PRIVACY POLICY

1. Introduction

Obsydian LLC, operating as Mind11 ("Mind11," "we," "us," or "our"), provides an operational load intelligence platform designed for first responder agencies. This Privacy Policy describes how we collect, use, store, and protect information when you use the Mind11 platform, website (www.mind11.ai), and related services (collectively, the "Service").

We are committed to protecting the privacy and confidentiality of all users, particularly first responders whose operational readiness data is entrusted to our platform. This policy is written in plain language to ensure transparency.

2. Information We Collect

2.1 Account Information

When an agency administrator creates accounts on behalf of personnel, we collect:

• Name and employee/badge number
• Email address
• Phone number (for SMS notifications and MFA verification)
• Agency affiliation and assigned role (Responder, Wellness Representative, Agency Administrator)

2.2 Operational Load Data

The Mind11 platform processes the following data to calculate operational load scores:

• CAD/RMS incident data: Call types, nature codes, timestamps, and unit assignments uploaded by agency administrators. This data does not contain patient information, victim names, or protected health information (PHI).
• Baseline survey responses: Self-reported operational readiness assessments completed voluntarily by responders.
• MLSI scores: Calculated operational load index values (Alpha through Echo bands) derived from the above inputs.

2.3 Communication Data

• SMS messages sent through the platform (MFA codes, outreach notifications, MAYDAY alerts)
• Demo request form submissions (department name, contact name, email, agency size, discipline)

2.4 Technical Data

• Browser type and version
• IP address
• Device information
• Session cookies for authentication
• Usage analytics (page views, feature usage)

2.5 What We Do NOT Collect

Mind11 is specifically designed to avoid collecting sensitive personal information:

• No protected health information (PHI) as defined by HIPAA
• No clinical diagnoses, treatment records, or medical history
• No free-text clinical notes or counseling records
• No Social Security numbers or financial information
• No biometric data

3. How We Use Information

We use the information we collect to:

• Calculate and display operational load scores (MLSI) for individual responders
• Generate aggregate reports for agency administrators (no individual data exposed)
• Facilitate peer-driven wellness outreach through the Work Queue system
• Send SMS notifications for MFA verification, outreach alerts, and MAYDAY signals
• Authenticate users and manage session security
• Respond to demo requests and customer inquiries
• Improve platform performance, reliability, and user experience
• Comply with legal obligations

4. Data Access Controls

Mind11 enforces strict role-based access controls. Data access is partitioned by role:

These access controls are enforced at the application layer through server-side authorization checks on every data request. They cannot be bypassed through the user interface.

5. Data Storage & Security

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: All data stored in our database is encrypted using AES-256 encryption.
• Database hosting: Data is stored in TiDB Cloud, a SOC 2 Type II certified database service with automatic backups and high availability.
• Authentication: User sessions are managed through cryptographically signed JWT tokens with secure, httpOnly, sameSite cookie attributes.
• Access logging: All access to sensitive data is logged in an audit trail with timestamps, actor identification, and event details.

6. Data Sharing & Subprocessors

We do not sell, rent, or trade personal information. We share data only with the following service providers who are necessary to operate the platform:

We may also disclose information when required by law, court order, or government regulation, or when necessary to protect the rights, safety, or property of Mind11, our users, or the public.

7. Data Retention & Deletion

• Active accounts: Data is retained for the duration of the agency's active subscription.
• After termination: All agency data is deleted within 30 days of account termination or contract expiration, unless a longer retention period is required by law or agreed upon in writing.
• Deletion requests: Agencies may request immediate deletion of their data at any time by contacting [email protected]. We will process deletion requests within 14 business days.
• Backup purge: Deleted data is purged from all backup systems within 90 days of the deletion request.
• Demo request data: Contact information submitted through the demo request form is retained for 12 months, then automatically deleted.

8. Individual Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to access: Request a copy of the personal information we hold about you.
• Right to correction: Request correction of inaccurate or incomplete information.
• Right to deletion: Request deletion of your personal information, subject to legal retention requirements.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to opt out of SMS: Reply STOP to any Mind11 SMS message to opt out of future messages.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt out of the sale of personal information — Mind11 does not sell personal information
• Right to non-discrimination for exercising your privacy rights

To submit a CCPA request, contact [email protected] with the subject line "CCPA Request."

10. Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of personal information, Mind11 will:

• Notify affected agencies within 72 hours of discovering the breach
• Provide a detailed description of the breach, the data involved, and remediation steps taken
• Cooperate fully with agency IT departments and any applicable regulatory authorities
• Comply with all applicable state breach notification laws

11. Children's Privacy

Mind11 is designed exclusively for use by first responder agencies and their adult personnel. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected information from a minor, we will delete it immediately.

12. Cookies & Tracking

Mind11 uses the following cookies and tracking technologies:

• Session cookies: Essential for authentication and maintaining your login state. These are httpOnly and secure.
• Analytics: We use privacy-respecting analytics to understand platform usage patterns. No personal information is shared with third-party advertising networks.

We do not use third-party advertising cookies, tracking pixels, or behavioral targeting technologies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify agency administrators via email. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: