How Mindora processes data

This policy explains what data Mindora collects when users take self-report tests, create an account, use paired comparisons, invite observers, or request AI analysis. It is written for an international product with an emphasis on transparency, GDPR principles, and safe interpretation boundaries.

Last updated: June 16, 2026

What data we collect

Account data: email, name or display label, language, country, and profile settings.
Test answers, calculated factors, facets, open-reference comparisons, HTML/PDF reports, and test history.
Paired and observer flows: invitation codes, comparison context, invitation status, and participant results.
Technical data: IP address, user-agent, session cookies, login time, security events, and basic server logs.

Why we use data

To create accounts, save result history, and recover unfinished test sessions.
To score tests, display reports, generate PDF/HTML files, and give users access to their own results.
To create paired reports, observer reports, and invitations only when the user initiates them.
To protect accounts, limit abuse, debug the product, and improve the service at an aggregated level.

GDPR legal bases

For users in the European Economic Area, Mindora is designed around GDPR principles: transparency, data minimisation, purpose limitation, security, and user control over personal data.
Depending on the scenario, processing may rely on service performance, user consent, legitimate interest in product security, or compliance with legal obligations.
Mindora does not use test results for automated decisions that produce legal or similarly significant effects.

Cookies and sessions

Mindora uses technical cookies for login, language preference, account protection, and account-area functionality.
Marketing cookies and third-party analytics should be added only after they are described in this policy and, where required, after user consent.

AI analysis and third parties

If a user starts a deep AI analysis, Mindora sends structured test results to the connected AI service, such as the OpenAI API, to generate an additional interpretation.
AI analysis starts only after an explicit user action. It is not a professional assessment and should not be treated as a final judgement about personality.
Data may be shared with hosting providers, infrastructure services, AI providers, payment providers once payments are enabled, and security services if they are described in the product and contracts.

International transfers

Mindora is intended as an international product. Infrastructure, AI providers, or payment services may be located outside the user’s country or the European Economic Area.
Before a public commercial launch, the concrete processors, data-processing agreements, and applicable safeguards for GDPR scenarios should be reviewed.

User rights

Under applicable law, a user may request access, correction, deletion, export, restriction of processing, or objection to processing.
A dedicated channel for these requests will be added to the product. Before public launch, use the project owner’s contact channel.
Users should not enter medical diagnoses, documents, card numbers, or other data that is not needed to take a self-report test.

Retention and deletion

During development, results and account data are stored while they are needed for service operation, debugging, security, and user history.
Before commercial launch, specific retention periods, export flows, and a clear account-deletion path should be defined.

GDPR reference

Primary source: Regulation (EU) 2016/679, General Data Protection Regulation.

For Mindora, the most important points are processing transparency, data-subject rights, and caution around automated decision-making.

Regulation (EU) 2016/679, General Data Protection Regulation

The English version of this document is the official controlling version. Translations are provided for user convenience. If language versions differ, the English version prevails.