By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Sign in
Book a demo
ProblemSolutionAgentsSafety
Sign in
Get started
Updated on March 2nd, 2026

Privacy Policy

This Privacy Policy explains how Mindoo AI BV ("Mindoo", "we", "us") handles personal data in its capacity as data controller. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Belgian Data Protection Act of 30 July 2018 (Kaderwet), and the Belgian Electronic Communications Act of 13 June 2005 (as applicable to cookies and similar technologies).

Are you a patient?
This Privacy Policy does not cover how your health data is processed through the Mindoo platform. When patients interact with our AI agents (for intake conversations, follow-up, or other care-related purposes), Mindoo acts as a data processor on behalf of your healthcare institution, not as a data controller. That processing is governed by a Data Processing Agreement between Mindoo and the institution. For information about how your data is handled, please read our Patient Privacy Notice or contact the healthcare institution responsible for your care.

This Privacy Policy applies to the following activities for which Mindoo is the data controller: operating our website (mindoo.ai), managing healthcare professional accounts on the platform, business contacts and marketing, and recruitment.

1. Data controller

For the processing activities described in this policy, Mindoo AI BV is the data controller.

  • Registered office: Moonsstraat 29 B302, 2018 Antwerpen, Belgium
  • Enterprise number: BE1018909873
  • Data protection contact: dpo@mindoo.ai

If you have any questions or wish to exercise your rights, you can reach us at the email address above.

2. What data we collect

2.1 Website visitors (mindoo.ai)

When you visit our website, we may collect:

  • Technical data: IP address, browser type, operating system, referring URL, pages visited, and timestamps — collected through server logs and analytics tools.
  • Cookie data: Preferences, session identifiers, and analytics cookies. See Section 9 for details.
  • Contact form data: Name, email address, company name, and message content when you reach out to us.

2.2 Healthcare professionals using the platform

Mindoo provides a specialised AI platform for healthcare. Healthcare professionals ("HCPs") access the platform either through a subscription purchased by their healthcare institution, or through a direct subscription.

As data controller, we process the following HCP data:

  • Account data: Name, professional email address, role/function, and the healthcare institution you are affiliated with.
  • Usage data: Login timestamps, feature usage, session duration, and actions taken within the platform.
  • Support data: Any information you provide when contacting our support team.

Important: Any patient or clinical data that HCPs interact with through the platform (including data generated by our AI agents such as patient intake conversations, scribe outputs, or EHR integrations) is processed by Mindoo as a data processor on behalf of the healthcare institution. That processing falls outside the scope of this Privacy Policy and is governed by the Data Processing Agreement with the institution and our Patient Privacy Notice.

2.3 Business contacts and prospects

If you interact with us in a business context (e.g. at events, through email, or via partners), we may process:

  • Name, job title, company, email address, and phone number.
  • Records of our communications and meetings.

Where we obtain your contact details from a third party (e.g. a conference organiser or a mutual business partner), we will inform you of the source at or before the first time we contact you, in accordance with Art. 14 GDPR.

2.4 Job applicants

If you apply for a position at Mindoo, we process the data you provide in your application: name, contact details, CV, cover letter, and any other information you choose to share.

2.5 Anonymised and aggregated data

Mindoo may derive anonymised and aggregated insights from platform usage to improve our products and services. This data cannot be traced back to any individual and is therefore no longer considered personal data under the GDPR. No identifiable patient or clinical data is used for Mindoo's own purposes.

3. Why we process your data and on what legal basis

Purpose Data categories Legal basis (GDPR)
Providing and operating the platform for HCPs Account data, usage data Performance of contract (Art. 6(1)(b))
Responding to your enquiries Contact form data, support data Pre-contractual measures (Art. 6(1)(b)) or legitimate interest (Art. 6(1)(f))
Sending product updates and service notifications Account data Performance of contract (Art. 6(1)(b))
Sending marketing communications Contact data Consent (Art. 6(1)(a)) — you can withdraw at any time
Website analytics and improvement Technical data, cookie data Consent for non-essential cookies (Art. 6(1)(a)); legitimate interest for strictly necessary processing (Art. 6(1)(f))
Managing business relationships Business contact data Legitimate interest (Art. 6(1)(f))
Recruitment Application data Pre-contractual measures (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f))
Complying with legal obligations As required Legal obligation (Art. 6(1)(c))
Security and fraud prevention Technical data, usage data Legitimate interest (Art. 6(1)(f))

Where we rely on legitimate interest, our interest consists of operating and improving our business, maintaining secure services, and managing professional relationships. We have assessed that this does not override your fundamental rights and freedoms. You may contact us at dpo@mindoo.ai to request further details on any specific balancing test.

4. Automated decision-making and AI

Mindoo's platform is powered by artificial intelligence. Our AI agents assist healthcare professionals and patients with tasks such as pre-consultation intake, post-care follow-up, clinical documentation (scribe), and health record integration — always on behalf of and under the responsibility of the healthcare institution.

In the context of this Privacy Policy (i.e. where Mindoo acts as data controller), we want to be transparent about the following:

  • Platform analytics: We may use automated processing to generate aggregated usage insights for product improvement. These do not produce legal or similarly significant effects on individual users.
  • No automated individual decision-making: We do not use your personal data (as controller) for automated decision-making that produces legal effects or similarly significantly affects you, within the meaning of Art. 22 GDPR.

For information about AI processing of patient data (where Mindoo acts as data processor), see our Patient Privacy Notice and the Data Processing Agreement with the healthcare institution.

5. Who we share data with

We do not sell your personal data. We may share data with the following categories of recipients:

  • Cloud infrastructure providers hosting our platform and website.
  • AI model providers for platform functionality — these providers process data under strict contractual obligations and do not retain personal data after processing.
  • Analytics providers for website usage statistics.
  • Email and communication tools for support and marketing communications.
  • Professional advisors (legal, accounting) under professional secrecy obligations.
  • Public authorities where required by Belgian or EU law.

We maintain a list of our sub-processors. You can consult the current version at trust.mindoo.ai.

6. International data transfers

Our primary infrastructure is hosted within the European Economic Area (EEA). Where personal data is transferred outside the EEA — for example to AI model providers based in the United States — we ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses (SCCs) adopted by the European Commission
  • An adequacy decision by the European Commission (e.g. the EU-US Data Privacy Framework, where the recipient is certified)
  • Additional technical measures where required following the CJEU Schrems II ruling

You may request a copy of the relevant safeguards by contacting dpo@mindoo.ai.

7. How long we keep your data

We retain personal data only as long as necessary for the purposes described in this policy:

Data category Retention period
Account data (HCPs) Duration of the subscription + 12 months after termination
Website analytics Maximum 26 months (aggregated and anonymised where possible)
Contact form enquiries 12 months after last interaction
Business contact data Duration of the business relationship + 12 months
Marketing contacts Until you withdraw consent or unsubscribe
Job applications Maximum 4 weeks after the recruitment process ends, unless you give separate consent for longer retention (up to 1 year)
Invoicing and financial records 7 years (Belgian accounting law, Art. III.86 Code of Economic Law)

After the applicable retention period, data is deleted or irreversibly anonymised.

8. Your rights

Under the GDPR and Belgian law, you have the right to:

  • Access your personal data and receive a copy (Art. 15 GDPR).
  • Rectify inaccurate or incomplete data (Art. 16 GDPR).
  • Erase your data ("right to be forgotten"), subject to legal retention obligations (Art. 17 GDPR).
  • Restrict processing in certain circumstances (Art. 18 GDPR).
  • Data portability — receive your data in a structured, commonly used, machine-readable format (Art. 20 GDPR).
  • Object to processing based on legitimate interest, including direct marketing (Art. 21 GDPR). Where you object to direct marketing, we will cease processing without delay.
  • Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR).
  • Not be subject to automated individual decision-making, including profiling that produces legal effects (Art. 22 GDPR).

To exercise any of these rights, contact us at dpo@mindoo.ai. We will respond within 30 days. If your request is complex or we receive many requests, we may extend this period by a further two months, in which case we will inform you.

We will not charge a fee for handling your request, unless it is manifestly unfounded or excessive.

If you are not satisfied with our response, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit (GBA)Drukpersstraat 35, 1000 Brussels, BelgiumTel: +32 (0)2 274 48 00https://www.gegevensbeschermingsautoriteit.becontact@apd-gba.be

9. Cookies and similar technologies

Our website uses cookies and similar technologies. In accordance with Art. 129 of the Belgian Electronic Communications Act (Wet van 13 juni 2005 betreffende de elektronische communicatie) and the ePrivacy Directive, we distinguish between:

  • Strictly necessary cookies that are essential for the website to function (e.g. session management, security). These do not require your consent.
  • Analytics cookies that help us understand how visitors use our website. These are placed only after you give your consent.
  • Marketing cookies that may be used to deliver relevant content or measure campaign effectiveness. These are placed only after you give your consent.

You can manage your cookie preferences at any time through the cookie settings on our website. You can also configure your browser to block or delete cookies, though this may affect website functionality.

For a detailed overview of the specific cookies we use, their purposes, and retention periods, please refer to our cookie settings panel.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encryption of data in transit and at rest, role-based access controls, regular security assessments, and staff awareness training.

Our security practices are documented in our Trust Center.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the GBA within 72 hours and inform you without undue delay where required by Art. 33–34 GDPR.

11. Children

Under Belgian law implementing Art. 8 GDPR, the age of digital consent is 13 years. Our services are not directed at individuals under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us at dpo@mindoo.ai and we will promptly delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through a notice on our website. Where changes significantly affect how we process your data, we will seek your renewed consent where required. The "Last updated" date at the top reflects the most recent revision.

13. Contact us

For any questions about this Privacy Policy or your personal data:

Mindoo AI BV — Data ProtectionEmail: dpo@mindoo.aiAddress: Moonsstraat 29 B302, 2018 Antwerpen, BelgiumEnterprise number: BE1018909873

Related documents

  • Patient Privacy Notice - how patient and clinical data is processed through the Mindoo platform (Mindoo as data processor)
  • Terms of Service - terms for patients and healthcare professionals using Mindoo

Blue mindoo character
Orange mindoo character
Pink mindoo character
Green mindoo character
Purple mindoo character

Because healthcare is already stressful enough.

Create breathing room for your team,

without hiring more people to do boring admin work.

Book a demo
Mindoo logo
navigation
HomeProblemSolutionAgents
legal
Privacy PolicyTerms of Service
social
LinkedIn
Mindoo character floating on a cloud