Privacy Policy
Last updated: 2026
1. Overview
MandateMind AI (“MandateMind”, “we”, “our”) is committed to protecting your privacy. This Privacy Policy explains
what information we collect, how we use it, and the choices you have regarding your data.
2. Information We Collect
We collect the following categories of information:
- Account Information: Name, email address, company name, and authentication details.
- Usage Data: Log data, feature usage, timestamps, and performance metrics.
- Evidence & Documents: Files uploaded by users for compliance, audit, or readiness purposes.
- AI Processing Metadata: Control scores, summaries, gap analysis, and system‑generated insights.
3. How We Use Information
We use collected information to:
- Operate and improve the MandateMind platform.
- Provide AI‑powered evidence intelligence, scoring, and narrative generation.
- Support compliance workflows, readiness scoring, and audit preparation.
- Provide customer support and troubleshoot issues.
- Maintain platform security and detect misuse.
4. AI Processing & Model Usage
MandateMind uses AI models to analyze evidence, generate summaries, identify gaps, and produce readiness insights.
Your data is processed securely and is never used to train public AI models.
- Evidence is processed only for your tenant’s compliance activities.
- AI outputs are generated on‑demand and not shared across tenants.
- We do not sell or share evidence with third parties for model training.
5. Evidence Storage & Retention
Evidence uploaded to MandateMind is stored securely in encrypted storage. To manage performance and cost:
- Evidence may be automatically archived or deleted based on retention settings.
- Extended retention or cold storage may incur additional fees.
- Customers may delete evidence at any time.
- Deleted evidence cannot be recovered once purged from retention systems.
6. Fair‑Use Limits
All subscription plans include fair‑use limits for AI processing and evidence storage. Excessive usage may result in:
- Soft usage warnings.
- Temporary rate‑limiting.
- Overage billing.
- Requests to upgrade to a higher plan.
Fair‑use thresholds are described in the Acceptable Use Policy.
7. Data Protection & Security
MandateMind uses industry‑standard security controls to protect your data:
- Encryption in transit (TLS) and at rest (AES‑256).
- Isolated tenant environments for evidence and metadata.
- Strict access controls and audit logging.
- No commingling of evidence across tenants.
8. Subprocessors
We use trusted subprocessors to operate the platform, including:
- Cloud hosting providers (e.g., AWS).
- Email delivery providers.
- AI model providers for on‑demand inference.
Subprocessors only receive the minimum data required to perform their function.
9. Sharing of Information
We do not sell customer data. We may share limited information with subprocessors or when required by law.
Evidence is never shared with third parties for marketing or training purposes.
10. Your Rights
You may request:
- Export of your data.
- Deletion of your account and associated evidence.
- Correction of inaccurate information.
11. Multi‑Tenant & MSP Environments
For vCISO/MSP customers, each client environment is isolated. Evidence and AI outputs are never shared across
client tenants unless explicitly configured by the customer.
12. Changes to This Policy
We may update this Privacy Policy periodically. Continued use of the platform constitutes acceptance of the latest version.