PRIVACY POLICY

MindGrix AI Agent Platform

Effective Date: January 1, 2025

Last Updated: January 1, 2025

1. Introduction

MindGrix Ltd. ("MindGrix", "we", "us", or "our") operates an AI-powered customer engagement platform designed for healthcare providers, including dental clinics and wellness centers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Full name

• Email address

• Phone number

• Password (encrypted)

• Role within your organization (Admin, Manager, Staff)

• Organization/clinic name

2.2 Patient/End-User Data

Through your use of our AI chatbot services, the following data may be processed:

• Name and contact information (phone number, email)

• WhatsApp conversation history

• Appointment details (date, time, service type, practitioner)

• Language preferences

• Conversation metadata (timestamps, status, follow-up stages)

2.3 Knowledge Base Content

Data you upload to train the AI agent:

• Documents (treatment information, pricing, FAQs)

• Service catalogs

• Business hours and holiday schedules

• Practitioner information

2.4 Usage Data

We automatically collect:

• Login timestamps and session duration

• Feature usage and interaction patterns

• Device information and browser type

• IP address

• Error logs and system performance data

2.5 Communication Data

• Support tickets and inquiries

• Feedback and improvement suggestions

3. How We Use Your Information

We use the collected information for:

Service Delivery:

• Operating and maintaining the AI chatbot platform

• Processing and managing appointments

• Sending automated reminders via WhatsApp

• Providing customer support

Platform Improvement:

• Analyzing usage patterns to improve features

• Training and optimizing AI responses

• Developing new features and services

Communication:

• Sending service updates and notifications

• Responding to support requests

• Delivering system alerts and security notifications

Legal Compliance:

• Complying with applicable laws and regulations

• Protecting against fraudulent or illegal activity

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted third parties who assist in operating our platform:

Provider

Purpose

Data Shared

WhatsApp Business API (Meta)

Message delivery

Phone numbers, conversation content

Cloud hosting provider

Data storage

All platform data (encrypted)

Analytics services

Usage analysis

Anonymized usage data

4.2 Your Clients' Patients

Your organization controls and is responsible for data shared with end-users (patients) through the chatbot.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of MindGrix, our users, or others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction.

5. Data Retention

Data Type

Retention Period

Account information

Duration of account + 2 years after deletion

Conversation history

As configured by you (default: 12 months)

Appointment records

7 years (healthcare compliance)

Knowledge base documents

Duration of account

Usage logs

12 months

Support tickets

3 years

You may request data deletion at any time, subject to legal retention requirements.

6. Data Security

We implement industry-standard security measures:

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)

• Access Control: Role-based permissions and multi-factor authentication

• Monitoring: 24/7 security monitoring and intrusion detection

• Backups: Regular encrypted backups with disaster recovery procedures

• Auditing: Comprehensive audit logs for all system actions

7. Your Rights (GDPR Compliance)

As a data subject, you have the following rights:

Right to Access: Request a copy of your personal data.

Right to Rectification: Request correction of inaccurate data.

Right to Erasure: Request deletion of your data ("right to be forgotten").

Right to Restrict Processing: Request limitation of data processing.

Right to Data Portability: Receive your data in a structured, machine-readable format.

Right to Object: Object to processing based on legitimate interests.

Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.

To exercise these rights, contact us at: privacy@mindgrix.com

We will respond to requests within 30 days.

8. International Data Transfers

MindGrix is based in Israel, which is recognized by the European Commission as providing adequate data protection. For transfers to other countries, we use Standard Contractual Clauses (SCCs) or other appropriate safeguards.

9. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Cookies and Tracking

Our platform uses essential cookies for:

• Session management

• Authentication

• Security

We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect platform functionality.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email or platform notification.

Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions or concerns about this Privacy Policy:

MindGrix Ltd.

Email: Support@mindgrix.com

Website: www.mindgrix.com