Privacy Policy

TABLE OF CONTENTS

1. WHAT WE DO
2. INFORMATION WE COLLECT
3. HOW WE USE YOUR INFORMATION
4. LEGAL BASIS FOR PROCESSING (GDPR)
5. DATA STORAGE AND RETENTION
6. YOUR DATA CONTROL RIGHTS
7. THIRD-PARTY AI PROVIDERS
8. INTERNATIONAL DATA TRANSFERS
9. TECHNICAL AND SERVICE LOGS
10. COOKIES AND TRACKING TECHNOLOGIES
11. DATA SECURITY
12. CHILDREN'S PRIVACY
13. AUTOMATED DECISION-MAKING
14. YOUR PRIVACY RIGHTS (GDPR)
15. CHANGES TO THIS POLICY
16. CONTACT US

1. WHAT WE DO

Pingmind OÜ operates an AI model aggregation platform that serves as a unified hub for accessing multiple AI models and services. We do not train our own AI models. Instead, we:

• Aggregate and provide access to various third-party Large Language Models (LLMs) and AI services
• Route your prompts and requests to the appropriate AI model providers
• Store your conversation history and prompts to provide continuity in your interactions
• Manage your account, authentication, and billing
• Provide a user-friendly interface for interacting with multiple AI models through a single platform

2. INFORMATION WE COLLECT

Account Information

When you create an account, we collect:

• Email address
• Username and password (passwords are encrypted)
• Display name (optional)
• Profile information (optional)

Chat and Prompt Data

As a core function of our service, we store your interactions with AI models:

• Prompts: The text, questions, or instructions you send to AI models
• AI Responses: The responses generated by the AI models
• Chat History: Your complete conversation threads with timestamps
• Model Selection: Which AI models you chose to interact with

Important: You have full control over this data and can delete entire chat threads or all of your chat history at any time through our interface.

Uploaded Files

We handle uploaded files differently depending on their type:

Documents (PDF, Text Files, Microsoft Office Files)

Pingmind OÜ does NOT store uploaded document files on our servers. When you upload a document:

• The file is transmitted to the AI model as part of a single prompt
• The file is processed in real-time and is NOT saved to our servers
• Subsequent messages in the conversation rely only on the context extracted from the document, not the file itself
• Supported document types: PDF files, text files (.txt, .md, etc.), and Microsoft Office files (.docx, .xlsx, .pptx, etc.)

Important: Once the document is processed, it cannot be retrieved or re-downloaded as we do not retain a copy.

Images

Unlike documents, uploaded images are stored on our servers to enable viewing within chat conversations:

• Images are saved to allow you to view them within your chat history
• Images are stored securely on our servers for as long as the associated chat exists
• You can delete images by deleting the corresponding chat thread or your entire account

Important: To permanently remove uploaded images from our servers, you can delete the specific chat thread containing the images or delete your account entirely.

Payment Information

We do NOT process or store payment card information. All payment processing is handled securely by our third-party payment service provider. We only collect:

• Billing name and address
• Transaction history and invoices (for tax and legal compliance)
• Subscription status and usage limits

Our payment service provider processes your payment method information directly and securely. We never have access to your full credit card numbers or payment credentials.

Technical and Service Logs

We automatically collect certain technical information for service operation, security, and troubleshooting:

• IP Address: Your internet protocol address
• Device Information: Browser type, operating system, device type
• Usage Data: Pages visited, features used, timestamps
• Performance Data: API response times, error logs, system diagnostics
• Security Logs: Authentication attempts, suspicious activity

Important: While you can delete your account and all associated chat/prompt data, we retain technical and service logs (IP addresses, device information, etc.) for security, legal compliance, and system troubleshooting purposes. These logs do not contain your prompts or chat content.

3. HOW WE USE YOUR INFORMATION

We use the collected information to:

• Provide the Service: Route your prompts to AI models, store chat history, and deliver AI responses
• Account Management: Authenticate your identity, manage your account settings and preferences
• Billing: Process payments, manage subscriptions, and send invoices
• Service Improvement: Analyze usage patterns (in aggregate) to improve our platform
• Security: Detect and prevent fraud, abuse, and unauthorized access
• Legal Compliance: Comply with applicable laws, regulations, and legal requests
• Customer Support: Respond to your inquiries and troubleshoot issues

We do NOT use your prompts or chat data to train AI models. We are an aggregation platform, not an AI model developer.

4. LEGAL BASIS FOR PROCESSING (GDPR)

Under the General Data Protection Regulation (GDPR), we must have a valid legal basis to process your personal data. The legal bases we rely on are:

Performance of Contract (Article 6(1)(b) GDPR)

We process the following data because it is necessary to perform our contract with you (i.e., to provide you with the Service):

• Account information (email, username, password)
• Chat history and prompts (to provide AI model interaction services)
• Billing information (to process payments and manage subscriptions)
• Transmission of prompts to third-party AI providers (to deliver AI responses)

Legitimate Interests (Article 6(1)(f) GDPR)

We process the following data based on our legitimate interests, where those interests are not overridden by your rights:

• Security and fraud prevention: Processing technical logs (IP addresses, device information) to protect our platform and users from unauthorized access, fraud, and abuse
• Service improvement: Analyzing aggregated, anonymized usage data to improve our platform's performance and user experience
• Customer support: Using account and interaction data to respond to your inquiries and resolve issues

Legal Obligation (Article 6(1)(c) GDPR)

We process certain data to comply with legal obligations:

• Retaining payment records and invoices for tax and accounting purposes
• Retaining security logs to comply with legal requirements and respond to lawful requests from authorities
• Cooperating with law enforcement when legally required

Consent (Article 6(1)(a) GDPR)

Where we rely on consent as the legal basis, you have the right to withdraw your consent at any time. We rely on consent for:

• Optional marketing communications (if applicable)
• Non-essential cookies and analytics (see Cookies section)

5. DATA STORAGE AND RETENTION

Chat and Prompt Data

Your chat history and prompts are stored in our secure database to provide continuity across sessions. This data is retained:

• Until you manually delete it through our interface
• Until you delete your account (which removes all associated chat data)
• If your account is inactive for more than 2 years, we may delete old chat data after notifying you

Account Information

Your account information is retained as long as your account remains active. Upon account deletion:

• Your email, username, and profile information are permanently deleted
• All chat history and prompts are permanently deleted
• Payment history may be retained for tax and legal compliance purposes (typically 7 years)

Uploaded Files Retention

Different file types have different retention policies:

• Documents (PDF, text files, Microsoft Office files): NOT stored on our servers. These files are transmitted directly to the AI model within a single prompt and are immediately discarded after processing. No copies are retained.
• Images: Stored on our servers to enable viewing within chat conversations. Images are retained until you delete the associated chat thread or your account.

Important: To remove uploaded images from our servers, delete the specific chat thread containing the images or delete your account entirely. Document files do not require deletion as they are never stored.

Technical and Service Logs

Technical logs (IP addresses, device information, error logs) are retained separately for:

• Security and fraud prevention (typically 90 days to 1 year)
• Legal compliance and regulatory requirements (up to 7 years)
• System troubleshooting and performance optimization (typically 30-90 days)

Important: These technical logs cannot be deleted through the user interface as they are essential for security, legal compliance, and system integrity. However, they do not contain your chat content or prompts.

6. YOUR DATA CONTROL RIGHTS

We believe you should have full control over your data. You can:

Delete Chats

Through our interface, you can delete:

• Entire chat threads
• All chat history at once

Deletions are immediate and permanent. We do not keep backups of deleted chat data.

Delete Your Account

You can permanently delete your account at any time through your account settings. This will:

• Permanently delete your account information (email, username, profile)
• Permanently delete ALL of your chat history and prompts
• Cancel any active subscriptions
• Remove your access to the platform

What is NOT deleted: Technical service logs (IP addresses, timestamps, device information) and payment records required for legal compliance remain in our systems but are disassociated from your personal identity.

7. THIRD-PARTY AI PROVIDERS

As an AI model aggregation platform, we transmit your prompts to third-party AI service providers to generate responses. These providers include but are not limited to:

• OpenRouter (for access to various text generation models)
• Replicate (for image and video generation models)
• OpenAI (for specific models like GPT-IMAGE-1 via Replicate)
• Other AI model providers integrated through OpenRouter and Replicate

Important: When you send a prompt, it is transmitted to the selected AI provider to generate a response. Each provider has their own privacy policy and data handling practices.

We recommend reviewing the privacy policies of these providers:

• OpenRouter Privacy Policy: https://openrouter.ai/privacy
• Replicate Privacy Policy: https://replicate.com/privacy
• OpenAI Privacy Policy: https://openai.com/privacy

We only share the minimum necessary information (your prompt and selected parameters) with these providers. We do not share your email address, account details, or payment information with AI model providers.

8. INTERNATIONAL DATA TRANSFERS

As an Estonian company operating within the European Economic Area (EEA), we are committed to ensuring that your personal data is protected when transferred internationally.

Transfers Outside the EEA

Some of our third-party AI providers (including OpenRouter, Replicate, and OpenAI) are based in the United States. When your prompts are transmitted to these providers, your data may be transferred to and processed in countries outside the EEA.

Safeguards for International Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements:

• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with our service providers to ensure adequate protection for your data
• Adequacy Decisions: Where applicable, we transfer data to countries that have received an adequacy decision from the European Commission
• EU-U.S. Data Privacy Framework: Where our US-based providers are certified under the EU-U.S. Data Privacy Framework, transfers are made on that basis
• Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure the protection of your data

Your Rights Regarding International Transfers

You have the right to request information about the safeguards we have in place for international data transfers. To obtain a copy of the relevant safeguards or for more information, please contact us at to@pingmind.io.

9. TECHNICAL AND SERVICE LOGS

We maintain technical and service logs that are separate from your chat data. These logs are essential for:

Security and Fraud Prevention

• Detecting and preventing unauthorized access attempts
• Identifying patterns of abuse or malicious activity
• Investigating security incidents
• Protecting our platform and other users from threats

Legal Compliance

• Responding to lawful requests from authorities
• Complying with tax and financial regulations
• Meeting data retention requirements under applicable laws
• Defending legal claims or enforcing our terms of service

System Performance

• Troubleshooting technical issues
• Optimizing platform performance
• Monitoring service availability and uptime
• Analyzing usage patterns to improve infrastructure

What's in these logs: IP addresses, timestamps, device types, browser information, API endpoints accessed, HTTP status codes, error messages (without chat content).

What's NOT in these logs: Your actual prompts, chat content, AI responses, or personally identifiable conversation data.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to operate our Service, enhance your experience, and analyze usage patterns.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember information about your visit, which can make it easier to use the site and make the experience more relevant to you.

Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of our Service. These include cookies for authentication, security, and session management. These cookies cannot be disabled as they are required for the Service to function.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.
• Analytics Cookies: Help us understand how visitors interact with our Service by collecting and reporting information anonymously. We use this data to improve our platform.

Third-Party Cookies

Our payment processor and certain service providers may set their own cookies. These third parties have their own privacy policies governing the use of such cookies.

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block cookies from particular sites
• Block all cookies
• Delete all cookies when you close your browser

Please note that blocking or deleting certain cookies may affect the functionality of our Service. For more information on managing cookies, visit www.allaboutcookies.org.

11. DATA SECURITY

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls limit who can access your data
• Secure Infrastructure: Our servers are hosted in secure, certified data centers
• Password Security: Passwords are hashed using bcrypt with strong salts
• Payment Security: Payment processing is handled by PCI-DSS compliant third-party payment service providers
• Regular Security Audits: We conduct regular security assessments and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

12. CHILDREN'S PRIVACY

Our Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at to@pingmind.io. We will promptly delete such information from our systems.

13. AUTOMATED DECISION-MAKING

Under GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Our Use of Automated Processing

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Specifically:

• AI Responses: The AI-generated content you receive is not used to make decisions about you. The AI models generate responses based on your prompts, but these outputs do not affect your legal rights or produce similarly significant effects.
• Account Management: Decisions about account suspension or termination are made by human review, not solely by automated systems.
• Fraud Prevention: While we use automated systems to flag potentially suspicious activity, any action taken on your account is reviewed by our team.

Your Rights

If we ever implement automated decision-making that significantly affects you, you will have the right to:

• Obtain human intervention
• Express your point of view
• Contest the decision

14. YOUR PRIVACY RIGHTS (GDPR)

For EEA, UK, and Swiss Residents (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your personal data
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at to@pingmind.io. You also have the right to lodge a complaint with your local data protection authority.

Response Timeframe

We will respond to your request within one month of receiving it. If your request is complex or we receive a high volume of requests, we may extend this period by a further two months. In this case, we will inform you of the extension and the reasons for the delay within one month of receiving your request.

Verification

To protect your privacy, we may need to verify your identity before responding to your request. We will ask you to confirm certain information associated with your account.

Supervisory Authority

If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

As we are established in Estonia, our lead supervisory authority is:

15. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email if the changes are significant
• Post a notice on our platform highlighting the changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

16. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Contact

For questions specifically related to data protection and the exercise of your GDPR rights, you can contact our Data Protection Contact at:

We aim to respond to all data protection inquiries within 30 days.