MindBoost360

Privacy Policy

Last updated: 1 January 2026

1. Controller

MindBoost360 is the data controller responsible for your personal data. For privacy enquiries, contact us at support@mindboost360.com.

2. Data We Collect

We may collect the following categories of personal data:

  • Identity data: name, email address
  • Usage data: pages visited, features used, session duration
  • Technical data: IP address, browser type, device information, cookies
  • Assessment data: responses to cognitive assessments you voluntarily complete
  • Communications: emails and messages you send us

We do not collect special categories of data (health data beyond voluntary assessment responses) unless you explicitly consent.

3. Legal Bases for Processing (GDPR Art. 6)

  • Consent (Art. 6(1)(a)): marketing emails, optional analytics cookies
  • Contract (Art. 6(1)(b)): processing necessary to deliver our Service
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, service security, analytics to improve the Service
  • Legal obligation (Art. 6(1)(c)): compliance with Dutch and EU law

4. How We Use Your Data

We use your personal data to: (a) provide and improve the Service; (b) personalise your cognitive protocol; (c) send service-related communications; (d) send marketing communications (with your consent); (e) comply with legal obligations; (f) protect against fraud and abuse.

5. Cookies & Tracking

We use cookies and similar tracking technologies. You can control cookie preferences via our cookie banner. We use:

  • Essential cookies: required for the Service to function
  • Analytics cookies: Google Analytics (anonymised IP) — consent required
  • Marketing cookies: Google Tag Manager — consent required
  • Tracking pixels: conversion tracking via Voluum — consent required

6. Data Sharing & Third Parties

We do not sell your personal data. We may share data with:

  • Hosting and infrastructure providers (EU-based where possible)
  • Analytics providers (Google Analytics — EU data processing addendum in place)
  • Payment processors (if applicable)
  • Legal authorities when required by law

All third-party processors are bound by data processing agreements in compliance with GDPR Art. 28.

7. International Transfers

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law. Account data is retained for the duration of your account plus 2 years. You may request deletion at any time.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Access (Art. 15): request a copy of your personal data
  • Rectification (Art. 16): correct inaccurate data
  • Erasure (Art. 17): “right to be forgotten”
  • Restriction (Art. 18): restrict processing
  • Portability (Art. 20): receive your data in a structured format
  • Objection (Art. 21): object to processing based on legitimate interests
  • Withdraw consent: at any time, without affecting prior processing

To exercise these rights, email support@mindboost360.com. We will respond within 30 days.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with the data protection authority in your country of residence. EU/EEA residents may contact their national supervisory authority.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration, in accordance with GDPR Art. 32.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email (if you have an account) or by posting a notice on our website. Continued use of the Service after changes constitutes acceptance.

13. Contact

Privacy enquiries: support@mindboost360.com