Privacy Policy

Mindcase provides a data-extraction platform. Customers run “data agents” through our web console at console.mindcase.co and through our developer API to collect structured data from third-party, public-facing platforms (such as marketplaces, social networks, review sites, search engines, maps, and real-estate sites). The collected data is delivered as analysis-ready datasets and API responses (“Output”).

This policy applies to personal data we process as a business in our own right — for example, account, billing, and usage data. Where you use our agents to extract data that contains personal information, we process that data on your behalf as your processor; see Personal data within Output below and our Data Processing Agreement.

Account data

Authentication and account management are handled by our identity provider, Clerk. When you sign up (with Google, Microsoft, or email), we receive your name, email address, and basic profile and sign-in information.

Billing data

Payments are processed by our payment processor, Razorpay. We do not store full card numbers. We retain limited records such as transaction identifiers, amounts, the currency shown at checkout, and your credit balance so we can operate prepaid billing.

Usage and technical data

We collect data generated as you use the platform — including IP address, device and browser information, request and run logs, agent configurations you submit, and cookies and analytics identifiers (see Cookies & analytics).

Customer Data (Output)

When you run an agent, you choose what data to extract. The resulting Output is “Customer Data.” This Output may contain personal data about third parties. We process it on your instructions as described in section 10.

• To provide, operate, and secure the console, API, and agents.
• To authenticate you and manage your account (via Clerk).
• To process prepaid top-ups, charge per result, and maintain your credit balance (via Razorpay).
• To deliver Output, monitor run health, debug failures, and prevent abuse, fraud, and infrastructure misuse.
• To communicate with you about your account, transactions, and support requests.
• To understand and improve how the platform and website are used.
• To comply with legal obligations and enforce our Terms.

Our website uses Google Tag Manager and Google Analytics to understand traffic and usage. Clerk sets session cookies to keep you signed in. Cloudflare Turnstile runs on sign-up to distinguish humans from bots. You can control cookies through your browser settings, and you can limit analytics as described under US state privacy rights.

We do not sell your personal data. We share data with the service providers below strictly to operate the platform. Each is bound by contractual confidentiality and data-protection obligations.

We may also disclose data where required by law, to enforce our Terms, or to protect the rights, safety, and security of Mindcase, our customers, or the public. If Mindcase is involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction.

• Job Output is automatically deleted after 7 days. We do not retain delivered datasets beyond this window — export or store what you need before it expires.
• Account data is kept for as long as your account is active, and for a reasonable period afterward to meet legal, accounting, and anti-fraud obligations.
• Operational logs are retained for a limited period for security, debugging, and abuse prevention, then deleted or aggregated.

We use industry-standard safeguards including encryption of data in transit and at rest, access controls, least-privilege access for personnel, and short retention of Output. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to incidents.

Mindcase and its sub-processors may process data in different locations. Where personal data is transferred across borders, we rely on appropriate safeguards and contractual protections with our providers to protect that data consistent with applicable law.

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal data. To exercise these rights, email privacy@mindcase.co. We will verify your request and respond within the timeframe required by applicable law. You may also have the right to lodge a complaint with your local data-protection authority.

When you use our agents, the Output may include personal data about third parties. For this Output, Mindcase acts as a processor on your documented instructions, and you are the controller.

• You are solely responsible for having a lawful basis to collect and use the data, and for complying with applicable privacy and data-protection laws.
• You are responsible for complying with the terms of service of the source platforms from which data is collected.
• We honor verified deletion and takedown requests relating to Output that we still hold, and our short 7-day retention limits how long Output persists in our systems.

Our handling of Customer Data is governed by our Data Processing Agreement.

Mindcase falls below the statutory thresholds that make a business subject to the California Consumer Privacy Act (CCPA/CPRA), and we do not sell personal information — so its business obligations do not apply to us. Where you have obligations as a business, Mindcase acts as your service provider. If you are a resident of California or another US state with a comprehensive privacy law, you may still have the right to know what personal data we hold, to request its deletion or correction, and to opt out of certain processing, and we support these rights.

Your Privacy Choices. Our website’s analytics tools may share certain identifiers with analytics providers. To opt out of this analytics “sharing,” you can disable analytics cookies in your browser or email us at privacy@mindcase.co. We do not discriminate against you for exercising your privacy rights.

The Mindcase platform is not directed to individuals under 18 years of age, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be communicated through the platform or by email where appropriate.

For privacy questions or to exercise your rights, email privacy@mindcase.co. For general support, email support@mindcase.co.