mindme← Back

Privacy Policy

Xhuman, Inc.

Last Updated: April 28, 2026

Effective Date: April 28, 2026

Xhuman, Inc. ("we," "us," "our") has established this Privacy Policy to explain how we collect, use, disclose, and protect your information when you use Mindme, our software-as-a-service product, including related software, applications, and websites (collectively, the "Services").

By using our Services, you acknowledge that you have read and agree to all terms of this Privacy Policy. If you do not agree to these terms, please immediately cease using or accessing the Services. We strongly recommend that you read this policy in detail before taking any action.

To provide our Services, we need to process your personal information, including, in some cases, biometric data such as voiceprints derived from voice recordings you provide. If you do not wish to have your personal information processed as described in this policy, or if you are under 16 years of age, please stop using our Services.

We primarily collect and use your information to:

  • Create, train, and operate your Mindme Twin
  • Provide and improve our Services and user experience
  • Facilitate connections and interactions between users
  • Ensure the security and integrity of the platform
  • Fulfill our legal obligations

When necessary, we will share your information with trusted third parties and service providers to provide services, meet legal requirements, and achieve other purposes detailed later in this policy.

1. Information We Collect

We collect personal information that you provide to us, including:

  • Basic Information: first name, last name, email address, password, and your public Mindme handle.
  • Twin Training Data: any text, files, preferences, or other content you submit to train, customize, or update your Twin.
  • Voice Recordings and Biometric Data: if you choose to provide voice recordings, we process those recordings and may derive voiceprints or other biometric identifiers from them in order to generate and operate your Twin. We do not derive biometric identifiers for any purpose other than creating, operating, and improving your own Twin.
  • Email Content and Metadata: if you connect your email account, we access and process the content, headers, metadata, attachments, and other data within your emails as necessary to provide the Service, including training your Twin and drafting and sending emails on your behalf.
  • Calendar Data: if you connect your calendar, we access and process calendar events, attendees, and related metadata as necessary to provide the Service, including drafting and sending invites on your behalf.
  • Profile Data: information contained in your Mindme profile, whether provided by you directly or generated by the Service based on your inputs, including your privacy and visibility settings.
  • Connection and Interaction Data: information about your connections with other Mindme users and your interactions with their Twins (and others' interactions with your Twin), including connection status, messages, and Twin inputs and outputs.
  • Communication Content: any communications we exchange, including support requests, survey responses, or feedback.

We also automatically collect information, including application, browser, and device information (such as device type, operating system, browser information, IP address, and other device characteristics), service usage data (including activity information, diagnostic and troubleshooting information), and information from cookies and similar technologies.

We may also process limited information about third parties contained in emails or calendar events you receive, as necessary to provide the Service. We do not build Twins or profiles on non-users and do not share non-user data with other Mindme users.

Personal information does not include de-identified, anonymized, or aggregated information. When data is de-identified or anonymized, we maintain it in that form and do not attempt to re-identify the information.

2. How We Use Your Information

We use your personal information for the following purposes:

  • Account Creation and Maintenance: We use your basic information to create and maintain your account, which is necessary for fulfilling our contract with you.
  • Creating and Operating Your Twin: We use your training data, voice recordings and biometric data, email and calendar content (if connected), and other inputs to create, train, operate, and improve your Twin, including taking actions on your behalf such as sending emails and calendar invites. This is necessary for fulfilling our contract with you.
  • Facilitating Connections and Interactions: We use your profile data, connection data, and Twin interaction data to facilitate connections and interactions between you and other Mindme users, in accordance with your visibility settings and mutual opt-in consent for connections. This is necessary for fulfilling our contract with you.
  • Customer Support: We use your basic information, communication content, and service usage data to provide customer support, based on our legitimate interest in ensuring you can optimally use the Services.
  • Service Communications: We use your basic information and communication content to send service-related communications, based on contract performance and our legitimate interest in ensuring you can optimally use the Services.
  • Security and Integrity: We process your information to facilitate the security, integrity, and protection of the Services, based on our legitimate interest in maintaining effective operation and delivery of the Services.
  • Legal Compliance: We use your information to comply with legal and regulatory obligations, based on our legitimate interest in complying with laws in the jurisdictions where we operate.
  • Service Improvement: We process your information in aggregated or anonymized form to improve our Services. We do not use your individual user data, voice recordings, or biometric data to train any general AI model or any other user's Twin.
  • Safety and Fraud Prevention: We use your information to promote the safety and integrity of the Services, network, users, employees, and the public, based on our legitimate interest in preventing fraud, unauthorized use, and harmful behavior.

In the European Economic Area and the United Kingdom, where we rely on legitimate interests, you have the right to object to and request restriction of such processing.

3. Voice and Biometric Data

Because Mindme creates a digital twin that may include a voice model, we may derive biometric data such as voiceprints from the recordings you provide. We treat this data with heightened care:

  • Purpose: We collect and process biometric data solely to create, operate, and improve your own Twin. We do not use it to identify you for any other purpose, and we do not use it to train any general AI model or any other user's Twin.
  • Consent: By providing voice recordings and using the Twin features that depend on them, you consent to our collection, storage, and processing of biometric data as described in this policy and our Terms of Service.
  • Sharing: We may share biometric data only with our service providers who assist us in operating the Services, under contractual restrictions on use and disclosure. We do not sell biometric data, and we do not share it with other Mindme users.
  • Retention: We retain your biometric data for the duration of your account, and after termination for the shorter of (i) the period necessary for the purpose of collection, or (ii) three (3) years following your last interaction with the Services, after which it is permanently deleted, except as otherwise required by law.
  • Withdrawal: You may withdraw your consent and request deletion of your biometric data at any time by deleting the relevant recordings, deleting your account, or contacting us at support@mindme.ai.

4. How and Why We Share Your Information

We do not sell your personal information, and we do not share your personal information with third parties for cross-context behavioral advertising. We have not sold or shared personal information of individuals under 16 years of age.

To provide the Services, we may share necessary information with the following categories of third parties:

1. Service Providers

We disclose necessary personal information to third-party service providers who assist in providing the Services, including:

  • Hosting, infrastructure, and communications providers
  • Analytics providers that help us understand how users interact with the Services
  • Payment processors for paid plans
  • Customer support tools
  • Security and fraud prevention providers

2. Connected and Interacting Users

When you opt in to a connection with another Mindme user, certain profile information will be shared with that user as necessary to facilitate the connection. When your profile is set to public, other users may discover and interact with your Twin in accordance with your visibility settings, and your Twin's outputs may be shared with those users. When you interact with another user's Twin, the inputs you submit may be processed by that Twin and visible to its owner. Once shared, the recipient may retain information they have viewed in accordance with their own records.

3. User-Initiated Sharing

When you use sharing features (such as sharing a conversation or Twin output), the recipients depend on whom you choose to share with.

We may share information with advisors, regulatory bodies, or government agencies in the following situations:

  • Responding to legal and regulatory requirements, court orders, or government requests
  • Fulfilling statutory obligations and regulatory requirements
  • Investigating and preventing fraud and security issues
  • Protecting the rights and personal safety of all parties

5. Corporate Account Association

If you register using a corporate email, we may share account existence and basic information (such as email address) with that organization to allow corporate administrators to manage account permissions.

6. Group Internal Collaboration

Based on service efficiency requirements, information may be shared among affiliated companies or group members.

7. Asset Transaction Scenarios

During company mergers, acquisitions, reorganizations, bankruptcy, or other changes in control, your information may be transferred as a transaction asset.

8. Disclosure at Your Request

When you explicitly instruct or contractually stipulate disclosure.

Our Services may include links to third-party websites, whose privacy policies are independent of ours. When you leave Mindme for other websites or use other services, we cannot and have no obligation to protect the personal information you provide on these third-party platforms.

5. Security

We have implemented a series of reasonable technical, administrative, and organizational measures aimed at comprehensively protecting the security of your personal information, including biometric data. These protective measures cover both online and offline environments, with the purpose of preventing the loss, misuse, unauthorized access, disclosure, alteration, or destruction of your personal information.

However, no security system can provide absolute protection. When using our Services, you need to understand and accept this reality: despite our best efforts to protect your information, the risks associated with using our Services ultimately must be borne by you personally.

6. Retention

We retain your personal information only for as long as necessary to provide the Services, fulfill legal obligations, or protect relevant rights. We consider factors such as when the information was collected, service requirements, legal requirements, and security factors to determine retention periods.

For biometric data, the retention rules in Section 3 apply.

When you revoke Mindme's access to your email or calendar, when you delete content from your Twin, or when you delete your account, we will delete the affected data in accordance with our retention schedule and applicable law. When information is no longer needed or you request deletion, we will promptly process it.

We are committed to respecting your control over your personal data while meeting our business needs.

7. Children's Personal Information

Our Services are designed for users aged 16 and older and are not intended for children. We do not knowingly solicit or collect personal information from children. According to our Terms of Service, all users must be at least 16 years old to use our Services (or older if required by local law). If you discover that we have collected personal information from individuals under the minimum age without appropriate consent, please contact us immediately, and we will promptly delete the relevant data.

8. International Data Transfers

To support global business operations, we and our partners may transfer, store, and process your personal information worldwide (including in the European Union, United Kingdom, and United States). For residents of the European Union, Switzerland, or the United Kingdom, we strictly adhere to lawful data transfer mechanisms, such as the European Commission's Standard Contractual Clauses and relevant local regulations (such as the UK's International Data Transfer Addendum), ensuring your personal data receives appropriate protection during cross-border transfers.

9. How You Can Exercise Your Personal Rights

Depending on the laws in your region, you may have the following rights related to your personal information. Even if local laws do not explicitly provide for these rights, we may at our discretion offer you these choices.

  • Right to Access Information and Data Portability: You have the right to obtain a copy of your personal information that we hold, understand how we use and disclose your information, and request that we provide specific information in a standardized, commonly used machine-readable format.
  • Right to Deletion: You can request that we delete your personal information, including biometric data. After account termination, we will process or delete your related information according to our data retention policy.
  • Right to Correction: You can request that we update or correct personal information that you believe is incomplete or inaccurate.
  • Right to Restrict Processing and Object: You can limit or object to our use or transfer of your personal information based on legitimate interests, public interest, or direct marketing purposes. However, we may continue to process your information in situations permitted or required by law.
  • Right to Withdraw Consent: When we process information based on your consent (including biometric data), you can withdraw that consent at any time. This will not affect the lawfulness of our processing of your information prior to your withdrawal.
  • Right to Appeal: If we refuse your request, you can appeal our decision.
  • Right to Complain: You have the right to file a complaint with your local data protection authority.

You can submit requests by sending an email to support@mindme.ai. We will not discriminate against you for exercising your legal rights. To protect your privacy and security, we may verify your identity before processing your request, including asking for additional information. If we cannot verify your identity, we may refuse your request.

Under certain U.S. privacy laws, you can designate an authorized agent to make requests on your behalf. We will require the agent to provide proof of your authorization and may need you to directly confirm your identity.

Please note that the above rights are not absolute and may only apply in specific situations or may be reasonably refused.

10. Contact Us

If you have any questions or concerns about this Privacy Policy, or if you have a complaint, please contact us at support@mindme.ai.

11. Changes to This Privacy Policy

To continuously optimize our service quality, we may periodically update this Privacy Policy. All policy changes will be posted on this page, and significant changes will be communicated to you with reasonable notice as required by law. You can always check the date at the top of the page to see when the policy was last updated. We encourage you to review this policy regularly to stay informed about how we protect your personal information.