraw your consent at any time.To exercise your rights, contact us at dpo@mindmesh.com (DPO). 
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file.

Note: we may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices or relevant laws.
The “Last updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Services. We may provide you with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website.




Whistleblower private channel : if you see or hear about any information which may constitute a security risk, illegal activity or any other type of inappropriate behavior, you may leave an anonymous report at the following URL:
https://docs.google.com/forms/d/e/1FAIpQLSfrSRsmKRtCpXUbkbt3x_dJNOVp7-8LtaoWW-fnfVLsOpfmKg/viewform?usp=sf_link