How we handle your data.
Plain English. What we collect, where it lives, who can see it, and how we protect it.
Last updated: May 28, 2026
What data we collect
Only what's required to do the job: your business info (hours, prices, services), customer-facing content (FAQs, brand voice), tool credentials (API keys for the integrations you choose), and conversation logs from the AI employees you hire. We don't collect your customers' personal data beyond what flows through your chosen channels (phone, chat, SMS, social DMs) and we don't track or profile end users.
Where it lives & how it's protected
All customer data is encrypted in transit (TLS 1.2+) and at rest (AES-256), hosted on US-based infrastructure. Credentials and API keys are stored in a dedicated secrets manager — never in source code, logs, or backups. We follow SOC 2-aligned controls (access reviews, MFA, least-privilege, audit logging). HIPAA-compatible configurations (signed BAA, isolated environments, additional access controls) are available on the Full Team plan for healthcare and dental clients.
Third-party providers — and what they see
Your AI employees route through these providers under their enterprise zero-retention agreements: Anthropic (Claude) and OpenAI (GPT-4) for language understanding — they see only the conversation snippet needed to generate a reply and don't retain it for training. ElevenLabs for voice synthesis — sees only the text to be spoken. Twilio for phone and SMS — sees the message routing metadata. We use no other third parties to handle your data without your written consent.
Ownership & training
You own your data. AI Minds does not train shared AI models on your conversations, transcripts, customer records, or any content you provide. We don't sell your data, and we don't allow our providers to use it for their model training. We may use anonymized aggregate metrics (e.g. 'average resolution time across SMB clients') to improve our service — never anything identifiable.
Export, deletion & your rights
You can request a full data export anytime — we deliver it within 7 business days in standard formats (JSON, CSV). On cancellation, we export your data and delete what we hold within 30 days unless you ask us to retain it longer. You also have the right to correct, delete, or restrict processing of any personal data — email luis@ai-minds.ai and we'll act within 30 days. We honor CCPA, GDPR, and Texas data-rights requests.
Risks we want you to know about
No system is perfectly secure. The realistic risks: (1) a customer of yours might phish your AI employee — we mitigate this with guardrails and human-escalation rules, but you should still review escalations. (2) Third-party provider outages can interrupt service — we route around them where possible and notify you on incidents lasting more than 15 minutes. (3) If an AI employee makes a mistake on a high-stakes interaction (medical, legal, large refund), you're responsible for the outcome unless we negligently failed to follow your approved configuration. We carry $2M in cyber & E&O insurance for catastrophic events.
Questions, requests, or a privacy concern?
Email luis@ai-minds.ai with the subject 'Privacy' and we'll respond within 2 business days. For incident disclosure or formal data requests, we acknowledge in writing within 24 hours.