Back to Home

Privacy Policy

Version 1.0 | Last Updated: 2024-06-28

1. Introduction

MindPower (HONGKONG) Limited ("MindPower", "we", "us", "our", or "Company") governs the collection, processing, and handling of your personal data ("Personal Data") through this Privacy Policy. This Policy applies to all interactions with our websites, applications (including the product KnowMeType), platforms, and services (collectively, "Services"). Your continued use of the Services constitutes binding acceptance of:​​ (i) Our Personal Data processing practices described herein; (ii) The exercise of your rights under applicable data protection laws (including CCPA§1798.120 opt-out rights and GDPR Article 15 access rights). If you decline these terms, immediately discontinue all access and use of the Services.

  1. Data Collection A.Scope of Collection. We collect Personal Data (defined in Section 1) and Usage Data (e.g., IP addresses, device identifiers, browsing activity) solely for purposes essential to: (i) Service functionality and delivery; (ii) Compliance with statutory obligations; (iii) Legitimate business interests under Restatement (Second) of Torts§652A.

B.Conditionality of Service. Your provision of requested information is mandatory where: (i) Such data is legally required; (ii) Objectively necessary to provide core Services (e.g., account authentication, transaction processing).

C.Consequence of Non-Provision. Failure to provide mandatory data will materially impair Service functionality or prevent access to features dependent on such data.

D. Personal Data (i) Definition. "Personal Data" means any information that Identifies or could reasonably be linked to a specific individual (CCPA §1798.140(v)); Is collected through your use of the Services. (ii) Direct Identifiers includes but is not limited to email address, first and last name, telephone number. Indirect Identifiers includes Persistent identifiers (e.g., cookies, device IDs) and Usage Data. (iii) Voluntary Provision. Any data you actively submit to MindPower (e.g., via forms, voice, uploads) is deemed Personal Data. (iv) Exclusions. Does not include: (a) Publicly available government records (Sensitive Personal Data Final Rule §202.226); (b) Aggregated or anonymized data meeting scientifically valid de-identification standards (GDPR Recital 26).

E. Usage Data We collect electronic network activity information automatically generated during your interaction with the Services ("Usage Data"), which constitutes non-personally identifiable information when standing alone but may become linked to Personal Data through combined datasets (CPRA§1798.140(ae)). This includes but is not limited to: IP addresses, device identifiers (e.g., IDFA/AAID), browser/OS metadata, visited page timestamps, session duration, system logs, performance metrics, and diagnostic data. Mobile access additionally captures device-type identifiers, mobile IP addresses, and operating system specifications.

F.Customer Content We collect content you provide to deliver the Services ("Customer Content"), which may include: (i) audio inputs containing Personal Information (e.g., voice recordings referencing identifiers); (ii) contextual data from active applications when using Context Awareness features (e.g., on-screen text for response accuracy optimization); and (iii) pseudonymized text/corrections if voluntarily shared for model training. Such data is processed solely for Service functionality and excluded from secondary uses unless explicit opt-in consent is obtained. You may disable contextual data collection or training contributions at any time via account settings.

G. Third-Party Platforms We may collect limited profile identifiers (e.g., name, email, authorized Voiceprint/Voice) from your third-party accounts (e.g., Google, Facebook, Instagram, LinkedIn, TikTok, WhatsAPP, X) when you opt-in to connect such accounts to our Services. This data is: (i) Strictly limited to what the third party discloses pursuant to your permissions; (ii) Used solely for account authentication and service linkage; (iii) Excludes unauthorized biometric identifiers, financial data, or precise geolocation per Final Rule§202.205. You may revoke access at any time via the third party's platform controls or our privacy settings. Historical data collected prior to revocation may be retained only to comply with legal preservation obligations (e.g., FRCP Rule 37(e)) or enforce existing agreements.

H. Payment Information For Paid Services, our third-party payment processor collects Payment Instrument Data strictly necessary to process transactions, including name, email, billing address, and credit/debit card or bank account details. As an independent data controller, our third-party payment processor processes such data under its privacy policy (Please check the official website of our third-party payment processor you have selected). You retain rights to access and delete financial data per CCPA§1798.100(a), but note: payment data collection is essential for service functionality and cannot be opted out.

I. Voluntary User Contributions You may voluntarily provide supplemental information beyond required Service interactions ("Voluntary User Contributions"), such as product feedback surveys. Such data collection requires separate consent distinct from general Terms of Service acceptance and is processed solely for service enhancement purposes. We do not link Voluntary User Contributions to identifiable individuals unless you explicitly disclose personal identifiers in the content.

  1. Use of Data MindPower processes Personal Data and Non-Personal Usage Data solely for: (i) Service Operation, including providing, securing, and improving Services—Customer Content is used for AI model training only upon your explicit opt-in consent, subject to granular controls in our Data Controls Page; (ii) Essential Communications related to service functionality, security alerts, and account administration; (iii) Compliance with legal obligations (e.g., court orders, tax laws) and Risk Mitigation to enforce terms, prevent fraud, or investigate misuse; (iv) Limited Marketing of Service-related features (e.g., product updates), excluding third-party promotions, with opt-out mechanisms in all communications. The company reserves the right to push marketing information in the form of advertisements within the software. Such actions may be necessary to ensure continuous operation and development. (v) Operational Analytics to enhance user experience, provided such data is aggregated and de-identified per NIST SP 800-188 standards. Digital advertising requires separate consent per CCPA §1798.120(c); sensitive data (e.g., biometrics, health) is excluded from all secondary uses under CPRA §1798.140(ae).

‍We process Personal Data and Non-Personal Usage Data exclusively under lawful bases including: (i) Contractual Necessity where data is strictly required to execute or perform agreements with you per Restatement (Second) of Contracts§205; (ii) Legitimate Interests for operational purposes (e.g., service security or fraud prevention), provided such processing undergoes tripartite balancing tests ensuring your rights prevail under CPRA§1798.140(v); (iii) Consent for non-essential processing (e.g., marketing), requiring prior express opt-in​ revocable via granular controls; (iv) Legal Obligations to comply with binding regulations such as tax laws, court orders, or preservation duties under FRCP Rule 37(e).

  1. Use of Cookies and Other Tracking Technologies MindPower and authorized third parties utilize cookies, pixels, and analogous tracking technologies (e.g., local storage, session identifiers) to collect data about your Service interactions, device attributes, and usage patterns; such collection is governed by our Cookie Policy, which details: (i) Technology classifications (e.g., persistent vs. session cookies); (ii) Specific purposes including service optimization, fraud prevention, and personalized advertising; (iii) User controls for managing preferences via browser settings or opt-out mechanisms.

  2. Online Analytics and Tailored Advertising We engage or will engage third-party web analytics services (e.g., Google Analytics) to analyze Service usage patterns, including referral source attribution, using technologies described in our Information Collection section. Such vendors process data solely to evaluate user interactions with our Services. For tailored advertising, we utilize first-party cookies and similar technologies to optimize marketing for our own products and services based on your engagement, excluding sale or licensing of data to unaffiliated third parties. You retain granular opt-out controls:

(i)Analytics: Install the Google Analytics Opt-Out Browser Add-on; (ii) Advertising: Utilize the NAI Consumer Opt-Out or DAA Consumer Opt-Out, or adjust preferences via Google Ads Settings.

  1. Data Retention​ We retain Personal Data solely for the period necessary to fulfill the purposes outlined in this Privacy Policy, including: (i) Service Delivery (e.g., account management, user-requested functions); (ii) Legal Compliance with statutorily mandated retention periods (e.g., tax laws under 26 U.S.C. §6001, litigation holds per FRCP Rule 37(e)); (iii) Dispute Resolution and enforcement of legal agreements; (iv) Security Enhancement where anonymized data strengthens Service functionality. Upon expiration of the applicable retention period or achievement of the processing purpose, Personal Data is permanently deleted or de-identified. De-identified data may be utilized for any lawful business purpose. Usage Data is retained for a shorter duration unless required for security hardening, Service optimization, or legal obligations.

  2. Data Transfer Your Personal Data may be transferred to and processed in jurisdictions outside your residence (including the United States), where data protection laws may differ. By consenting to this Policy and submitting data, you acknowledge such transfers. MindPower will: (i) Ensure Adequate Safeguards for all transfers through legally enforceable mechanisms (e.g., EU Standard Contractual Clauses or CPRA-compliant data processing agreements) ; (ii) Prohibit High-Risk Transfers to "Countries of Concern" or "Covered Persons" as defined by DOJ Executive Order 14117, particularly involving bulk U.S. sensitive data. (iii) Implement Technical Protections for Restricted Transactions (e.g., encryption, access controls, data minimization) ; (iv) Suspend Non-Compliant Transfers where recipient jurisdictions lack adequacy determinations.

  3. Third-Party Data Disclosures​ MindPower discloses Personal Data solely to the following categories of recipients under strict contractual and legal constraints: (i) Service Providers (e.g., payment processors, cloud/analytics vendors, third-party LLM operators), subject to binding agreements that prohibit secondary uses or data retention beyond 30 days; (ii) Enterprise Customers (e.g., your employer), limited to account/device data necessary for contractual performance; (iii) Legal & Regulatory Authorities where mandated by court order, subpoena, or to protect rights/safety per 18 U.S.C.§2702(c)(4); (iv) Affiliates adhering to this Policy's standards; (v) Advertising Partners (e.g., Google, Facebook, Instagram, LinkedIn, TikTok, WhatsAPP, X) via cookie-based mechanisms governed by our Cookie Policy; (vi) Consent-Driven Third Parties pursuant to explicit user authorization.

  4. Data Security Measures​ We implement technical, administrative, and physical safeguards to protect your Personal Data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. Notwithstanding these measures, no electronic transmission or storage method is 100% secure. We commit to: (i) Incident Response Protocols: Detect and investigate breaches within 72 hours, notify affected individuals if breach risk assessment; (ii) Annual Audits: Conduct internal or third-party penetration testing to validate control efficacy; (iii) Vendor Oversight: Bind service providers to strict data processing agreements prohibiting secondary use or retention beyond operational necessity.

  5. Your Data Protection Rights Under General Data Protection Regulation (GDPR) If you are an EU/EEA resident, you possess the following rights under GDPR Articles 15-22, subject to verification of your identity and statutory exceptions: (i)Access & Portability: Obtain a structured (JSON/XML), machine-readable copy of your Personal Data stored by us; (ii)Rectification: Correct inaccuracies in your Personal Data within ​30 days​ of request submission; (iii)Erasure ("Right to be Forgotten"): Request deletion where no overriding legal basis exists (e.g., tax retention under 26 U.S.C. §6001 or litigation holds per FRCP Rule 37(e)); (iv)Processing Restriction & Objection: Restrict or object to processing, including automated decision-making; (v)Consent Withdrawal: Revoke consent at any time without affecting pre-withdrawal processing.

Submit requests to support@mindpowerhk.com. We will respond within 30 days per GDPR Article 12(3), but may retain data essential for Service delivery (e.g., account credentials). Complaints may be lodged with your local EU/EEA Data Protection Authority.

  1. Children's Personal Data The Services are restricted to users aged over 13 in the U.S. and aged over 16 in non-U.S. jurisdictions. If you are aged under 18: (i) Parental Consent Mandate: Your parent/guardian must provide verifiable consent via written agreement, electronic signature, or credit card validation before you use the Services, except where processed data qualifies as "biometric identifiers" (e.g., fingerprints, facial templates); (ii) Controller Verification Duty: We implement "reasonable efforts" to confirm parental identity through government-issued ID cross-check or zero-knowledge proof protocols; (iii) Parental Control Right: Parents/guardians discovering unauthorized child data submission ​must contact us at support@mindpowerhk.com to trigger immediate deletion under COPPA §312.6(a)(1), subject to forensic audit trails for compliance validation.

  2. Services Providers We engage third-party service providers (e.g., cloud infrastructure vendors, analytics processors, third-party LLM operators) solely to facilitate or deliver Services on our behalf. Such providers access your Personal Data exclusively under binding contractual obligations that: (i) Restrict processing to specified service purposes; (ii) Prohibit secondary use or disclosure beyond permitted tasks; (iii) Enforce data deletion upon service completion or within 30 days.

  3. Links to Third-Party Websites The Services may incorporate third-party links directing to external websites or services​ ("Linked Services"). We disclaim all liability for the content, data practices, or security measures of such Linked Services. Any collection, processing, or disclosure of your information by third parties shall be governed exclusively by their respective privacy policies, not by this Policy. You are hereby advised to review and comprehend the privacy and security policies of any third party prior to submitting personal data to them.

  4. Changes to This Privacy Policy We may periodically update this Privacy Policy to reflect operational changes or legal requirements, with the effective date revised at the policy's inception. Material modifications that materially diminish your rights​ (e.g., expanded data sharing or reduced control options) will trigger individualized notice via email or prominent Service-displayed alerts, designating a reasonable implementation period (typically ≥30 days). Non-material changes (e.g., grammatical corrections) apply immediately upon posting. Updates apply prospectively only and lack retroactive effect. You acknowledge that regular policy review is your responsibility to understand ongoing data practices.

  5. Privacy Notice for California Residents This section supplements our Privacy Policy for California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). You have the right to: (i) Know & Access: Personal Information (PI) collected in the preceding 12 months—including categories (e.g., identifiers, biometric data, geolocation), business purposes (e.g., payment processing, analytics), and third-party recipients—and receive a portable copy in structured JSON/XML format per CPRA §1798.130(a)(2); (ii) Request Deletion of collected PI (subject to statutory exceptions like fraud prevention or legal compliance) and Correct inaccurate PI (e.g., account details) via identity-verified email/SMS OTP requests; (iii) Opt-Out of (a) PI Sale/Sharing for cross-context behavioral advertising using our "Do Not Sell or Share My Personal Information" link, and (b) Sensitive PI uses (e.g., precise geolocation, biometrics) beyond operational necessity via "Limit Use of My Sensitive Information" link per CPRA §1798.121; (iv) Exercise these rights without fee discrimination, though service tiers may reflect ​value-of-data differentials under CPRA §1798.125. Submit verified requests to support@mindpowerhk.com with "CA Privacy Request"; we respond within 45 days​ (extendable once) as mandated by §1798.130(a)(2).

  6. Contact Us For any inquiries regarding this Privacy Policy, please email us at support@mindpowerhk.com.