1. Introduction
MindFort AI, Inc. ("MindFort," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and autonomous security services (collectively, the "Services").
We recognize the importance of maintaining the confidentiality of your data, especially in the context of security testing and vulnerability management. Please read this Privacy Policy carefully to understand our practices regarding your information and how we will treat it.
2. Information We Collect
2.1 Information You Provide to Us
We may collect information that you provide directly to us when you:
• Create or register an account
• Define testing scope and parameters
• Configure our Services
• Communicate with us
• Submit payment information
• Complete forms on our platform
This information may include:
• Contact information (name, email address, phone number)
• Professional information (company name, job title)
• Account credentials
• Billing information
• Communication content
• Deployment and configuration preferences
2.2 Information We Collect Through Your Use of Our Services
When you use our Services, we may collect certain information automatically, including:
• Testing results and vulnerability findings
• Web application and network infrastructure data necessary for security testing
• Technical data about your systems that is necessary for vulnerability assessment
• Usage data about how you interact with our platform
• Device information (operating system, browser type, IP address)
• Log data
2.3 Information We Collect From Third Parties
We may collect information about you from third parties, such as:
• Identity verification services
• Fraud prevention services
• Business partners
• Publicly available sources
3. HOW WE USE YOUR INFORMATION
We use your information for the following purposes:
3.1 Providing Our Services
• To set up and maintain your account
• To perform autonomous security testing on your authorized systems
• To identify, validate, and remediate vulnerabilities
• To generate security reports and compliance documentation
• To process payments and fulfill orders
• To respond to your inquiries and provide customer support
3.2 Improving Our Services
• To develop new features and functionality
• To enhance the accuracy and effectiveness of our security testing
• To maintain and improve the performance of our platform
• To analyze usage patterns and trends
3.3 Security and Protection
• To protect our Services and users from security threats
• To detect and prevent fraudulent or unauthorized activity
• To verify your identity
• To comply with legal obligations
4. DATA RETENTION POLICY
4.1 AI Inference and Training
We maintain a zero data retention policy with all AI inference and training providers. This means:
• Data processed by our AI systems is not retained by our AI providers after processing is complete
• Our AI providers are contractually prohibited from using your data for purposes other than providing our Services
4.3 Testing Data Retention
Once our autonomous security testing is complete:
• We retain information necessary to provide vulnerability reports and recommended remediation steps
• Raw testing data is retained only as long as necessary to provide our Services
• We maintain historical vulnerability data as needed to improve our Services and provide trend analysis
5. DATA SHARING AND DISCLOSURE
5.1 Service Providers
We may share your information with third-party service providers who help us deliver our Services, including:
• Cloud hosting providers
• Payment processors
• Communication services
• Analytics providers
All service providers are contractually obligated to use your information only for the purpose of providing services to us and to maintain appropriate security measures.
5.2 SOC2 Compliance
We require SOC2 reports from all of our subvendors to ensure they maintain appropriate controls for:
• Security
• Availability
• Processing integrity
• Confidentiality
• Privacy
This ensures that all third parties handling your data adhere to rigorous security and privacy standards.
5.3 No Sale of Personal Information
We do not sell, rent, or lease your personal information to third parties. We will not share your personal information with third parties for their direct marketing purposes.
5.4 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court order, government request).
5.5 Business Transfers
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.
5.6 With Your Consent
We may share your information with third parties when we have your consent to do so.
6. DATA SECURITY
We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:
• Encryption of sensitive data in transit and at rest
• Access controls and authentication requirements
• Regular security assessments and penetration testing
• Employee training on security and privacy practices
• Physical and network security measures
• Incident response procedures
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
7. YOUR PRIVACY RIGHTS
Depending on your location, you may have certain rights regarding your personal information, including:
7.1 Access and Correction
You may request access to the personal information we hold about you and request corrections to inaccurate or incomplete information.
7.2 Deletion
You may request that we delete your personal information, subject to certain exceptions necessary for us to provide our Services, comply with legal obligations, protect our legal rights, or fulfill business requirements.
7.3 Withdrawal of Consent
Where we process your information based on your consent, you may withdraw that consent at any time for future processing.
To exercise these rights, please contact us using the information provided in Section 12 below. We may take reasonable steps to verify your identity before responding to your request.
8. INTERNATIONAL DATA TRANSFERS
We are based in the United States and may process your information in the United States or other countries where our service providers operate. By using our Services, you acknowledge that your information may be transferred to and processed in jurisdictions outside your own, where privacy laws may be different but where we will take reasonable measures to protect your information.
9. DATA RETENTION
We retain your information for as long as your account is active or as needed to provide you with our Services, comply with legal obligations, resolve disputes, and enforce our agreements. We may retain certain information for longer periods where we have a legitimate business need to do so, such as security, fraud prevention, or business analytics.
10. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through our Services prior to the changes becoming effective. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.
11. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Email: privacy@mindfort.ai
12. REGIONAL PRIVACY RIGHTS
Certain jurisdictions provide specific rights regarding personal information. We will honor such rights where they apply to you, subject to verification and applicable exemptions. If you have questions about your privacy rights, please contact us using the information in Section 12.
© 2025 MindFort AI, Inc. All rights reserved.