Privacy Policy
Effective Date: February 12, 2026 · Last Updated: February 12, 2026
This Privacy Policy ("Policy") describes how MindLabs Coach LLC, a New York limited liability company ("Company," "we," "us," or "our"), collects, uses, stores, and discloses information when you use the MindCoach Labs platform (the "Service"). By using the Service, you consent to the practices described in this Policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your name, email address, and authentication credentials through our authentication provider, Clerk. If you sign in via a third-party provider (Google, Microsoft), we receive basic profile information from that provider.
1.2 Conversation and Coaching Data
The Service stores the content of your conversations with the AI coach, including messages you send, AI-generated responses, coaching session trackers, framework analysis results, computation outputs, and any files or images you upload during a session. This data is stored to provide continuity across sessions and to deliver the core functionality of the Service.
1.3 Organizational Data
If you are part of an organization using the Service, we collect organization name, membership information, role assignments, and coaching relationship data as configured by your organization's administrator.
1.4 Usage Data
We automatically collect certain technical information when you use the Service, including IP address, browser type, device type, pages visited, timestamps, and referring URLs. This data is used for analytics, security monitoring, and service improvement.
1.5 Payment Information
We do not directly collect or store credit card numbers or bank account details. Payment processing is handled by third-party payment processors. We may receive transaction identifiers, subscription status, and billing history from these processors.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service;
- Process your conversations through AI models to generate coaching analyses and framework outputs;
- Maintain session continuity (coaching arc, session trackers, behavioral evidence logs);
- Authenticate your identity and manage your account;
- Process payments and manage subscriptions;
- Send transactional communications (account verification, security alerts, service updates);
- Monitor for security threats, fraud, and abuse;
- Comply with legal obligations.
We do not use your conversation data or coaching content to train AI models. Your data is used to provide coaching responses within your sessions, and may also be used for coaching analysis, system improvement, and customer support. We will never sell your data to third parties.
3. Third-Party Service Providers
We share information with the following categories of third-party processors, each of which processes data solely on our behalf and subject to contractual obligations:
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude API) | AI processing | Conversation content sent per-session for AI responses |
| Clerk | Authentication | Account credentials, email, name |
| Hosting Provider (Render) | Infrastructure | All application data (encrypted at rest and in transit) |
| Google (optional) | Document integration | OAuth tokens, document IDs (only if user connects) |
| Microsoft (optional) | Document integration | OAuth tokens, document IDs (only if user connects) |
| E2B (optional) | Code execution sandbox | Code snippets submitted for execution (ephemeral) |
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4. Data Retention
We retain your account information and conversation data for as long as your account is active or as needed to provide the Service. If you request deletion of your account, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law or for legitimate business purposes (such as fraud prevention or dispute resolution). Anonymized or aggregated data that cannot reasonably identify you may be retained indefinitely.
5. Data Security
We implement commercially reasonable security measures to protect your information, including:
- Encryption of data in transit using TLS (Transport Layer Security);
- Access controls limiting data access to authorized personnel;
- Sandboxed code execution environments isolated from core application data;
- Regular security monitoring and logging.
However, no method of electronic storage or transmission is completely secure. We cannot guarantee the absolute security of your data. You acknowledge and accept this inherent risk when using the Service. In the event of a security incident, our liability is limited as set forth in our Terms of Service.
6. Data Breach Notification
In the event of a confirmed data breach that affects your personal information, we will:
- Notify affected users within seventy-two (72) hours of confirmation of the breach;
- Provide a description of the nature of the breach and the categories of data affected;
- Describe the measures taken or proposed to address the breach;
- Report to relevant regulatory authorities as required by applicable law.
Your exclusive remedy in connection with any data breach is limited to a refund of subscription fees paid during the two (2) calendar months immediately preceding the confirmed breach, as further described in our Terms of Service (Sections 9 and 10).
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you;
- Correction: Request correction of inaccurate or incomplete personal information;
- Deletion: Request deletion of your personal information, subject to legal retention requirements;
- Data Portability: Request an export of your data in a machine-readable format;
- Objection: Object to certain processing activities where permitted by law;
- Withdrawal of Consent: Where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, contact us at the email address provided in Section 12. We will respond to verified requests within thirty (30) days.
8. Cookies and Tracking Technologies
The Service uses essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking cookies. We may use analytics services that collect anonymized usage data to help us understand how the Service is used and to improve performance.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately.
10. International Data Transfers
Your data is processed and stored in the United States. If you access the Service from outside the United States, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your jurisdiction.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised Policy on the Service and updating the "Last Updated" date above. Your continued use of the Service after the posting of a revised Policy constitutes your acceptance of the changes.
12. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
MindLabs Coach LLC
Email: privacy@aimindlabs.com
13. Governing Law
This Privacy Policy is governed by the laws of the State of New York, United States, consistent with our Terms of Service.