To help you better understand this policy, here are the key terms we use:
- Personal Information: Any data relating to an identifiable individual, including name, email address, or identification numbers
- Service Usage Information: Information automatically collected about how you interact with our Service
- Cookies: Small text files placed on your device to enhance your browsing experience and collect certain information.
- Data Controller: Mandel AI serves as the Data Controller, determining why and how your personal information is processed.
- Data Processor: Third parties that process data on our behalf according to our instructions.
- Data Subject: You, as the individual whose personal information we process
How We Use Your Information
We process your information for specific, clearly defined purposes, including:
- Delivering and maintaining our Service
- Personalising your experience
- Responding to your inquiries and providing support
- Processing transactions and managing your account
- Sending important notifications about changes or updates
- Improving our Service based on usage patterns
- Identifying and addressing technical issues
- Fulfilling our contractual obligations
- Sending relevant marketing communications (subject to your preferences)
- Ensuring compliance with applicable laws and regulations
We only use your personal information for the purpose it was collected or for reasonably related purposes as permitted by applicable privacy laws
Third-Party Service Providers
To operate efficiently, we engage trusted third-party service providers to perform certain functions on our behalf. These providers have limited access to your personal information to perform specific tasks and are contractually obligated to protect your data.
Our service providers assist with:
- Hosting and infrastructure services
- Payment processing
- Analytics and performance monitoring
- Customer support tools
- Communication services
- Security and fraud prevention
We use PostHog to understand how users interact with our Service. PostHog helps us improve user experience while adhering to strong privacy principles. The analytics data collected is used solely to enhance our Service and is processed according to this Privacy Policy
You can find more information on PostHog’s Privacy Policy here:
https://posthog.com/privacyWe offer features and services that require payment. To process these transactions securely, we partner with Stripe, a trusted third-party payment processor.
When you make a purchase, your payment information is provided directly to Stripe and never stored on our servers. Stripe's handling of your payment details is governed by their own Privacy Policy, which can be viewed at:
https://stripe.com/us/privacy.
Stripe complies with the Payment Card Industry Data Security Standard (PCI-DSS), a rigorous security framework established by major credit card companies including Visa, Mastercard, American Express, and Discover. These standards ensure your payment information receives appropriate protection throughout the transaction process.
We may use third-party Service Providers like GitHub to automate the development process of our Service.
GitHub is a development platform to host and review code, manage projects, and build software. For more information on what data GitHub collects for what purpose and how the protection of the data is ensured, please visit GitHub Privacy Policy page:
Automated Decision-Making
Our Service incorporates AI technology that can make or suggest decisions based on your data. You control the level of AI autonomy through configurable settings in your account dashboard:
- You choose whether AI acts only as an advisor or takes autonomous actions
- All accounts default to requiring your approval for substantive decisions
- You can adjust these settings at any time
Before enabling autonomous features, we obtain your explicit consent and explain potential outcomes. You always retain the right to:
- Request human review of any automated decision
- Contest decisions made by automated systems
We implement appropriate safeguards including automatic evaluations, human oversight, and regular testing to ensure fair and accountable AI operations.
For questions about how our AI makes specific decisions, contact
[email protected].
Data Security and Protection
We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of sensitive data
- Regular security assessments
- Access controls and authentication protocols
- Staff training on data protection
- Systematic monitoring for potential vulnerabilities
For more information on our data security and protection, visit our trust and security centre at
https://trust.mandel.ai/Depending on your location, you may have specific rights regarding your personal information, including:
- Accessing your personal information
- Correcting inaccurate data
- Requesting deletion of your information
- Restricting or objecting to certain processing activities
- Requesting portability of your information
- Withdrawing consent for optional processing activities
To exercise these rights, please contact us at
[email protected]We maintain your Personal Information only for as long as reasonably necessary to fulfill the purposes outlined in this Privacy Policy or to comply with our legal obligations. Specific retention periods vary based on:
- The type of information collected
- The purpose for which it was obtained
- Our legal and regulatory requirements
- Applicable statutes of limitations
- Ongoing business needs
For Service Usage Information, we typically implement shorter retention periods unless this data is essential for security enhancements, Service improvements, or when longer retention is legally required.
We regularly review our data holdings and delete or anonymise information when no longer needed for the purposes for which it was collected.
International Data Transfers
As a global service, Mandel AI operates infrastructure in various regions, which may involve transferring and processing your information across international borders. Your information may be stored and processed on servers located outside your country of residence, including in the United States and European Union.
By using our Service and providing your information, you acknowledge and consent to such transfers. We implement appropriate safeguards when transferring data internationally, including:
- Standard contractual clauses approved by relevant data protection authorities
- Data transfer impact assessments
- Verification of recipient country privacy protections
- Additional technical and organisational measures as needed
We only transfer your Personal Information to countries or organisations that provide adequate data protection or have appropriate safeguards in place.
While we implement industry-standard security measures to protect your data, it's important to understand that no digital transmission or storage system is completely secure. We continuously update our security protocols to address emerging threats, but we cannot guarantee absolute security.
We encourage you to help protect your account by using strong, unique passwords and enabling two-factor authentication when available. Please contact us immediately if you suspect any unauthorised access to your account.
To follow our security certifications, practices, and controls, visit
https://trust.mandel.ai/Regional Privacy Rights and Regulations
European Privacy Framework (GDPR)
For individuals residing in the European Union (EU) or European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides specific protections regarding your personal information.
Under the GDPR, you are entitled to the following rights:
- Right to Access: You may request confirmation of whether we process your personal information and receive a copy of the personal information we maintain about you
- Right to Rectification: You may request we correct inaccurate or incomplete personal information
- Right to Erasure: Under certain conditions, you may request the deletion of your personal information
- Right to Restrict Processing: You may ask us to temporarily or permanently stop processing certain categories of your personal information
- Right to Data Portability: You may request your personal information in a structured, machine-readable format and transmit it to another data controller
- Right to Object: You may object to our processing of your personal information for direct marketing purposes or based on our legitimate interests
- Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent
To exercise any of these rights, please email
[email protected]. We may verify your identity before processing your request. If you're unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
United States Privacy Frameworks
CALIFORNIA RESIDENT RIGHTS
California law provides substantial privacy protections through the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). As a California resident, you have the right to:
- Know what personal information we collect, use, disclose, or sell
- Request deletion of your personal information (subject to certain exceptions)
- Opt-out of the sale or sharing of your personal information
- Access your personal information in a portable format
- Limit the use of sensitive personal information
- Non-discrimination for exercising your privacy rights
California residents can exercise these rights by emailing
[email protected] or through the designated mechanisms on our Service.
EMERGING STATE PRIVACY FRAMEWORKS
As privacy regulations evolve across the United States, we maintain compliance with all applicable state privacy laws. As of 2025, comprehensive privacy legislation has been enacted in multiple states including:
- Virginia, Colorado, Connecticut, Utah
- Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland
These laws generally provide rights similar to those under the CCPA, including rights to access, delete, correct, and opt out of certain processing of your personal information. The specific rights available depend on your state of residence and applicable eligibility requirements.
We honor all valid requests from residents of states with applicable privacy legislation. For specific information about your state's privacy protections, please contact us.
Protection of Children's Privacy
Our Service is not directed to individuals under 18 years of age ("Minors"), and we prohibit Minors from using our Service.
We do not knowingly gather personal information from Minors. If we discover we have inadvertently collected personal information from a Minor, we will promptly delete such information. If you believe we might possess information from or about a Minor, please contact us immediately at
[email protected].
Parents and guardians are encouraged to monitor their children's online activities and help enforce this policy by instructing children never to provide personal information through our Service.
We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this Privacy Policy
- Send email notifications to registered users when appropriate
- Outline significant changes and their potential impact on your privacy rights
By continuing to use our Service after privacy policy changes take effect, you acknowledge and accept the revised policy.
We encourage you to periodically review this Privacy Policy to stay informed about how we protect your personal information.
We welcome your questions, concerns, and requests regarding this Privacy Policy and our privacy practices.
Contact Information:
For urgent privacy matters, please include "PRIVACY CONCERN" in your email subject line to ensure prompt attention.
We strive to respond to all legitimate inquiries within 30 days. In some circumstances, we may request additional information to verify your identity before addressing your request.
