Privacy Policy

1. Introduction

SuperMynd ("we," "our," or "us") provides an AI-powered meeting intelligence platform that helps professionals capture, analyze, and act on meeting content. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at supermynd.ai (the "Service").

By using SuperMynd, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and login method. You may optionally provide additional profile information such as your job title, department, bio, avatar, and timezone.

2.2 Meeting Data

The core of our service involves processing meeting content. This includes:

• Audio recordings captured during meetings
• Transcripts generated from audio via speech-to-text processing
• AI-generated summaries, action items, insights, and sentiment analysis
• Meeting metadata such as titles, dates, participants, and tags
• Notes, agendas, and follow-up items you create

2.3 Contacts and CRM Data

You may store contact information including names, email addresses, phone numbers, job titles, and company associations. This data is entered by you and used to enrich meeting context and action item assignments.

2.4 AI Conversations

Interactions with Myndi, our AI assistant, are stored to provide context-aware responses, maintain conversation history, and improve your personalized experience. This includes chat messages, preferences, and memory entries you create.

2.5 Knowledge Base

Documents you upload to the knowledge base (such as PDFs and text files) are stored and processed to enable AI-powered search and contextual assistance.

2.6 Usage and Activity Data

We maintain audit logs and activity records to support security monitoring, access control, and feature usage analytics. This includes login events, API usage, and administrative actions.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Transcribe audio recordings and generate meeting intelligence
• Power AI-driven features such as summaries, action items, sentiment analysis, and Myndi conversations
• Send transactional emails including meeting digests, verification emails, and notifications
• Process payments and manage subscriptions
• Enforce security measures including authentication, rate limiting, and audit logging
• Sync data with third-party integrations you explicitly connect

4. Third-Party Services

To deliver our service, we share specific data with the following third-party providers. Data is shared only as necessary for each service's function:

4.1 Optional Integrations

You may choose to connect the following services. Data is only shared when you explicitly enable and configure these integrations:

• ClickUp — Action items synced as tasks
• GoHighLevel — Contacts synced to your CRM
• Dialpad — Call recordings imported for analysis
• Recall.ai — Meeting bot recordings captured
• Google Calendar — Calendar events synced for scheduling context

5. AI and Model Training

Your conversations and meeting data are never used to train AI models. We use Google Gemini via API for inference only — your data is processed to generate responses and is not retained by the AI provider for model training purposes. Each AI request is stateless from the provider's perspective.

6. Data Security

We implement multiple layers of security to protect your data:

• Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
• Authentication — Session-based authentication with secure JWT cookies and optional two-factor authentication (2FA)
• Access control — Role-based access control (RBAC) with admin, user, and developer roles
• CSRF protection — Cross-site request forgery tokens on all state-changing operations
• Rate limiting — Request throttling to prevent abuse
• Audit logging — Comprehensive logging of security-relevant events
• Webhook verification — Cryptographic signature verification on all incoming webhooks
• Origin validation — CORS and origin-based request filtering

Important note: SuperMynd does not currently implement client-side end-to-end encryption or zero-knowledge architecture. Your data is accessible to our server infrastructure for processing. We are actively working on adding optional end-to-end encryption for sensitive meeting content.

7. Data Retention

Your data is retained for as long as your account is active. You can delete individual meetings, contacts, action items, and other content at any time through the application. Deleted content is removed from our active database. To request complete account deletion, please contact us at the email address below.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate personal data
• Deletion — Request deletion of your personal data
• Portability — Request your data in a machine-readable format
• Objection — Object to certain types of data processing

To exercise any of these rights, please contact us using the information in Section 11.

9. Cookies and Local Storage

SuperMynd uses essential cookies and browser local storage for authentication and session management. We do not use tracking cookies or third-party advertising cookies. The cookies we set are strictly necessary for the Service to function.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us at: