Trust, security &
compliance you can verify.
MindNote is following security checklists for startups and enterprise teams in regulated industries. Your data will train a personal predictive model for your own future note-taking. The future roadmap includes BAA, SOC 2 Type II, and HIPAA compliance.
Where we are,
and where we're going
A transparent view of our compliance program — the certifications already in place and the ones we're working toward.
GDPR Compliant
LiveEU data subject rights — consent, portability and deletion flows live in-app.
GDPR Compliant
LiveEU data subject rights — consent, portability and deletion flows live in-app.
CCPA / CPRA Compliant
LiveCalifornia rights to know, delete and opt-out — fully implemented.
CCPA / CPRA Compliant
LiveCalifornia rights to know, delete and opt-out — fully implemented.
Workspace Isolation
LivePer-tenant access controls isolate every workspace at the data layer.
Workspace Isolation
LivePer-tenant access controls isolate every workspace at the data layer.
PCI DSS — Offloaded
LivePayments are processed by Gumroad, Apple App Store and Google Play Billing. MindNote never sees or stores card or payment details.
PCI DSS — Offloaded
LivePayments are processed by Gumroad, Apple App Store and Google Play Billing. MindNote never sees or stores card or payment details.
SOC 2 Type II
PlannedTargeted as part of our enterprise readiness program.
SOC 2 Type II
PlannedTargeted as part of our enterprise readiness program.
HIPAA + BAA
PlannedHealthcare-grade controls and BAA on the roadmap for regulated customers.
HIPAA + BAA
PlannedHealthcare-grade controls and BAA on the roadmap for regulated customers.
ISO 27001
PlannedTargeted alongside SOC 2 within our broader certification roadmap.
ISO 27001
PlannedTargeted alongside SOC 2 within our broader certification roadmap.
Built for teams that need answers, not promises
Every MindNote workspace ships with the controls your security and legal teams expect.
Your data stays yours
Our AI partners are contractually barred from training on your content. MindNote may use your own notes to power personal suggestions just for you — revocable at any time.
Private by design
Your content is kept separate from every other account. Only you and the people you invite can ever see it.
Authenticated access
Verified email or Google sign-in required. No guest or anonymous access. Session management with automatic renewal.
We never touch your cards
Payments are handled by trusted, PCI-certified providers. MindNote stores zero payment data.
Encrypted end-to-end
Your notes are protected with industry-standard encryption — both in transit and at rest — on a SOC 2-compliant platform.
Compliant partners
We only work with subprocessors who maintain BAA, SOC 2 Type II, HIPAA and GDPR compliance. Full list public.
Everything procurement
will ask for
Browse our agreements, security docs and operational guides. Request restricted items in one click.
Privacy Policy
PublicHow we collect, use and protect personal data — covers GDPR and CCPA rights.
Terms of Service
PublicThe rules of using MindNote.
Data Protection Policy
PublicHow we safeguard, retain and process your data.
Refund Policy
PublicSubscription cancellations, refunds and pauses.
Letter of Intent (LOI)
On requestPre-contract intent template for pilot engagements.
Master Services Agreement
On requestOur standard MSA for enterprise customers.
Data Processing Addendum
On requestGDPR Article 28 DPA covering processor obligations and subprocessors.
Acceptable Use Policy
On requestWhat you can and can't do on MindNote.
Product-Specific Terms
On requestB2B pilot pricing, SLA and feature inclusions.
AI / ML Compliance Addendum
On requestHow MindNote uses AI responsibly — GDPR and EU AI Act compliant.
Compliance-focused help articles
Practical guides written for security, legal and IT teams rolling out MindNote.
Need our LOI, DPA, MSA, or security Q&A?
Tell us a little about your company and we'll send your access code for restricted documents — usually within one business day.