Privacy Policy

1. Introduction

Mimin ("Mimin", "we", "our", or "us") is committed to ensuring the protection, confidentiality, and lawful handling of personal data. This Privacy Policy sets out the principles governing the collection, use, disclosure, retention, and safeguarding of personal data processed through our website and through the services we provide. For enterprise engagements, Mimin acts primarily as a Data Processor, processing personal data solely on the documented instructions of the Client, who remains the Data Controller for all such data. This Privacy Policy supplements any Data Processing Agreement (DPA) or contractual arrangement in place. In the event of inconsistency, the DPA or executed contract shall prevail.

2. Scope

This Privacy Policy applies to:

Users of the Mimin website and digital platforms;
Individuals who submit information to Mimin directly;
Clients utilising Mimin's AI-based solutions;
End-users whose personal data is processed by Mimin on behalf of a Client;
Commercial partners or resellers promoting Mimin's services.

This Policy governs both online and offline interactions with Mimin.

3. Data Privacy Roles

3.1 Client as Data Controller

The Client determines:

The purposes and means of processing personal data;
The lawful basis for such processing;
The categories of data collected;
The manner and duration of storage;
The fulfilment of data subject rights.

Mimin does not make decisions regarding these matters unless explicitly authorised by the Client.

3.2 Mimin as Data Processor

Mimin processes personal data strictly in accordance with the Client's written or documented instructions. Mimin's processing activities may include:

Facilitating AI-based text and voice interactions;
Executing automated responses and workflows;
Hosting, storing, or transmitting personal data within Mimin-managed systems;
Maintaining infrastructure and platform integrity;
Providing technical and operational support;
Engaging authorised Sub-Processors where necessary.

Mimin does not retain personal data beyond what is necessary for service provision unless required by law or the Client.

3.3 Sub-Processors

Mimin may engage third-party service providers, including AI model or cloud infrastructure providers, as Sub-Processors. Sub-Processors:

Process data only for the limited purpose of fulfilling Mimin's obligations to the Client;
Access data on a transient and non-persistent basis where applicable;
Are contractually bound to confidentiality and data protection obligations equivalent to those imposed on Mimin.

3.4 Resellers

Third-party resellers or commercial partners who market or distribute Mimin's services do not access, handle, or process personal data. They operate exclusively as commercial intermediaries and are not considered Controllers, Processors, or Sub-Processors.

4. Categories of Personal Data Collected

4.1 Information Collected Through the Website

Personal data collected may include:

Device identifiers, IP address, browser type, and system settings;
Cookies, session data, and usage analytics;
Information relating to interactions with the website (pages viewed, navigation patterns).

4.2 Information Provided Directly to Mimin

Where individuals submit information to Mimin (e.g., for enquiries, registration, or transactions), we may collect:

Contact details (name, email address, phone number);
Company or organisational information;
Billing, payment, or transaction-related data.

4.3 Information Processed on Behalf of Clients

In the course of providing services to Clients, Mimin may process:

Textual, audio, or multimedia data submitted to AI interfaces;
User communications, logs, and metadata;
Datasets required by the Client for configuration, training, or fine-tuning;
Operational information necessary for platform functionality and troubleshooting.

All such data is processed exclusively on behalf of the Client.

5. Purposes of Processing

5.1 Website and Direct Interactions

Personal data may be used to:

Operate, maintain, and enhance the website;
Respond to requests and communications;
Perform transactions and administrative functions;
Conduct fraud detection, risk assessment, and security monitoring;
Analyse interactions to optimise user experience.

5.2 Enterprise Service Provision (Processor Role)

For Client-related processing, Mimin uses personal data solely to:

Execute AI-based responses and workflows;
Enable voice and text processing;
Provide support, diagnostics, and operational continuity;
Train or fine-tune models only when expressly authorised by the Client;
Fulfil contractual obligations.

Mimin does not use Client data to improve or train Mimin's general models unless explicitly permitted in writing.

5.3 Sub-Processor Processing

Sub-Processors engaged by Mimin process personal data solely for:

Model inference;
Technical execution;
Infrastructure operations.

Sub-Processors do not retain or reuse personal data beyond the execution of the intended task.

6. Data Disclosure

Mimin may disclose personal data to:

Authorised Sub-Processors;
Payment and financial service providers (for transactional purposes);
Professional advisers;
Government authorities where required by law.

Mimin does not sell personal data to third parties. All disclosures are limited to lawful and contractually authorised purposes.

7. Data Retention

Mimin retains personal data processed on behalf of the Client for the duration of the Client's active subscription or service engagement with Mimin, and only to the extent necessary to fulfil the purposes for which the data was collected or to deliver the contracted services. Upon termination, expiry, or non-renewal of the Client's subscription ("Client Churn"), the Client may, at its discretion:

Request the return of all personal data, or
Request the deletion of all personal data processed by Mimin on its behalf.

Mimin shall comply with such requests within a commercially reasonable timeframe, subject to any data that must be retained to comply with legal, regulatory, or auditing obligations. Absent a request from the Client, Mimin shall not retain enterprise-related personal data beyond the period necessary to fulfil post-termination legal obligations or to properly conclude service disengagement activities.

8. Data Security

Mimin implements administrative, technical, and physical safeguards including, but not limited to:

Encryption of data in transit and at rest;
Access control and user authentication mechanisms;
Network isolation and secure infrastructure;
Monitoring, logging, and incident detection;
Regular security assessments and updates.

9. Rights of Individuals

Depending on applicable law, individuals may have rights relating to:

Access to personal data;
Correction of inaccurate data;
Deletion or withdrawal of consent;
Restriction or objection to processing;
Data portability.

For enterprise usage, all data subject requests must be directed to the Client (Data Controller), as Mimin processes such data strictly on the Client's behalf.

10. Data Deletion Requests

Direct users of the website or Mimin services may request deletion of their personal data. Enterprise-related deletion requests must be initiated and submitted by the Client. Where deletion is requested:

Personal data will be securely removed;
Certain information may be retained where required to meet legal, regulatory, or contractual obligations.

11. Data Breach & Notification of Breach

In the event of a suspected or confirmed personal data breach, Mimin will promptly initiate its internal incident response procedures to investigate the incident and take reasonable steps to contain, mitigate, and prevent further unauthorized access, use, or disclosure of Personal Data. Such measures may include securing affected systems, restricting access, applying remedial fixes, and restoring data where necessary.

Mimin maintains regular backups of Personal Data in a separate and secure server instance, which are designed to support data integrity, business continuity, and recovery in the event of system failure or security incidents.

Where required by law, or where Mimin reasonably determines that the breach is likely to result in significant harm to affected individuals, Mimin shall notify impacted users as soon as practicable. Such notification may be provided via email, in-app notification, public notice, or other reasonable means, and shall include, to the extent legally permissible:

A description of the nature of the breach and when it occurred;
The types of Personal Data affected;
Potential risks or impacts arising from the breach;
Steps taken by Mimin to contain and remediate the incident;
Recommended actions that affected individuals may take to protect themselves; and
Contact details for further inquiries or assistance.

Mimin may delay, limit, or refrain from notification where permitted by law, including where remedial actions have rendered the breach unlikely to result in significant harm to affected individuals, or where notification is restricted or prohibited by instructions from regulatory or law enforcement authorities.

Users are responsible for ensuring that their contact information, including email address, is kept accurate and up to date to enable timely receipt of such notifications.

Following resolution of the incident, Mimin shall:

Conduct a post-incident review and root cause analysis;
Implement corrective and preventive measures to reduce the likelihood of recurrence;
Update security controls, policies, and procedures where necessary; and
Maintain records of the incident and response actions in accordance with applicable legal and regulatory requirements.

12. Amendments to This Policy

Mimin may revise this Privacy Policy from time to time to reflect operational, legal, or regulatory developments. The updated version will be published with an amended "Last Updated" date and will take effect upon posting.