PRIVACY POLICY
Mindmux CIC · Last updated: March 2026
Mindmux CIC ("we", "us", "our") operates the mindmux platform — a WhatsApp-based support tool for parents and carers of children with Pathological Demand Avoidance (PDA), a profile of autism. This policy explains what personal data we collect, why we collect it, and your rights under UK and EU law.
---
1. WHO WE ARE
---
Mindmux CIC is a Community Interest Company registered in England and Wales. We are the data controller for personal data processed through the mindmux platform.
Contact: info@mindmux.io
---
2. WHAT DATA WE COLLECT
---
• WhatsApp phone number — used to identify your account and deliver messages.
• Message content — conversations you have with the platform (check-ins, quiz responses, social story inputs).
• Care group information — names or identifiers of family members you choose to add, with their consent.
• Usage data — survey responses, content approvals, and completion status.
• Consent records — timestamps and method of consent given by you or care group members.
---
3. HOW WE USE YOUR DATA
---
• To deliver personalised check-ins, social stories, and quizzes to your child via WhatsApp.
• To generate content tailored to your child's needs using AI assistance.
• To notify you of your child's responses and progress.
• To fulfil our legal obligations under UK and EU data protection law.
Our lawful basis for processing is legitimate interests (Article 6(1)(f) UK GDPR) for service delivery, and explicit consent (Article 9(2)(a)) where we process sensitive data relating to a child's health or autism profile.
---
4. DATA MINIMISATION & RETENTION
---
We follow a strict data minimisation approach:
• Recent conversation messages: retained for 14 days.
• Short-term summaries (3-day): retained for 30 days.
• Weekly summaries: retained for 90 days.
• Personally identifiable information (PII) in messages is automatically detected and anonymised before storage.
---
5. CHILDREN'S DATA
---
Our platform is designed to support children with PDA. Where children are under 16, a parent or guardian provides consent on their behalf. We do not collect data from children directly — content is configured by the parent or carer and delivered via WhatsApp.
---
6. CARE GROUP MEMBERS
---
If you add adult members (16+) to your care group, we will send them a WhatsApp message requesting their explicit consent before storing any personal information about them. Until consent is given, their names are anonymised in all stored data.
---
7. WHO WE SHARE DATA WITH
---
We do not sell your data. We share it only with:
• Meta Platforms — to deliver messages via the WhatsApp Business API.
• Cloud infrastructure providers — for hosting and data storage (servers located in the EU/UK).
• AI/LLM providers — anonymised content only, used for generating personalised activities. No raw PII is shared.
---
8. YOUR RIGHTS
---
Under UK GDPR and the UK Data Protection Act 2018, you have the right to:
• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restriction — limit how we use your data.
• Portability — receive your data in a machine-readable format.
• Object — object to processing based on legitimate interests.
• Withdraw consent — at any time, where processing is based on consent.
To exercise any of these rights, contact us at info@mindmux.io. We will respond within 30 days.
---
9. SECURITY
---
All data is encrypted in transit (TLS) and at rest. Flow tokens and sensitive payloads are encrypted end-to-end. We conduct regular security reviews and follow OWASP best practices.
---
10. COOKIES
---
Our WhatsApp-based platform does not use cookies. If you visit our website (mindmux.io), only essential cookies required for site functionality are used.
---
11. CHANGES TO THIS POLICY
---
We may update this policy from time to time. Material changes will be communicated via WhatsApp message to registered users. The "last updated" date at the top of this page will always reflect the current version.
---
12. CONTACT & COMPLAINTS
---
For any privacy-related questions, contact us at info@mindmux.io.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113