Legal

Privacy Policy

Last Updated: July 21, 2025

Welcome to Mandel AI.

At Fynt, Inc. (DBA “Mandel AI”) (“we,” “our,” or “us”), we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, store, and safeguard data when you use our platform available at https://www.mandel.ai and https://app.mandel.ai (the “Service”).

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you disagree with any aspect of this policy, please discontinue use of our Service immediately.

Key Terms

To help you better understand this policy, here are the key terms we use:

Personal Information: Any data relating to an identifiable individual, including name, email address, or identification numbers
Service Usage Information: Information automatically collected about how you interact with our Service
Cookies: Small text files placed on your device to enhance your browsing experience and collect certain information.
Data Controller: Mandel AI serves as the Data Controller, determining why and how your personal information is processed.
Data Processor: Third parties that process data on our behalf according to our instructions.
Data Subject: You, as the individual whose personal information we process

Information we collect

Personal information

When you use our Service, we may request certain personally identifiable information, including but not limited to:

Full name
Contact details (email address, phone number)
Account credentials
Payment information (processed securely through our payment processor Stripe)
Professional information relevant to our Service

We collect this information only when reasonably necessary for our legitimate business functions and activities. You may opt out of receiving any, or all, of these communications from us by emailing us at privacy@mandel.ai.

Service Usage Information

Our systems automatically gather information about your interactions with our Service, including:

IP address and device identifiers
Browser type and settings
Operating system information
Pages visited and navigation patterns
Time and duration of visits
Referring websites and search terms
Technical diagnostic data

We utilise PostHog as our analytics provider, which helps us understand user behavior while respecting privacy principles.

Cookies and Similar Technologies

We employ cookies and similar tracking mechanisms to enhance your experience and collect information about how you use our Service. These technologies help us remember your preferences, maintain security, and analyse Service usage.

The cookies we deploy include:

Functional Cookies: Essential for basic Service operations
Customization Cookies: Remember your settings and preferences
Security Cookies: Help protect your account and our systems
Analytics Cookies: Provide insights into Service usage patterns

You can configure your browser to decline cookies, though this may impact certain Service features or functionality.

How We Use Your Information

We process your information for specific, clearly defined purposes, including:

Delivering and maintaining our Service
Personalising your experience
Responding to your inquiries and providing support
Processing transactions and managing your account
Sending important notifications about changes or updates
Improving our Service based on usage patterns
Identifying and addressing technical issues
Fulfilling our contractual obligations
Sending relevant marketing communications (subject to your preferences)
Ensuring compliance with applicable laws and regulations

We only use your personal information for the purpose it was collected or for reasonably related purposes as permitted by applicable privacy laws.

Third-Party Service Providers

To operate efficiently, we engage trusted third-party service providers to perform certain functions on our behalf. These providers have limited access to your personal information to perform specific tasks and are contractually obligated to protect your data.

Our service providers assist with:

Hosting and infrastructure services
Payment processing
Analytics and performance monitoring
Customer support tools
Communication services
Security and fraud prevention

Google Workspace

We may integrate with Google Workspace APIs to provide certain features of our Service. When we access data through Google Workspace APIs, we commit to the following data handling practices:

We do not retain, use, or disclose user data obtained through Google Workspace APIs to develop, improve, or train generalized artificial intelligence and/or machine learning models
Any data accessed through Google Workspace APIs is used solely to provide the specific features and functionality you have requested

For more information about Google's API Services User Data Policy, visit: https://developers.google.com/terms/api-services-user-data-policy

Analytics

We use PostHog to understand how users interact with our Service. PostHog helps us improve user experience while adhering to strong privacy principles. The analytics data collected is used solely to enhance our Service and is processed according to this Privacy Policy.

You can find more information on PostHog's Privacy Policy here: https://posthog.com/privacy

Payment Processing

We offer features and services that require payment. To process these transactions securely, we partner with Stripe, a trusted third-party payment processor.

When you make a purchase, your payment information is provided directly to Stripe and never stored on our servers. Stripe's handling of your payment details is governed by their own Privacy Policy, which can be viewed at: https://stripe.com/us/privacy.

Stripe complies with the Payment Card Industry Data Security Standard (PCI-DSS), a rigorous security framework established by major credit card companies including Visa, Mastercard, American Express, and Discover. These standards ensure your payment information receives appropriate protection throughout the transaction process.

CI/CD tools

We may use third-party Service Providers like GitHub to automate the development process of our Service.

GitHub is a development platform to host and review code, manage projects, and build software. For more information on what data GitHub collects for what purpose and how the protection of the data is ensured, please visit GitHub Privacy Policy page: https://help.github.com/en/articles/github-privacy-statement.

Automated Decision-Making

Our Service incorporates AI technology that can make or suggest decisions based on your data. You control the level of AI autonomy through configurable settings in your account dashboard:

You choose whether AI acts only as an advisor or takes autonomous actions
All accounts default to requiring your approval for substantive decisions
You can adjust these settings at any time

Before enabling autonomous features, we obtain your explicit consent and explain potential outcomes. You always retain the right to:

Request human review of any automated decision
Contest decisions made by automated systems

We implement appropriate safeguards including automatic evaluations, human oversight, and regular testing to ensure fair and accountable AI operations.

For questions about how our AI makes specific decisions, contact privacy@mandel.ai.

Data Security and Protection

We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of sensitive data
Regular security assessments
Access controls and authentication protocols
Staff training on data protection
Systematic monitoring for potential vulnerabilities

For more information on our data security and protection, visit our trust and security centre at https://trust.mandel.ai/

Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information, including:

Accessing your personal information
Correcting inaccurate data
Requesting deletion of your information
Restricting or objecting to certain processing activities
Requesting portability of your information
Withdrawing consent for optional processing activities

To exercise these rights, please contact us at privacy@mandel.ai.

Retention of Data

We maintain your Personal Information only for as long as reasonably necessary to fulfill the purposes outlined in this Privacy Policy or to comply with our legal obligations. Specific retention periods vary based on:

The type of information collected
The purpose for which it was obtained
Our legal and regulatory requirements
Applicable statutes of limitations
Ongoing business needs

For Service Usage Information, we typically implement shorter retention periods unless this data is essential for security enhancements, Service improvements, or when longer retention is legally required.

We regularly review our data holdings and delete or anonymise information when no longer needed for the purposes for which it was collected.

International Data Transfers

As a global service, Mandel AI operates infrastructure in various regions, which may involve transferring and processing your information across international borders. Your information may be stored and processed on servers located outside your country of residence, including in the United States and European Union.

By using our Service and providing your information, you acknowledge and consent to such transfers. We implement appropriate safeguards when transferring data internationally, including:

Standard contractual clauses approved by relevant data protection authorities
Data transfer impact assessments
Verification of recipient country privacy protections
Additional technical and organisational measures as needed

We only transfer your Personal Information to countries or organisations that provide adequate data protection or have appropriate safeguards in place.

Circumstances of Information Disclosure

Legal Requirements and Governmental Requests

We may disclose your information when required by law, subpoena, court order, or other valid legal processes. We carefully review all such requests to ensure they comply with applicable law.

Corporate Transactions

If Mandel AI is involved in a merger, acquisition, reorganisation, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or uses of your Personal Information.

Protection of Rights and Safety

We may disclose information when we believe in good faith that disclosure is necessary to:

Protect the rights, property, or safety of Mandel AI, our users, or the public
Prevent or investigate possible wrongdoing in connection with the Service
Defend against legal claims or liability

Other Disclosure Circumstances

We may also share your information:

With our corporate affiliates and subsidiaries
With vendors and service providers who need access to such information to perform services on our behalf
With your explicit consent for purposes not listed in this Privacy Policy
In aggregated, anonymised, or de-identified form that cannot reasonably be used to identify you

Security Approach

While we implement industry-standard security measures to protect your data, it's important to understand that no digital transmission or storage system is completely secure. We continuously update our security protocols to address emerging threats, but we cannot guarantee absolute security.

We encourage you to help protect your account by using strong, unique passwords and enabling two-factor authentication when available. Please contact us immediately if you suspect any unauthorised access to your account.

To follow our security certifications, practices, and controls, visit https://trust.mandel.ai/

Regional Privacy Rights and Regulations

European Privacy Framework (GDPR)

For individuals residing in the European Union (EU) or European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides specific protections regarding your personal information.

Under the GDPR, you are entitled to the following rights:

Right to Access: You may request confirmation of whether we process your personal information and receive a copy of the personal information we maintain about you
Right to Rectification: You may request we correct inaccurate or incomplete personal information
Right to Erasure: Under certain conditions, you may request the deletion of your personal information
Right to Restrict Processing: You may ask us to temporarily or permanently stop processing certain categories of your personal information
Right to Data Portability: You may request your personal information in a structured, machine-readable format and transmit it to another data controller
Right to Object: You may object to our processing of your personal information for direct marketing purposes or based on our legitimate interests
Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent

To exercise any of these rights, please email privacy@mandel.ai. We may verify your identity before processing your request. If you're unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

United States Privacy Frameworks

California Resident Rights (CCPA/CPRA)

California law provides substantial privacy protections through the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). As a California resident, you have the right to:

Know what personal information we collect, use, disclose, or sell
Request deletion of your personal information (subject to certain exceptions)
Opt-out of the sale or sharing of your personal information
Access your personal information in a portable format
Limit the use of sensitive personal information
Non-discrimination for exercising your privacy rights

California residents can exercise these rights by emailing privacy@mandel.ai or through the designated mechanisms on our Service.

Emerging State Privacy Frameworks

As privacy regulations evolve across the United States, we maintain compliance with all applicable state privacy laws. As of 2025, comprehensive privacy legislation has been enacted in multiple states including:

Virginia, Colorado, Connecticut, Utah
Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland

These laws generally provide rights similar to those under the CCPA, including rights to access, delete, correct, and opt out of certain processing of your personal information. The specific rights available depend on your state of residence and applicable eligibility requirements.

We honor all valid requests from residents of states with applicable privacy legislation. For specific information about your state's privacy protections, please contact us.

Protection of Children's Privacy

Our Service is not directed to individuals under 18 years of age (“Minors”), and we prohibit Minors from using our Service.

We do not knowingly gather personal information from Minors. If we discover we have inadvertently collected personal information from a Minor, we will promptly delete such information. If you believe we might possess information from or about a Minor, please contact us immediately at privacy@mandel.ai.

Parents and guardians are encouraged to monitor their children's online activities and help enforce this policy by instructing children never to provide personal information through our Service.

Privacy Policy Updates

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will:

Update the “Last Updated” date at the top of this Privacy Policy
Send email notifications to registered users when appropriate
Outline significant changes and their potential impact on your privacy rights

By continuing to use our Service after privacy policy changes take effect, you acknowledge and accept the revised policy.

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your personal information.

How to Reach Us

We welcome your questions, concerns, and requests regarding this Privacy Policy and our privacy practices.

Contact Information:

Email: privacy@mandel.ai
Address: 1111B S Governors Ave STE 6339 Dover, DE 19904
Data Protection Officer: Nick Gospodinov (dpo@mandel.ai)
EU Representative: Nick Gospodinov (dpo@mandel.ai)

For urgent privacy matters, please include “PRIVACY CONCERN” in your email subject line to ensure prompt attention.

We strive to respond to all legitimate inquiries within 30 days. In some circumstances, we may request additional information to verify your identity before addressing your request.