Privacy Policy
Last updated: March 2026
1. Data controller
Nine Minds (Magentic BV h.o.d.n. Nine Minds) is responsible for the processing of your personal data as described in this privacy policy. If you have questions, you can reach us at:
2. What data we collect
When you use our services (Digitalisation Scan or Discovery Interview), we process the following personal data:
| Data | Required | Purpose |
|---|---|---|
| Email address | Yes | Sending the report or interview summary |
| Company name | No | Personalising the report |
| Contact name | No | Personalising the report |
| Conversation content | Yes | Generating the report or diagnosis via AI |
| Diagnosis / interview result | Yes | Storing and sending the final report |
| Quality scores (Discovery Interview) | Yes | Evaluating and improving AI interview quality |
| IP address | Yes | Preventing abuse (rate limiting) |
3. Legal basis
We process your personal data on the basis of your explicit consent (Article 6(1)(a) GDPR), which you provide by ticking the consent checkbox before starting the scan. You can withdraw your consent at any time by contacting us at privacy@nineminds.nl. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
4. How we use your data
- To conduct the AI-assisted digitalisation scan and generate a personalised report.
- To send you the scan report by email.
- To prevent abuse of the scan service through rate limiting.
- We do not use your data for automated individual decision-making or profiling within the meaning of Article 22 GDPR.
- We do not sell, rent, or share your data with third parties for marketing purposes.
5. Third-party processors
To provide the scan service, we use the following sub-processors. Each is bound by a data processing agreement and appropriate safeguards:
Anthropic (Claude AI)
Location: United States — Standard Contractual Clauses (SCCs) apply
Purpose: AI processing of conversation and report generation
Brevo (Sendinblue)
Location: European Union (France)
Purpose: Transactional email delivery of the scan report
Netlify / Neon (database)
Location: European Union (Frankfurt, Germany)
Purpose: Hosting and storage of scan data
Cloudflare Turnstile
Location: European Union / United States — SCCs apply
Purpose: Bot and abuse protection on the scan form
6. Retention periods
- Scan data (conversation, result, contact details): retained for 12 months, then permanently deleted.
- IP addresses used for rate limiting: retained for 24 hours.
- You may request earlier deletion at any time — see Section 7.
7. Your rights under GDPR
You have the following rights regarding your personal data:
- Right of access — you may request a copy of the data we hold about you.
- Right to rectification — you may request correction of inaccurate data.
- Right to erasure — you may request deletion of your data ('right to be forgotten').
- Right to data portability — you may request your data in a structured, machine-readable format.
- Right to restriction of processing — you may request that we restrict processing of your data in certain circumstances.
- Right to withdraw consent — you may withdraw your consent at any time without affecting prior processing.
To exercise any of these rights, contact us at privacy@nineminds.nl. We will respond within 30 days.
8. Right to lodge a complaint
If you believe we are not processing your personal data in accordance with the GDPR, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
9. Changes to this policy
We may update this privacy policy from time to time. The most recent version is always available at this URL. If changes are material, we will notify you by email if we hold your contact details.