How we handle your data.

When you complete the diagnostic we store: company name, industry, number of employees, the respondent's role, your answers to the questions, and the AI-generated analysis. If you choose to download the PDF report, we also store the email address you provided.

Company information and answers are stored under legitimate interest, we need the data to deliver the analysis and to allow Mindact to build industry benchmarks (anonymised aggregations). The email is stored with your consent when you request the report, we use it to (a) send the PDF report to you as an attachment and (b) follow up from Mindact.

All data is held with the following subprocessors:

• ·Supabase: primary database, region West EU (Ireland). GDPR-compliant DPA in place.
• ·Vercel: application hosting. Data processing for EU users occurs within the EU. We also use Vercel Analytics for anonymous visitor statistics and funnel measurement, no cookies, no personal identifiers stored.
• ·Anthropic: the AI that produces the analysis. We send your answers and company name (but never your email) so the model can generate the result. Per our agreement with Anthropic: no model training on your data, encrypted transit, and Standard Contractual Clauses (SCCs) for international data transfers.
• ·Resend: email delivery service that sends the report to you. Only your email address, company name, and HPI score are used in the message (not your individual answers). Resend is GDPR-compliant with a DPA in place.

We retain the data until you request its deletion. There is currently no automatic retention cut-off because the data feeds long-term industry benchmarks. If you want your data removed, use the form below or contact us.

Under the GDPR you have the right to:

• ·Request a copy of all data we hold about you (Art. 15)
• ·Have inaccurate data corrected (Art. 16)
• ·Have your data erased (Art. 17), use the form below
• ·Request that we restrict the processing of your data (Art. 18)
• ·Receive your data in a portable format (Art. 20)
• ·Object to our processing (Art. 21)
• ·Lodge a complaint with the Swedish Authority for Privacy Protection (IMY)

Enter the email address you used when requesting the report, or the primary contact you want associated with your company's data. We will delete everything tied to it from our systems.

Questions about your data or this policy? Write to kontakt@mindact.ai. The data controller is Mindact Solutions AB.

If we change the policy, we update this page with a new date at the top. Material changes in how your data is processed are communicated directly if you have provided an email.