Privacy Policy

Last Updated: November 5, 2025

At Tmind AI ("we," "our," or "us"), we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our websites, products, and services (collectively, the "Services").

1. Information We Collect

We collect information that helps us provide and improve our Services:

  • Account information - name, email, password, institutional affiliation, and role.
  • Usage information - log data such as IP address, device type, browser, and time of access.
  • Training data - text or voice inputs entered during AI simulations. These interactions are synthetic and do not contain real patient health information.

2. How We Use Your Information

We use your data to:

  • Provide, improve, and secure our Services.
  • Manage your account and verify your identity.
  • Support learning and training activities.
  • Communicate with you about updates, support, or service-related notices.

We do not sell or share your personal data with advertisers or unrelated third parties.

3. Data Storage and Security

We take security seriously.

  • All data is stored on Google Cloud Platform (GCP) with AES-256 encryption at rest and TLS encryption in transit.
  • Access to production data is limited to authorized team members under strict role-based permissions.
  • We regularly review logs, update credentials, and monitor for potential vulnerabilities.

4. Data Retention and Deletion

  • We keep your data only as long as needed for operational, legal, or educational purposes.
  • You can request deletion of your account and associated data anytime by emailing hi@tmind.ai.
  • Once verified, your data will be securely deleted from production systems within 30 days.

5. Data Sharing and Subprocessors

To deliver our Services, we work with trusted vendors who meet strong security and compliance standards:

  • Google Cloud Platform (GCP) - cloud hosting and storage
  • OpenAI - AI language model processing
  • Stripe - payment processing

Each subprocessor is contractually bound to protect your data under applicable privacy regulations.

6. Your Rights

Depending on your location and applicable laws, you may have the right to:

  • Access, correct, or delete your personal data
  • Request a copy of your data
  • Withdraw consent for processing

Requests may be sent to hi@tmind.ai, and we will respond within 30 days.

7. Educational Privacy (FERPA Compliance)

For institutional users in the United States, Tmind AI complies with the Family Educational Rights and Privacy Act (FERPA).

When our Services are used by educational institutions (such as universities, colleges, or training programs), all student records and information remain the property and under the control of the institution.

Tmind AI acts solely as a service provider ("school official" under FERPA), processing educational data on behalf of the institution according to their instructions.

We do not share, sell, or disclose student information to unauthorized third parties.

Educational institutions may request deletion or return of student-related data at any time by contacting hi@tmind.ai.

8. Compliance

Tmind AI aligns with the following frameworks and principles:

  • HIPAA (Health Insurance Portability and Accountability Act) - for protection of any health-related data
  • FERPA (Family Educational Rights and Privacy Act) - for educational institutions using our training services
  • SOC 2 Type II readiness - for system security, availability, and confidentiality

9. Updates to This Policy

We may update this Privacy Policy occasionally to reflect product or regulatory changes. If updates are significant, we'll notify you via email before they take effect.

10. Contact Us

If you have any questions or concerns, please contact us at hi@tmind.ai.