Privacy Policy
Last updated: June 2026
1. Introduction
Mind.me values the privacy and protection of its users' personal data. This Privacy Policy explains how we collect, use, store, protect, and process personal data in connection with the use of the website, the Mind.me platform, and related services. Mind.me is committed to complying with Regulation (EU) 2016/679 (GDPR), applicable Portuguese legislation, and data protection best practices. By using the website or the platform, the user acknowledges that they have read and understood this Privacy Policy.
2. Who We Are
Mind.me is a technology platform designed for professionals and organizations operating in the mental health sector. For the purposes of applicable data protection legislation, Mind.me acts as the data controller with regard to personal data related to account management, billing, communications, and use of the platform. With respect to clinical data entered into the platform by customers, Mind.me acts as a data processor, processing such data solely in accordance with the instructions of the respective data controllers.
3. Data We Collect
We may collect different categories of personal data. Account Data • Name; • Email address; • Phone number (where applicable); • Country; • Professional information; • Profile picture (when provided). Clinic Data • Clinic name; • Tax identification number (VAT/NIF); • Address; • Logo; • Administrative information related to the use of the platform. Billing Data • Information required for invoice issuance; • Payment history; • Subscription-related information. Technical Data • IP address; • Device type; • Operating system; • Browser used; • Access logs; • Security-related data. Communication Data • Contact forms; • Support requests; • Communications sent by email. Waitlist Data When a user joins the Mind.me waitlist, we collect: • Name; • Email address; • User type (professional or clinic); • Selected language; • Registration date.
4. Clinical Data
The platform may allow the storage of information related to patients. Such information may include: • Identification data; • Clinical notes; • Sessions; • Files; • Documentation; • Information entered by professionals. Mind.me does not use this data for its own purposes and does not make clinical decisions based on such information. The customer remains responsible for the processing of such data and for obtaining all authorizations, consents, or legal grounds required under applicable legislation.
5. Purposes of Processing
We use personal data for the following purposes: Platform Operations • Creating and managing accounts; • Authenticating users; • Providing subscribed features and services; • Ensuring security and access control. Commercial Management • Processing payments; • Managing subscriptions; • Issuing accounting and billing documents; • Managing trial periods. Communications • Responding to contact requests; • Providing support; • Sending service-related notifications; • Communicating relevant changes. Marketing Where permitted by law or based on consent: • Informing users about launches; • Communicating news and updates; • Promoting platform features; • Sending relevant updates.
6. Artificial Intelligence
Mind.me may provide intelligent features designed to support the organization and consultation of information. When such features are used, certain information may be processed by specialized technology providers to enable the generation of responses, summaries, or contextual analyses. These features: • Do not replace healthcare professionals; • Do not constitute clinical advice; • Do not constitute a diagnosis; • Do not constitute treatment. All clinical decisions remain the sole responsibility of the user.
7. Legal Basis for Processing
Personal data may be processed on the basis of: Contractual Performance Where necessary to provide the contracted services. Compliance with Legal Obligations Where required by applicable law. Legitimate Interest To ensure security, prevent fraud, improve the platform, and support operational management. Consent Where required for marketing communications or specific purposes.
8. Data Sharing
Mind.me does not sell personal data. Data may only be shared, where necessary, with service providers that assist in the operation of the platform. Such providers may include: • Stripe (payments); • Resend (email delivery); • OpenAI (intelligent features); • Cloudflare (infrastructure and storage); • Neon (database services); • Railway (infrastructure); • Vercel (website hosting); • Other technology providers required for the operation of the service. All partners are selected based on appropriate security and data protection standards.
9. International Data Transfers
Some technology providers used by Mind.me may be located outside the European Economic Area. Where this occurs, appropriate safeguards required under applicable legislation will be implemented, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.
10. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. Retention periods may vary depending on: • Legal obligations; • Accounting requirements; • Operational needs; • Security requirements. After this period, data will be securely deleted or anonymized.
11. Security
Mind.me implements appropriate technical and organizational measures to protect personal data against: • Unauthorized access; • Improper disclosure; • Alteration; • Loss; • Destruction. Such measures may include: • Access controls; • Authentication mechanisms; • Encryption where applicable; • Security monitoring; • Logging of relevant activities. Despite our efforts, no system can guarantee absolute security.
12. Your Rights
Under the GDPR, you may exercise the following rights: • Right of access; • Right to rectification; • Right to erasure; • Right to restriction of processing; • Right to object; • Right to data portability; • Right to withdraw consent where applicable. These rights may be exercised through the contact details provided in this policy.
13. Cookies
Mind.me uses cookies and similar technologies to: • Ensure the proper functioning of the website; • Improve the user experience; • Measure performance; • Understand how services are used. Users may manage their cookie preferences through their browser settings or through the mechanisms made available on the website.
14. Email Communications
Mind.me may send emails related to: • Account creation; • Security; • Password recovery; • Billing; • Important updates; • Waitlist communications; • Responses to contact requests. Certain communications are considered essential for the operation of the service and cannot be disabled.
15. Changes to This Privacy Policy
Mind.me may update this Privacy Policy from time to time. Any changes shall become effective upon publication on the website. Where appropriate, users will be informed of the most significant changes.
16. Contact
For questions regarding this Privacy Policy or to exercise any rights related to your personal data, you may contact us at: info@itsmindme.com
17. Supervisory Authority
If you believe that your personal data is being processed in violation of applicable legislation, you have the right to lodge a complaint with the competent supervisory authority. In Portugal, the competent authority is: Portuguese Data Protection Authority (CNPD) https://www.cnpd.pt